From a broken TLS CA, to Facebook, to FIN12 hit and run

Alexandre Blanc CyberSecurity weekly cyber linkedin
Alexandre Blanc Weekly Cyber

Yet another crazy week in cyber, which makes me wonder if there is any quiet week anymore, and, as a lot spoke about mental health as well, how long do you think a human can take all of this ?

Meanwhile, I’m still motivated to do good, and while ransomware gangs make millions every month, we try to get a couple of bucks from people so as we can help secure them (not asking for money, just tough to get organization to spend just enough to protect themselves).

But I’m telling you, this won’t last, ransomware projections are so huge, that we’ll come to a point where, sorry, we don’t take new customers. Scarcity, is where we’re heading, and I’m telling you, find your cyber security partner NOW, because we, skilled humans in this field, are in very limited supply. The illusion of the market may make you think you have choice, but there is a fun fact in the back end, A sells the skills of B, which sells the skills of C, which rely on A for any overflow…… do you see it coming ?

Monica talks Cyber to Alex

Meanwhile, Monica and myself are going to share some insights on our CISO experience, hopefully a series to start in November, and well scheduled (according to her, she likes when things are organized, and it’s good !), and pretty fun (according to me, and her actually, we agree on this)…. (wait, did I mean we don’t agree on everything ? )…. (seems I’m talking to myself now…. ok, let’s move on).

Edit : Monica said that I should say that the audience will have an AWESOME opportunity not only to ask ya questions for this episode but ALSO TO SHAPE OUR NEXT EPISODES and what challenges we address (that’s what she said :P )

Mani got Alex to talk and talk and talk :D

This week as well, did record a 6 min LinkedIn podcast with Mani Keerthi which actually turned to be very relevant in a pretty short time ! Thanks Mani ! :)

And now, finally, this week in 56 points :

1 – Letsencrypt updated their CA (certificate authority) and it went bad for a lot of stuffs – Let’s Encrypt’s root certificate has expired and stuff is breaking all over the place

2 – Surprise, yet another massive leak – US retailer Neiman Marcus confirms Data breach – Just 4.6 Millions customers data

3 – You first need to have proper security posture, otherwise, nothing will help you – US unites 30 countries to disrupt global ransomware attacks

4 – I fixed the issue by dropping any phone call. Only accepting known persons over encrypted channels – FCC orders phone carriers to enforce unlawful robocall blocking

5 – Hacked down to hardware – Flaw in AMD Platform Security Processor Affects Millions of Computers

6 – Cryptoland never cease to amaze me – Crypto platform mistakenly gives $90M to users, asks for refund

7 – Just a reminder, building your security posture, assessing the potential impact and placing proper security controls to mitigate the risk is not optional, unless you absolutely don’t care – Sandhills online machinery markets shut down by ransomware attack

8 – That’s hacking ! The power of technical creativity ! Creating Wireless Signals with Ethernet Cable to Steal Data from Air-Gapped Systems

9 – Clowd style leak ! Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services

10 – Like it or not, patch management is critical – New Atom Silo ransomware targets vulnerable Confluence servers

11 – Good work Europol, some less criminals – Ransomware operators behind hundreds of attacks arrested in Ukraine (doesn’t calm down anyhow, but that’s already something ! )

12 – Learn why privacy and data protection is important (aside of Pandora papers ) – Transnational fraud ring stole millions from Army members, veterans

13 – Quite an interesting take on this one, after all we are in a continuously evolving environment, seeing rising threats, and regulation playing ketchup – Regulations & Ransomware: A Quick Overview

14 – Facebook offline day ! Great for humans mental health, on this linkedin post, I covered, including comment, the whole story, with other, pointing to the BGP error , but we all know the truth : The home router of Mark got powered off as his cat stepped on it, and poof ! Facebook Blames Outage on Faulty Router Configuration

15 – Just don’t SMS, anything you type on it, is being reviewed by thousands of people, indexed, reshared and all – Company That Routes Billions of Text Messages Quietly Says It Was Hacked

16 – Android patch time ! Android October patch fixes three critical bugs, 41 flaws in total

17 – You are hacked ! UEFI (aka BIOS) hacked since 2012 – New UEFI bootkit used to backdoor Windows devices since 2012

18 – Not even out for a day, already broke network support for widely used Intel network/wifi cards – Microsoft confirms Windows 11 issues with VirtualBox, Intel Killer

