Technologie
They lock the door for privacy… but they keep a copy of the key, and couple of backdoors
What a week ! 2 Conferences in a row (Canadian Chamber of Commerce and MSS Great lakes), and as many opportunities to share awareness and make more people, hopefully decision makers, wondering about security by design.
Speaking at conferences is requiring a lot of focus, because we represent our employer, so we must be perfect, and we need to understand the audience, in order to share a message that can be understood. Basically translating the state of technology, digital transformation, the threat landscape evolution, the threats, the risks and the impacts.
Basically explaining that you, plugging your connected toaster, allowed to take down a nuclear power plant safety network….. kind of huge shortcut, but also true (IoT, DDoS, IIoT etc).
Conferences are also a great place, even virtual, to meet other experts. I have many contacts made from these events, and when we are placed together on a stage, despite what our linkedin message look like, we see if we are aligned or not. Most of the time, we are.
This week on 54 points on my blog as usual :
1 – The tool is the product of a growing industry whose work is usually kept from the public and utilized by police – SHADOWDRAGON: INSIDE THE SOCIAL MEDIA SURVEILLANCE SOFTWARE THAT CAN WATCH YOUR EVERY MOVE – You are watched way more than you think, by a lot of actors, as your digital footprint grows exponentially with time. The absolute zero privacy of the cloud doesn’t help protecting ourselves either.
2 – Exactly the kind of BS that will make me boycott a brand like Canon – Canon sued for disabling scanner when printers run out of ink – But it’s good to see that consumers are tired of technology abuses, and actually go and sue big tech. Go people go, it’s time for tech to be the product again, not us !
3 – Don’t think China is behind, it’s way ahead – China’s Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes – This hacking challenge in China has proven they can hack any tech in a few hours, so much for our super secure stuff :P almost laughable…
4 – Even for criminals, connected=hacked – REvil ransomware shuts down again after Tor sites were hijacked – this is kind of ironical isn’t it ?
5 – You Know it’s coming, you know threat actors and APTs (advanced persistent threats) are on the rise, but you don’t adjust your posture accordingly – Sinclair TV stations crippled by weekend ransomware attack – The sad part is all these attacks can be prevented by security basics. Another sad part is that a majority of ransomware victims do pay the criminals and finance their growth and innovation, as time goes, they are ever stronger, we are ever weaker. Cyber Security is a journey, not a step.
6 – Security cameras, when connected, are also our worst weakness – Credit card PINs can be guessed even when covering the ATM pad
7 – WordPress plugin patch time ! Critical Vulnerabilities Discovered in Fastest Cache Plugin For WordPress – oh my penguin, I’m currently hosting this on wordpress….quick check on plugins and wordpress version, up to date, all good, ….. hot tamales !
8 – Private data centers are on the rise – 400GbE data center switch ports shipments to exceed 10 million this year – As we’ve seen the cloud failed at #cybersecurity, because they do not achieve CIA, Confidentiality, Integrity, Availability… they only manage to get the Availability part…. mostly. So it’s not surprising to see serious business considering data protection to run on private datacenter, private cloud, or make sure they encrypt any data BEFORE it reaches the extremely dangerous cloud.
9 – An isolated workspace for high-risk user activities which you can try for free – Hysolate Free for Isolating Endpoint Threats
10 – MFA is absolutely mandatory these days, because the whole world try to guess your password, or already have it thanks to the leaky cloud, you can’t not have it – How to Use MFA to Achieve Regulatory Compliance
11 – Don’t fall for these, the cloud is poisoned and delivers malwares – TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings
12 – Applying #cybersecurity best practice should be a continual effort to stand a chance against criminal groups – State-backed hackers breach telcos with custom malware
13 – The infected cloud try to clean up – Twitter Suspends Accounts Used to Snare Security Researchers
14 – Cyber battlefield, cloud + internet, a world of threats – Suspected Chinese hackers behind attacks on ten Israeli hospitals
15 – Powershell should be disabled for your users as a general rule, it’s the first execution of choice by threat actors (check MITRE ATT&CK matrix) – Microsoft asks admins to patch PowerShell to fix WDAC bypass
16 – Failry good points on here – How to Prevent Ransomware: 15 Ways to Prevent the Next Attack
17 – Don’t fall for the scam, typo squatting, domain squatting and URL shortener are extremely efficient cyber weapons – FBI warns of fake govt sites used to steal financial, personal data
18 – From gangbang to karma, isn’t that ironic ? New Karma ransomware group likely a Nemty rebrand
19 – Meanwhile in the threat landscape TA505 Gang Is Back With Newly Polished FlawedGrace RAT – TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages.