19 – Do you have accounts without MFA ? unacceptable – Large ransom demands and password-guessing attacks escalate

20 – Almost forgot ! I was on 123CMMC with the awesome Dana Mantilia ! We had a great episode on here :

21 – it’s apache web server patch time ! Apache fixes actively exploited zero-day vulnerability, patch now

22 – It smells a lot like….clowd ! The Telegraph exposes 10 TB database with subscriber info

23 – Root cause is credentials guessing or Brut force, so don’t expose your management networks and have decent governance – Ransomware gang encrypts VMware ESXi servers with Python script

24 – Very positive outcome, some souls got saved from evil thanks to this failure – Facebook outage leads to massive user exodus to Telegram, Signal

25 – You should already know this but a reminder – 3 Ways the Government Can Track Your Phone

26 – Don’t forget, private browsing still allows your Internet Service Provider to see everything you do. Private browsing only protects you if someone looks at your browsing history. Firefox improves advertising tracker blocking in private browsing

27 – Take this as an example ! YOU must do it too on all your accounts – Google to turn on 2-factor authentication by default for 150 million users

28 – Good move, especially that investing less than the payment made to criminals is enough to build your whole security posture and strongly reduce the likelihood of such incident and totally squeeze the potential impact – Ransom Disclosure Act would give victims 48 hours to report payments

29 – Adam will never find a job in IT ever again – Fired IT admin revenge-hacks school by wiping data, changing passwords

30 – The Internet of threats (IoT) and the Industrial Internet of Threats (IIoT), must be sandboxed and protected behind layered defense and zero trust network access control – Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers

31 – Fact is, you need MFA at the very least, and, you should think security architecture with additional controls, such as « geo fencing », and more, capabilities depending. ATO (account take over) attacks increased 307% between 2019 and 2021

32 – The cloud leaks again, I think there might be a medication for this, I mean it can’t hold anything, anything it eats just is spread around…. looks like the cloud is sick to me. The entirety of Twitch has reportedly been leaked, Source codes and user payouts among the data released in a 128GB torrent

33 – All these connected crap will get you killed ! STOP connecting everything, this is absolute non sense ! Medtronic urgently recalls insulin pump controllers over hacking concerns

34 – The cloud is a tool, powerful, sensitive and dangerous, that criminals masters ! Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms

35 – Backups are only a corrective measure, it means, it’s the ultimate resource you should nod need for recovery – CISO Point Of View ‘Mashup’: The Importance of Securing Storage & Backup

36 – You are hacked, you just don’t know it yet ! This malware is active since 2018 ! Criminal Hackers use stealthy ShellClient malware on aerospace, telco firms

37 – Good move, but, now that Pandora box is open, I’m afraid it’s too late – European Parliament calls for ban on AI-powered mass surveillance

38 – Challenging times ahead. We know compliance doesn’t equal security, but, self regulation has proven to be ineffective – New Regulations Are Coming — Get a Handle on Your App Portfolio

39 – There is no such thing as free lunch ! Firefox now shows ads as sponsored address bar suggestions

40 – Diversity is critical to ensure resilience. Monoculture is lethal everywhere – Netherlands orders Apple to offer more App Store payment methods

41 – No comment – Microsoft fixes bug blocking Azure Virtual Desktops security updates

42 – How do you like your Yamale ? Some like it hot, hot yamale ! Snake yamale ! Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects

43 – Full unauthenticated remote access, anybody can watch your b…eer – Unpatched Dahua cams vulnerable to unauthenticated remote access

44 – A good reading about pentest on your (not actually yours, but ok) AWS stack – Penetration Testing Your AWS Environment – A CTO’s Guide

45 – If you self host an onionshare instance, make sure you patch – Serious Data Exposure Vulnerabilities Spotted In OnionShare Platform

46 – Good move, no longer have to guess editor’s website, find terms and conditions and discover how to unsubscribe – Apple now requires all apps to make it easy for users to delete their accounts

47 – I don’t take calls anymore except through encrypted channels – Fraudulent robocalls to cost consumers $40 billion in 2022

48 – Cut the BS and do it right or don’t do it ! U.S. govt to sue contractors who hide breach incidents

49 – A good reading about these ICS affected by vulnerabilities – Four Critical Vulnerabilities Discovered in Bosch Rexroth WEB Interfaces

50 – An apache patch patching the patched apache as it didn’t patch patchingly ! Apache emergency update fixes incomplete patch for exploited bug

51 – Automated detection and response is mandatory ! No time, the only time you have is the time to be encrypted ! FIN12 hits healthcare with quick and focused ransomware attacks

52 – How would your organization detect and respond to such incident ?
What is your RPO ? Recovery Point Objective define how much data you’ll lose between last valid and tested backup, and restore time.
What is your RTO ? Recovery Time Objective defines how long it will take for you to recover – Engineering giant Weir Group hit by ransomware attack

53 – Attribution is always a tricky game. Proxy, fork anyone ? But for sure, it’s easier to have visibility when you collect telemetry (backdoor) from most of the computers in the world ;) Microsoft: Russian state hackers behind 53% of attacks on US govt agencies

54 – hard coded credentials + cloud is a recipe for disaster :) leak accelerator :) BrewDog exposed data for over 200,000 shareholders and customers

55 – Rootkit active for 18 months, just spotted now – Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems

56 – All your eggs in the same basket ! Monoculture and Market Share: The State of Communications
and Collaboration Software in the US Government

And that’s about it for this week, good enough I guess !

Have a good weekend all ! See you on here hopefully next week !

Alexandre Blanc Cyber Security

Total post views 310 total views, Today post views 1 views today

Yes we can fix this mess, but do we want to ? That’s another story

Alexandre Blanc CyberSecurity weekly cyber linkedin
I wonder if I’ll end in the linkedin top voices list this year….yes, curious to know :)

Before going to the list of key #cybersecurity event we saw this week, I wanted to quickly speak about solutions. I present all these incidents and news, hoping that people who read, actually understand better the threat landscape and get better prepared.

Today, and for a while, there are technical solutions against all the incidents we see, many many options are available, allowing you to place the right security controls, at the right place, to properly mitigate risks, and mostly remove the impact of incidents.

Yes, you need to spend some money, and yes, you need just a little effort. But in the end, this is way better than being the next one in the news, feeding criminals and transnational criminal organizations with your data, your customers data, your employees data etc.

Yes, backup are absolutely needed, but no, they are not a proper strategy AGAINST ransomwares and breaches. They are just corrective controls, it means, they are in, too late. They are absolutely needed, but in case of data loss etc, can’t help against data theft.

If you know what you do, and you have a good security architecture, you know your inventory, data flows, assets, you’re good. If you don’t know all of this, then, get support from MSSP. I sure work for VARS Corporation, so, I know the tools we use, and I can honestly tell you, they work. We mitigate incidents. There are certainly others, providing similar service levels, so go, find your managed security partner, and get your stuff in order. We can obviously be the one.

We all offer, maturity audit, cyber security audit, gap analysis against a framework (NIST CSF, ISO, CMMC, you name it, mostly sharing the same goal and means anyways), but if you have to take action, for quick win, go for XDR, Email advanced security, dark web monitoring, as starting point. That good old 80 / 20 rule…. FACT, no BS, that the best bang for your bucks to begin with.

An absolute key point to me : Mix the providers, integrated solutions, but different tools, it’s almost digital suicide to rely on a single tool provider. A huge SPOF (single point of failure), you must apply the basics, which is overlapping security controls, and these, from different vendors. Because when vendor 1 backend is hacked (like solarwinds, or azure, or mostly all of them), you need to have a trigger from vendor 2 solution.

This week in 74 points, which I think is the worst (biggest) amount of news I did since I started this newsletter :

1 – NIST comes with some ransomware guidance, always good to have a baseline – NIST Issues Cybersecurity Framework for Ransomware Risk Management

2 – Not like if you haven’t been warned, real leak, or cover to allow what would normally be illegal data use – Clubhouse leaked data trove including phone numbers isn’t as bad as it sounds (don’t worry, nahhh)

3 – Astonishing that people still blindly trust tech and Internet ! hackers steal $17,000 in ‘double your cash’ scam

4 – Got to love the #clowd and big tech abuses – When the FBI seizes your messages from Big Tech, you may not know it for years

5 – OT / industrial cyber risk is tricky. Ask questions about probabilities like we did 10 years ago and you get answers that just don’t work well – Mark Fabro, President & Chief Security Scientist at Lofty Perch joins the podcast to look at the modern way to model risk

6 – New Android malware, a lot of them lately, don’t blindly trust applications – New Android Malware Steals Financial Data from 378 Banking and Wallet Apps

7 – You can not trust technology – Malicious ‘Safepal Wallet’ Firefox add-on stole cryptocurrency

8 – DMARC, SPF, DKIM, all help to avoid domain impersonation – How Does DMARC Prevent Phishing?