20 – No bla bla, fact, crime is growing like the dark star in the fifth element, each time some pays, it expands ! 2021 State of Ransomware Report Reveals 83% of Victims Paid to Get Data Restored
21 – When was the last time you had a conversation with a CISO ? Ransomware attack disrupts production at Ferrara Candy, maker of Brach’s Candy Corn
22 – Do it right, if you fail learn, because if you don’t learn, attackers will learn – Acer hacked twice in a week by the same threat actor
23 – TPM mandatory they said – Microsoft issues advisory for Surface Pro 3 TPM bypass vulnerability
24 – What ? the cloud hacked ? BS, the cloud is as strong as the Titanic ! Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services
25 – Supply chain and third party risk management is a challenging task – Damages Escalate Rapidly in Multi-Party Data Breaches
26 – Do not pay ransoms, do not finance crime ! Just stop doing that ! BlackByte ransomware decryptor released to recover files for free
27 – While most SMBs have not yet an idea of what is CASB, meanwhile, threat actors build their market relax in plain sight – Zerodium wants zero-day exploits for Windows VPN clients
28 – Cloud based VPN leak as cloud ! VPN Exposes Data for 1M Users, Leading to Researcher Questioning
29 – Internet is a battlefield, and cyber incidents grow everywhere – DDoS attacks against Russian firms have almost tripled in 2021
30 – if gummies take your cookies, your sessions are out – New Gummy Browsers attack lets hackers spoof tracking profiles
31 – Do learn from this ! You can’t trust what tech shows or tell you – Deepfake Audio Scores $35M in Corporate Heist
32 – As usual « Its activity starts with the execution of a PowerShell command that downloads a malicious payload from the specified URL, pointing to an available C2 server » Restrict the use of powershell only to users who need it (yes, you can do it with a GPO) – New PurpleFox botnet variant uses WebSockets for C2 communication
33 – Still in public cloud ? lol – Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique
34 – How to make different worlds in organizations, working together efficiently and keeping low risk – A practical framework for solving the infosec – infrastructure battle over enterprise storage security
35 – If you don’t protect your internet browsing tools and sessions, they’ll be stolen – Youtubers accounts hijacked with cookie stealing malware
36 – The cloud is putting transnational criminal on steroid supporting their activities without being able to identify criminals from legit users – Russian Cyber-Criminals Switch to Cloud (the current site you are reading is NOT in the cloud, and yet you can still read it…. ohhhhhhh)
37 – Maybe it’s a good time to switch to 7zip – Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer – Vulnerable because it’s a non free open source software, the issue is because of the end of trial notification
38 – nteresting evolution from the leading XDR solution in the market – Product Overview: Cynet SaaS Security Posture Management (SSPM)
39 – Still blindly pulling anything from internet and the cloud into your code and playing Russian roulette with your deliverables ? Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices
40 – what authority has the US on Israel, the most advanced cyber place on this matter ? one can wonder – U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes
41 – Smartphone are not allowing privacy – Smartphone counterespionage for travelers
42 – Transnational criminal organizations now go through frontshop to hire ethical hackers for their « pentest » teams, while the engagements are fake and goal is get initial access to deploy ransomware – Hacking gang creates fake firm to hire pentesters for ransomware attacks
43 – More focus on security for android (but not on privacy :p ) – Google Buckles Down on Android Enterprise Security
44 – Youtube and the cloud used for cyber attacks, Modus operandi is that threat actor produce a video explaining how to fix a commonly researched issue, and advise to download a tool for the purpose, which tool is actually a virus – Massive campaign uses YouTube to push password-stealing malware
45 – Threat actors move faster than regulations – Evil Corp demands $40 million in new Macaw ransomware attacks – Changing name and accounts quickly to avoid bans, yet still efficiently active
46 – Potential massive supply chain attacks ahead ? Gigabyte Allegedly Hit by AvosLocker Ransomware
47 – An ongoing malware distribution campaign targeting South Korea is disguising RATs (remote access trojans) as an adult game shared via webhards and torrents – RAT malware spreading in Korea through webhards and torrents
48 – Oupsie, know bunch of military tools that will suffer from this, coming Oct 24th – GPS Daemon (GPSD) Rollover Bug
49 – Prevention, detection and immediate response over cyber threat is critical.
In regards to data protection, governance and privacy, letting a successful ransomware attack succeed is NOT AN OPTION ! Italian celebs’ data exposed in ransomware attack on SIAE
50 – NO CONFIDENTIALITY IN THE CLOUD – October 2021, Microsoft teams only start to consider end to end encryption and offer optional confidentiality, for a small subset of users, not enabled by default, ONLY on one to one calls – Microsoft Teams adds end-to-end encryption for one-to-one calls – Cybersecurity core is CIA (Confidentiality, Integrity, Availability), the cloud NEVER achieve confidentiality, so the cloud can’t be secured, cyber security can’t happen in the cloud.
51 – Certificates are blindly signed by the cloud allowing threat actors to hijack any network traffic they want – Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild
52 – The cloud is putting corporate infrastructure at risk – Threat Actors Abuse Discord to Push Malware
53 – Powershell is the mainly used tool for successful malware attacks and lateral movements – Lyceum Hackers Stealing Credentials Windows By Deploy Keylogger Using PowerShell Scripts & .NET RAT
54 – For threat modeling, to understand adversaries, and learn about compensation measures, MITRE ATT&CK is a gold mine of knowledge – Released: MITRE ATT&CK v10
And that would be it, yes there are huge cloud issues, and no easy fix. Cloud stores so much of our PII and we can’t have it protected, so this is very very bad. Alternatives are not simple, and we know that convenience always wins, so, sharing this, my hope, is that people get more aware, don’t blindly trust the cloud and expect privacy. Meanwhile, we need to look as more privacy focused solution than the public cloud, as it’s not suitable for anything else than public data. Build your security posture, don’t be the next ransomware victim, because cloud or not cloud, you’ll be targeted.
Have a good weekend all !
Worst is yet to come, but they all warned you
CISA, FBI, Cyber Security specialists, they all warned you, I warned you, and I continue to do so.
Transnational criminal organizations, criminal hackers, are only getting better, and more organized. They have always been, but they are getting better and evolve faster.
This also means that YOU, and YOUR ORGANIZATIONS, must take this in consideration, and must adjust your posture according to this. Your risk register must be updated, and the likelihood of cyber events, at least should be raised or reviewed, especially on the ransomware side.
Doing so should put some level above the threshold you established, and some items that where falling under the « risk acceptance » option, will fall under the unacceptable, requiring compensation measures.
So you will update your security plan accordingly, while you adjust your risk posture.
A reminder on the risk management strategies :
- Risk Avoidance – Change organization practices to avoid the risk
- Risk Transference – Take an insurance, move the risk to a third party, BUT, keep in mind, there is no way you transfer 100% of the risk, which means, you need mitigation !
- Risk Mitigation – Take action design to reduce the likelihood or impact of a risk
- Risk Acceptance – After analysis, determining if cost makes the compensation irrelevant, then acceptance is the option
- Risk Deterrence – Dissuade a threat to happen, which can only be applied to risks that can be affected by controlled factors
So you’ll place security controls, which are procedures and mechanisms that an organization puts in place to manage security risks.
You’ll follow the defence in depth approach, multiple controls for one objective, overlapping security controls.
These security controls fall under 3 categories :
- Preventive, the goal being for the incident not to happen (you have a raid, so as when a disk dies, you don’t lose the data)
- Detective, goal is to identify a failing preventive security control, or an incident
- Corrective, restoring backups, because preventive controls failed, detective was missed, and you lost the data.
For each category above, you have many controls available (remember, people, process and technology somehow) :
- Technical controls (technology based, like a firewall)
- Operational controls (processes carried by humans)
- Management controls ( conducting risk assessments, security planning, change management etc).
When your risk register is complete, you have the assessment done (exposure factor, single loss expectancy, you got your Annual Loss Expectancy by multiply SLE x ARO as in anual risk occurence), and you get a quantitative and qualitative assessment.