9 – Everything is infected, do you have the proper tools to detect and respond to cyber threats ? A New Jupyter Malware Version is Being Distributed via MSI Installers

10 – Organizations don’t chose to go multi-cloud most of the time, they fail on multiple cloud and end up in nightmare situations – How to avoid the pitfalls of multi-cloud strategy deployment

11 – The cloud is addicted to leaks, so it postpone the suppression of unsafe protocols for a year – Microsoft will disable Basic Auth in Exchange Online in October 2022 ( I know I blame the cloud once again)

12 – Good to see an article about SIEM/SOC and the evolution of the SIEM toward modern environment – Next Generation SIEM/SOC: Formula 1 vs. Rally

13 – You are a target (yes, anyone, and you) – New malware steals Steam, Epic Games Store, and EA Origin accounts

14 – You are hacked, do you even see it ? Russian Turla APT Group Deploying New Backdoor on Targeted Systems

15 – I’m sure your MSSP provider reminded you how critical it is to have XDR protection on your domain controllers as well – Microsoft Warns of ‘FoggyWeb’ Malware Targeting AD FS Servers

16 – Connected cars will get you killed remotely – Yes, Car Hacking Is a Reality. Here’s How Can You Protect Your Fleet

17 – Crimecoins – Ethereum dev admits to helping North Korea evade crypto sanctions

18 – This was an absolutely unexpected stat ! Women, Minorities Are Hacked More Than Others

19 – It’s Qnap patch time ! QNAP fixes critical bugs in QVR video surveillance solution

20 – Why the cloud is exploding your costs and killing your business, and how you should carefully take load out of the dangerous cloud – Cloud Computing Like a Day in a Chocolate Factory for IT Managers

21 – Malware analysis, Blacktech in Japan is active at least ince 2018 – Malware Gh0stTimes used by attack group BlackTech

22 – Jealous of the cloud rip off performance, Veeam decided to follow the ransomware gang by taking a lot more money from the dumb customers – Socket to me: Veeam instance license confusion

23 – Privacy focused video conferencing solution – What started as a small video conferencing service for friends and family, my friend Mitchell Cohen, continued to grow and build a great product

24 – Good job, some less scammers in the place ! Ukraine takes down call centers behind cryptocurrency investor scams

25 – This is very cool ! Some good stuff for exchange servers – New Microsoft Exchange service mitigates high-risk bugs automatically (hoping they don’t break everything to push you to cloud…)

26 – Don’t fall for the scam ! Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

27 – Nice tool, for both offensive and defensive work ! TruffleHog – Now a Browser Extension That Detects Secret Keys In JavaScript

28 – Tuesday, auth0 had 2 regions down, US-1 and EU, which did lead some customers and users not able to login

29 – An interesting document from CISA and NSA about picking the proper VPN for your remote needs – Selecting and Hardening Remote Access VPN Solutions

30 – What could possibly go wrong – Master Lock Introduces New Bluetooth ProSeries Padlocks – Wireless is weak !

31 – When threat actors sells surveillance kits to law enforcement and apply full obfuscation – SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever

32 – Cloud glitched Wednesday ! Twitter web client outage forced users to log out, blocks logins

33 – Cloudy days this week, auth0, twitter, O365, did sound a lot of coincidence to me – Microsoft 365 MFA outage locks users out of their accounts

34 – Was Atlassian patch time – Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns

35 – October is the Cyber Security month, and this sponsored article bring some hints and tools to fulfill what you can do during this time ! Essential Toolkit for National Cyber Security Awareness Month

36 – One may wonder why would Facebook care about app privacy ? Obvious, data is Facebook value, while there is no issue for them to take data, there is no way they’ll let anyone mine theirs – Facebook Releases New Tool That Finds Security and Privacy Bugs in Android Apps

37 – Lesson is : when attackers gets in, you lost, it’s too late – Trucking giant Forward Air reports ransomware data breach

38 – Great reading, understand that as soon as you outsource, you are hacked – Cyberspace, Cybergames, and Cyberspies

39 – You understand that internet is a battlefield, the team behind solarwinds hack is still out there, actively hacking – New Tomiris backdoor likely developed by SolarWinds hackers

40 – It’s not new, been on incident response and they wiped the NAS and other backups, but they automated now, especially destroying VEEAM backups – Conti Ransomware Expands Ability to Blow Up Backups