Your goals are defined via RTO (recovery time objective), RPO (recovery point objective), MTD (maximum tolerable downtime), and you know your MTTR (mean time to repair).
If you don’t know what adversary risks (aside of all the other existing risks) your organization face, have look to MITRE ATT&CK and check if anything is applicable to you, and therefore, if you have matching controls in place.
This week in the cyber news, helping you to have a real view of the threat landscape and what happens to others, so as you can actually review your posture, and adjust the above listed risk approach accordingly.
This week in 60 bullets :
1 – You are a target, you may just not be watching your logs – North American Orgs Hit With an Average of 497 Cyberattacks per Week
2 – Do you have the proper security posture for today’s threat landscape ? Cox Media Group confirms ransomware attack that took down broadcasts
3 – Phishing is still dominant, very cheap, with good success rates – Intuit warns QuickBooks customers of ongoing phishing attacks
4 – There is something brewing in the #cybersecurity market. A change to come within 6 months to 1 year ( I make the prediction :) ) – Do you have an MSSP partner already ? Who are you going to call during the next incident ? (Nope, Ghostbusters are busy)
5 – Security can be an illusion ! Reverse engineering and decrypting CyberArk vault credential files
6 – it’s iOS patch time again ! Yes, the iPhone, iPad, iPod, iSuck and all their invasive stuff – Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks (that was 3 days ago, hopefully you updated already)
7 – it’s #libreoffice and #openoffice path time ! LibreOffice, OpenOffice bug allows hackers to spoof signed docs
8 – Technology is the art of deception, and bugs left on purpose are often state sponsored, which can lead to frustration of researchers – Researcher Disclosed Telegram Vulnerability, Refused Bounty For Staying quiet
9 – The cloud more and more targeted and hacked – Huawei Cloud targeted by updated cryptomining malware
10 – spying, hacking, stealing IP, research and trade secrets is a reality. Don’t think you are not a target – Nuclear engineer’s espionage plans unraveled by undercover FBI agent
11 – Cyber battlefield, you are all connected to it – Indian-Made Mobile Spyware Targeted Human Rights Activist in Togo
12 – Don’t wait for an incident ! Your defenses must detect and respond against these quickly – Pacific City Bank discloses ransomware attack claimed by AvosLocker
13 – Transnational crime scoreboard : REvil/Sodinokibi accounting for 73% of ransomware detections in Q2 2021
14 – The threat landscape on ransomware is shifting, while we saw some focusing on encryption and giving up on stealing files, some groups now only focus on this approach – SnapMC hackers skip file encryption and just steal your files
15 – The cloud is an expensive scalable mess – Microsoft revokes insecure SSH keys for Azure DevOps customers
16 – The cloud attacked more and more, a growing target facing growing amount of challenges to keep up – Microsoft: Azure customer hit by record DDoS attack in August
17 – The cloud is infected, so much for « play protect » ! Photo editor Android app STILL sitting on Google Play store is malware
18 – Protecting your private keys is even more critical when you use wildcard certificates – NSA warns of wildcard certificate risks, provides mitigations
19 – Ransomware threat actors are coming after the cloud, and cloud workload holding your data are at risk – AWS ransomware attacks: Not a question of if, but when (90% of the S3 buckets at risk ! )
20 – Happy to see in my sponsored feed some more consideration on the cyber threat landscape handling, especially the ransomware side of things – Hysolate CTO and Co-Founder Tal Zamir presents at the recent IT Pro – Information Week Conference ‘Defending Against Ransomware
21 – A quick take at what happened to Facebook, short and straight to the point – The Facebook outage and network configuration
22 – Don’t worry, it’s just exploited since January – Microsoft Fixes Zero-Day Flaw in Win32 Driver
23 – Interesting approach from dutch police speaking to criminals – Dutch police send warning letters to DDoS booter customers
24 – The cloud is such and easy shiny target, corrupt one, corrupt them all – Office 365 Spy Campaign Targets US Military Defense
25 – Supply chain poisoning by cloning (or forking), easy, cheap and efficient ! PyPI removes ‘mitmproxy2’ over code execution concerns
26 – Connected = hacked – FreakOut botnet now attacks vulnerable video DVR devices
27 – Would you be able to detect and respond to such attack ? AND, do you have enough cash to hold 1 or 2 weeks for when your bank falls offline ?! Cyberattack shuts down Ecuador’s largest bank, Banco Pichincha
28 – Some good, and some bad – Australia to tackle ransomware data breaches by deleting stolen files
29 – pros and cons as usual – EU legislation introduced to ban anonymous domain registration
30 – Internet is a battlefield, a bias machine, and the cloud is a steroid for disinformation and leaks – A Close Look at Russia’s Ghostwriter Campaign
31 – Your wallet has (had) a hole and it leaks your assets – Critical Flaw in OpenSea Could Have Let Hackers Steal Cryptocurrency From Wallets
32 – Want it or not, the cloud leaks – Verizon digital carrier Visible customer accounts were hacked
33 – The cloud is now widely recognized as a threat, and we see more and more solutions coming on the market for organizations that need to place data in the cloud, but don’t want their data stolen, abused, mined etc. – New Vaultree Encryption-as-a-Service Keeps Cloud Data Fully Encrypted
34 – When technology and politics collide – Russia and China left out of global anti-ransomware meetings
35 – jealous of Facebook maybe, all the big players must have their AS config fail, it’s like a prerequisite to join the table – OVH hosting provider goes down during planned maintenance
36 – A 2 minutes video that allows you to get the ICS challenges of today, well done – « ROUNDS #1 – STRONG GUARD » about industrial control systems
37 – When the marketplace competes with its sellers, the deck is stacked – the company ran a systematic campaign of creating knockoffs and manipulating search results to boost its own product lines in India, one of the company’s largest growth markets
38 – Be aware that this is a reality in many places, assumed guilty and jailed. Given how technology is all fake and lies, you can only guess how easy it is for anyone to be sent in jail on fake proof – Belarus: Joining banned Telegram channels will land you in prison
39 – What did you do to avoid this ? Are you sure you have the proper people, processes and technologies in place and it is well implemented ? Acer confirms breach of after-sales service systems in India
40 – As predicted, the growth of ransomware is started, and that’s only the beginning. No fear mongering, FACTS ! New Yanluowang ransomware used in targeted enterprise attacks
41 – The clowd as well. pile of lies – Washington Attorney General says Facebook knowingly lied in lawsuit testimony
42 – Big tech and clowd style – Apple silently fixes zero-day Flaw without Crediting the finder
43 – ou can’t even know what’s in your IoT, and you blindly trust the cloud ? Organizations losing business due to connected product security concerns
44 – Interesting stats, based on what people gave to google via virus total (BTW, never upload confidential documents on this platform ! Nor in online translation tools, they are all using the data and selling it on the free accounts) – VirusTotal Shares Data on Ransomware Activity
45 – So tempting to play big brother when you have access to all the data in the world – Microsoft will put government and police contracts through independent human rights review
46 – Are you sure you are not providing computing resources to transnational criminal organization (or the cloud :p ) – MyKings botnet still active and making massive amounts of money
47 – WordPress plugin patch time : Brizy Page Builder – Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers
48 – MFA anyone ? hopefully you also use a password manager and a unique password for each and every services – Thingiverse Data Leaked — Check Your Passwords
49 – Big tech abuses cleanup time, happy to see some action – FTC fires warning shot at 700 leading companies about fake reviews
50 – At some point common sense should come back and we should stop connecting everything and anything, building dangerous data lakes etc – University of Sunderland announces outage following cyberattack
51 – SIP can also lead to massive take over – Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones
52 – A malware on top of a spyware ! Malicious Chrome ad blocker injects ads behind the scenes
53 – Layered security and overlapping security controls are needed – 13 Vulnerabilities Discovered in a Widely Used Industrial Router
54 – Interesting but, can this be done ? Governments worldwide to crack down on ransomware payment channels
55 – Getting on the path to massive casualties – US government discloses more ransomware attacks on water plants
56 – Good old email, if you don’t have independent advanced email filtering, you should talk to your MSSP, in most case it’s affordable and deployed in less than a day – Russian cybercrime gang targets finance firms with stealthy macros
57 – Don’t worry, it’s only data after all – Twitch downplays this month’s hack, says it had minimal impact
58 – As part of your incident response plan, you should have a communication plan, and ideally bring transparency – Accenture confirms data breach after August ransomware attack
59 – Cyber crime supply chain is constantly enhancing. Is your posture adjusting too ? Attackers Behind Trickbot Expanding Malware Distribution Channels
60 – Where do you stand with your patch management ? Server Patching Best Practices. Stop Patching, Start JetPatching
And that’s all for this week ! Wishing you a good weekend ! That was pretty intense, despite a shorter week here in Canada :D …. what, he’s Canadian ? but he’s got such a French accent… .oh boy, yes, something like that ! :D Find me on linkedin here.