41 – Lovely, the cloud ruined your life. So much for « play protect » BS, and others « just use the official store it’s safe » – New Android malware steals millions after infecting 10M phones

42 – Reminder : cloud=leak – Apple iCloud Private Relay Service Glitch Exposes Users’ Real IP Addresses

43 – Fun thing to see all this big tech with AI, ML, security center and all, and yet, threat actors do business as usual – Threat Actors smarter than you and big tech Weaponize Telegram Bots to Compromise PayPal Accounts

44 – Some accurate advice here rather than in the article :
1 – duct tape against the leaks
2 – hope it will only happen to others
3 – no duck given, it’s not our data anyways
3 Security Initiatives AWS’s New CEO Should Prioritize

45 – Big move here, more and more, big player buy their #cybersecurity company as it seems the market is growing – Akamai acquires Guardicore to expand its zero trust security portfolio

46 – You are hacked, you just don’t know it yet – New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit

47 – Due diligence is the process where you assess that the scoped area is actually matching your requirements, and allows to validate a possible integration or state of things – New CyCognito Report Reveals Subsidiaries are Global Enterprise Achilles Heel; Increasing Attack Surface and Exposure Drawing in Attackers

48 – Implementation flaws and API, the usual recipe for disaster – Salt Security Finds Widespread Elastic Stack API Security Vulnerability that Exposes Customer and System Data

49 – Dangerous to be a #cybersecurity CEO with « suspicions of high treason » because of sharing threat intelligence – Russia arrests cybersecurity firm CEO after raiding offices

50 – Microsoft will raise the price of O365 by 25% next year, because now they hold you by the … data, so you just shut up and pay.

51 – Somehow there are losers in the cloud world domination game – How IBM lost the cloud

52 – Interesting statistics about ransomware threat actors. Who they are and their market share – The Top Ransomware Threats Aren’t Who You Think

53 – We know wireless is weak, and in this case, same as the cloud, we got huge implementation failure – Thousands of University Wi-Fi Networks Expose Log-In Credentials

54 – Just a reminder, stealing from :
– Steam
– Epic Games Store
– EA Origin
Stealing :
– Cookies
– Passwords
– Bank cards

BloodyStealer Malware Steals Cookies, Passwords, Bank Cards From Gamers Browser

55 – Nice self assessment tool – ImmuniWeb Launches Free Cloud Security Test to Detect Unprotected Storage

56 – This, AND, knowing the cloud leaked all biometric data it ever collected, this is clearly not a good option – How much trust should we place in the security of biometric data?

57 – Smartphone for payments is an absolute joke – Apple Pay with VISA lets hackers force payments on locked iPhones

58 – Wireless is weak – Apple AirTag Zero-Day Weaponizes Trackers – Apple’s personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS

59 – An interesting take about identity consolidation in the cloud – The Need For Identity Consolidation In The Cloud – In an obvious initial approach, goal is to consolidate and bring relevant views of different events across platforms. An evolution of the SSO (single sign on).
On my side, it triggers a question of who decide what proves we are who we are. It’s totally fine for an organization to consider as many non invasive solution to achieve this goal.
It’s a whole other question when it comes to defining our identity in society.

60 – The cloud is as blind as its customers !!! New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

61 – If you don’t care about privacy and use chrome, then it’s patch time for you – Google Emergency Update Fixes Two Chrome Zero Days

62 – How has this even been deployed without proper shielding ?! – Military’s RFID Tracking of Guns May Endanger Troops

63 – Reaching the ransomware infection is NOT an option. You must have proper defenses in place – RansomEXX ransomware Linux encryptor may damage victims’ files

64 – it’s #QNAP patch time again ! QNAP fixes bug that let attackers run malicious commands remotely

65 – Big or small doesn’t matter, threat actors will go for every targets ! JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data

66 – Do not fall for the scam ! You’d get hacked – Fake Amnesty International Pegasus scanner used to infect Windows

67 – Rootkit is back on stage lately – GhostEmperor hackers use new Windows 10 rootkit in attacks

68 – Digital transformation killed data governance, we totally lost control – Content sprawl is increasing the risk of data breaches and leaks

69 – When the cloud industry starts to feel the heat, they try to throw some rocks at gov, without cleaning anything in front of their door – Trusted Cloud Principles (lol, we are in the zero trust era due to you cloud, lol again)

70 – The cloud, continuous implementation failure ! Because the cloud is failure by design ! Criminal Hackers rob thousands of Coinbase customers using MFA flaw

71 – Technology is under attack, I don’t think people stand a chance sadly – Flubot Android malware now spreads via fake security updates

72 – Can you keep up ? New APT ChamelGang Targets Russian Energy, Aviation Orgs

73 – Don’t blindly pull apk android software from the cloud and internet cesspool – Hydra malware targets customers of Germany’s second largest bank

74 – At least someone looking at this ! Let’s hope the solution won’t be « let’s throw this is the clowd » ! The FCC proposes rules to fight SIM swap and port-out fraud

What a CRAZY week in the news !

Have a great week end all, as usual, zero BS cyber security.

Total post views 280 total views, Today post views 1 views today

Criminals are still dominating the game, why are we doing so wrong, and what can we learn in this tech ocean ?

Alexandre Blanc CyberSecurity weekly cyber linkedin
Sept 2021, and criminals are still winning the game, despite all the cloud sparkles

Each week is a learning opportunity, we learn from incidents, we learn from vulnerabilities, we learn from others, and we learn while sharing. Yet, all claiming to have the silver bullet, and in reality, it’s just widely inapplicable to the reality of businesses.

The tech world is echoing so strongly its own stuff, that it doesn’t hear the market and businesses anymore. All sailing in a digital storm in a weak boat, trying to stay afloat, while pirates, whoever their sponsor are, are riding on jet-skis with extreme agility.

The cloud is like a big ship, offering for smaller ones (SMBs etc) to host their critical assets, but the cloud, is also a huge marketplace, and you have no idea about what happen to your assets in these big ships, but one thing is sure, the space is expensive, and loading or unloading your assets is very expensive and dangerous, not forgetting the pirates on their jet-skis jumping on any chunk they can catch or poison.

Can I stop here without thinking about phishing ? Nah, there is big phishing going on as well, this is an ocean after all ! Are you credentials (be them password, biometric, certificates or whatever serves as key, doesn’t matter, all the same) going to be served on the next dark web sushis plate ? (sorry if you are allergic to phish :P )

This week in 49 points :

1 – Why do you continue to connect your private life to dangerous technology ? Something I don’t get ! Serious RCE Vulnerabilities Found In Motorola Halo+ Baby Monitor

2 – When you build your cyber security posture, it’s also to protect yourself from organized crime, especially transnational criminal organizations like these. You are a target. Europol links Italian Mafia to million-dollar phishing scheme

3 – Don’t fall for the scam ! (again) – A New Wave of Malware Attack Targeting Organizations in South America

4 – An interesting event ahead, about API security lifecycle – Taking charge of the API security lifecycle

5 – Don’t fall into the expired certificate trap ! Hacked sites push TeamViewer using fake expired certificate alert

6 – And the cloud continues to ruin millions of lives, this is unbelievable – Payment API Bungling Exposes Millions of Users’ Payment Data

7 – Are you the next in line ? Or will you take care of the key security controls to enhance your posture and reduce risk and imlact ! US farmer cooperative hit by $5.9M BlackMatter ransomware attack (When I posted did one, I did not know a second farmer cooperative would fall just a few days after as well… sad)

8 – Outlook have trouble supporting hardware MFA – Microsoft investigates Outlook issues with security keys, search

9 – A feeling of déjà-vu ? Republican Governors Association email server breached by state hackers

10 – And the cloud leaks and leaks and leaks (I’m sorry, these are just the news, but they confirm cloud=leak, non stop) – EventBuilder misconfiguration exposes Microsoft event registrant data

11 – My podcast recording with Debbie Reynolds about data and privacy – On episode 46 of The Data Diva Talks Privacy, Debbie Reynolds talks to Alexandre BLANC Cyber Security

12 – WordPress as any other online system must be kept up to date and you must enable MFA on it, there are tons of free 2FA/MFA solutions for it – New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin

13 – Encrypted by ransomware in the cloud – Marketron marketing services hit by Blackmatter ransomware

14 – This is exactly where working with specialists like VARS, who does the heavy lifting for you – 77% of execs concerned about security tools gaps in their company

15 – There are so many surveillance out there that you can’t pee without being noticed – Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate

16 – What to do when your cloud based phone provider is down by DDoS attack ? phone services disrupted by DDoS extortion attack

17 – A well done whitepaper on managing your assets in an hybrid environment (which means cloud and on prem) – 6 best practices to stay secure in the hybrid cloud

18 – it’s VMware Vcenter patch time due to critical vulnerability – VMware warns of critical bug in default vCenter Server installs

19 – A reminder that state sponsored actors are playing on the same network as the one you connect everyday ! Turla APT Plants Novel Backdoor In Wake of Afghan Unrest

20 – Mac OS is as vulnerable as other systems, sadly, critical vulnerabilities appear on a regular basis – Unpatched High-Severity Vulnerability Affects Apple macOS Computers

21 – Cut the money, that should change things. Making attack useless, force threat actor to take risky workaround, hopefully this will help – US sanctions cryptocurrency exchange used by ransomware gangs

22 – Less effort also means less control – Is Low Code development the biggest cyber threat?

23 – it’s netgear patch time again ! Netgear fixes dangerous code execution bug in multiple routers

24 – OpenOffice patch time, but patch is not yet in binary :) only in source code so far – A malicious document could lead to RCE in Apache OpenOffice (CVE-2021-33035)

25 – Watch for nagios updates ! New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures

26 – For having been using Cynet for months, and providing it as part of managed solution, I can tell you this is the real deal – How Cynet’s Response Automation Helps Organizations Mitigate Cyber Threats

27 – Big tech summarized ! Creepy data collection and sharing remain common on popular apps

28 – The new world order – Whole cloud spending to surpass $1.3 trillion by 2025

29 – If you work in cyber security, you obviously manage risk all the time, speaking about risk posture, vulnerabilities, exploits etc – What Is Cyber Risk Quantification

30 – Do not wait to build your security posture ! NO ONE WILL DO IT FOR YOU IF YOU DON’T trigger the change ! FBI, CISA, and NSA warn of escalating Conti ransomware attacks

31 – And you think you can negotiate with criminals ? Nope – How REvil May Have Ripped Off Its Own Affiliates

32 – Apple trying to bring TLS security – Apple will disable insecure TLS in future iOS, macOS releases

33 – Another ransomware victim in the farming industry – Second farming cooperative shut down by ransomware this week

34 – Microsoft exchange seems pretty neglected lately, or heavily targeted – Microsoft Exchange Autodiscover bugs leak 100K Windows credentials

35 – Disgusting state of the art ! Introducing vulnerability, not fixing it, and pretending that only using manufacturer privacy invasive security tool can fix the issue ! A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit

36 – Turn off wireless when you don’t use it, or get hacked ! Wireless is weak ! Bluetooth Vulnerability: Arbitrary Code Execution On The ESP32, Among Others

37 – Don’t fall for the scam, don’t click, never apply an update from a site that was not supposed to manage your system (ie any site) – New Android Malware Targeting US, Canadian Users with COVID-19 Lures

38 – Another HUGE #clowd win ! Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers

39 – How well do you know your attack surface ? Do you have a live inventory of all your digital assets and full deep visibility on all your cloud workloads, audit capabilities ? Cring Ransomware Gang Exploits 11 Years Old Adobe Bug & Take Over ColdFusion Server Remotely

40 – Big tech abuses and lies start to have massive effect ! 76% of individual are legitimately scared of technology, knowing they are at greater risk of having their identity stolen – Consumers taking action to protect themselves online, though confidence is low

41 – Amazon really want my pictures ! They send me this non stop ! I think $12 is cheap to know my whole life whereabouts ! Yes, it’s about data collection, and not about backing up your picture

42 – Great detailed analysis of the extend of how threat actors will exploit a vulnerability, and achieve lateral move, while capitalizing on all the available information found during the operation – FamousSparrow: A suspicious hotel guest

43 – Interesting take, and so true. In rush to the dangerous cloud, trying to catch up with digital transformation and feeding their FOMO, organizations totally drops their responsibilities on the Confidentiality and Integrity part of their data management – 76% of IT Teams Are Prioritizing Business Continuity Over Security. Why Not Have Both?

44 – As you can’t embed security solutions, neither easily patch IoT devices, you must adjust your security architecture accordingly – 100M IoT Devices Exposed By Zero-Day Bug

45 – Once again, Apple patch time ! Apple fixes another zero-day used to deploy NSO iPhone spyware

46 – And the cloud leaks, it’s all about stealing data after all – Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses

47 – it’s CISCO patch time again – Cisco fixes highly critical vulnerabilities in IOS XE Software

48 – It’s sonicwall patch time again – SonicWall fixes critical bug allowing SMA 100 device takeover

49 – They do something, but it’s funny – Microsoft rushes to register Autodiscover domains leaking credentials

And this is closing a loaded week, as I’ve been (actually almost about to be in my second panel today at the Titaniam Red summit) and other speaking engagement such as the XDR MSS summit, I can’t wait for the weekend to rest quite a bit :P

Seeing you all next week, most likely for a new weekly !

Enjoy !

Total post views 331 total views

vendredi, septembre 24th, 2021 cloud, clowd, Cyber Security, Paranoïa, Technologie Aucun commentaire
Not f'd — you won't find me on Facebook
décembre 2021

Suivez moi sur twitter - follow me on twitter
[FSF Associate Member]
Free Software, Free Society
Compacter une image virtualbox VDI
Bon petit tutoriel esxi
Marche d'appliances vmware
Installer ESXi sur un disque IDE
Installer ESXi 3.5 sur un disque USB
Installer proxmox avec DRBD et migration / réplication à chaud
Installer OSSEC avec VMware
Information sur le VDI
Ouvrir des ports dynamiquement iptables - knockd
Autre tres bon tuto knockd
Docs Arp poisoning - Anglais
Metasploit test de pénétration
Zone H - sites piratés en temps réel
Blog invisible things
Tips protection sécurité wordpress
Pfsense - distribution firewall opensource - adsl internet failover
Iproute 2 mini how to - linux advanced routing
ClearOS - la passerelle sécuritaire lan - wan
CDN - Accélération de la distribution de données
drbd iscsi ocfs2 dm multipath tutoriel
Load balancing LVS
Load balancing opensource list
HA-Proxy :
HAproxy - http load balancer
Simple tutoriel HAproxy
HAproxy - debian tutoriel
Centos - Ip failover
Configuratoin DM-Multipath Redhat
VMware Doubletake - continuité
Quelques liens sur la réplication MySQL : Manuel MySQL, chapitre sur la réplication
Manuel MySQL, Tutoriel clair sur la mise en place
Autre tuto sur la mise en place de la réplication MySQL
Références pour optimisation du serveur MySQL
Utilisation de EXPLAIN mysql pour optimiser vos bases
optimiser vos bases - requetes et index
Un outil de clonage disque en reseau
Internet NAS 250Go 250 accès VPN
Server ISCSI avec Ubuntu tuto
ISCSI centos redhat tutoriel
Gérer et étendre un LVM
Créer sa piratebox ! trop cool
Deaddrops, les clés USB dans les murs, aussi cool !
Télécharger Xenu
Comment utiliser Xenu
optimisation hébergement wordpress
Super howto wordpress (En)
Test de charge serveur web - Load impact
Zeroshell - le mini-routeur wifi tout en un
Retroshare, votre réseau d'échange crypté!
Openvpn sur centos redhat
Intégrer Linux dans active directory
Routage inter-vlan avec Linux
Routage avec OSPF
Network Weathermap
Boutons twitter
Analyser les tendances des recherches Google
Protocole sitemap - robots.txt
Creer des animations CSS3
Code php pour interagir avec twitter
E reputation
TRUCS ET ASTUCES GNU/LINUX : - Actus et tips linux
Configurer GRUB2 et grub2 ici
Panoet - en anglais - tips & tricks
Readylines tips and trick pertinents
Squid Clamav - proxy antivirus
Apprendre Unix en 10 minutes
13 tips sur les expressions régulières
IE Sous linux IES
LDAP 2.4 Quickstart guide
Tutoriel LDAP
Installation annuaire LDAP
Serveur Mail Postfix - Dovecot - LDAP - MDS
Créer un linux personnalisé en ligne - custom linux
Super site sur linux - en
Capistrano - déploiement automatisé
Nagios tutoriel et doc
Nagios plugin NRPE tuto
Nagios plugin NRPE autre tuto
Nagios plugin NRPE officiel
Zabbix - fonctionnalités
Zabbix - installation
Guide MRTGsys - grapher la charge locale
MRTGsys - ajouter des graphs
MRTGsys - interpréter les données
Shinken - Monitoring
Thruk Monitoring webinterface
Shinken - Tutoriel
Shinken - Référence chez Nicolargo
RemixJobs IT jobs
USB Multiboot
Reset mot de passe windows
Java python et autres tips, intéressant !
Forum inforeseau
Open Clipart
Excellent comic en ligne