From a broken TLS CA, to Facebook, to FIN12 hit and run
Yet another crazy week in cyber, which makes me wonder if there is any quiet week anymore, and, as a lot spoke about mental health as well, how long do you think a human can take all of this ?
Meanwhile, I’m still motivated to do good, and while ransomware gangs make millions every month, we try to get a couple of bucks from people so as we can help secure them (not asking for money, just tough to get organization to spend just enough to protect themselves).
But I’m telling you, this won’t last, ransomware projections are so huge, that we’ll come to a point where, sorry, we don’t take new customers. Scarcity, is where we’re heading, and I’m telling you, find your cyber security partner NOW, because we, skilled humans in this field, are in very limited supply. The illusion of the market may make you think you have choice, but there is a fun fact in the back end, A sells the skills of B, which sells the skills of C, which rely on A for any overflow…… do you see it coming ?
Meanwhile, Monica and myself are going to share some insights on our CISO experience, hopefully a series to start in November, and well scheduled (according to her, she likes when things are organized, and it’s good !), and pretty fun (according to me, and her actually, we agree on this)…. (wait, did I mean we don’t agree on everything ? )…. (seems I’m talking to myself now…. ok, let’s move on).
Edit : Monica said that I should say that the audience will have an AWESOME opportunity not only to ask ya questions for this episode but ALSO TO SHAPE OUR NEXT EPISODES and what challenges we address (that’s what she said :P )
This week as well, did record a 6 min LinkedIn podcast with Mani Keerthi which actually turned to be very relevant in a pretty short time ! Thanks Mani ! :)
And now, finally, this week in 56 points :
1 – Letsencrypt updated their CA (certificate authority) and it went bad for a lot of stuffs – Let’s Encrypt’s root certificate has expired and stuff is breaking all over the place
2 – Surprise, yet another massive leak – US retailer Neiman Marcus confirms Data breach – Just 4.6 Millions customers data
3 – You first need to have proper security posture, otherwise, nothing will help you – US unites 30 countries to disrupt global ransomware attacks
4 – I fixed the issue by dropping any phone call. Only accepting known persons over encrypted channels – FCC orders phone carriers to enforce unlawful robocall blocking
5 – Hacked down to hardware – Flaw in AMD Platform Security Processor Affects Millions of Computers
6 – Cryptoland never cease to amaze me – Crypto platform mistakenly gives $90M to users, asks for refund
7 – Just a reminder, building your security posture, assessing the potential impact and placing proper security controls to mitigate the risk is not optional, unless you absolutely don’t care – Sandhills online machinery markets shut down by ransomware attack
8 – That’s hacking ! The power of technical creativity ! Creating Wireless Signals with Ethernet Cable to Steal Data from Air-Gapped Systems
9 – Clowd style leak ! Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services
10 – Like it or not, patch management is critical – New Atom Silo ransomware targets vulnerable Confluence servers
11 – Good work Europol, some less criminals – Ransomware operators behind hundreds of attacks arrested in Ukraine (doesn’t calm down anyhow, but that’s already something ! )
12 – Learn why privacy and data protection is important (aside of Pandora papers ) – Transnational fraud ring stole millions from Army members, veterans
13 – Quite an interesting take on this one, after all we are in a continuously evolving environment, seeing rising threats, and regulation playing ketchup – Regulations & Ransomware: A Quick Overview
14 – Facebook offline day ! Great for humans mental health, on this linkedin post, I covered, including comment, the whole story, with other, pointing to the BGP error , but we all know the truth : The home router of Mark got powered off as his cat stepped on it, and poof ! Facebook Blames Outage on Faulty Router Configuration
15 – Just don’t SMS, anything you type on it, is being reviewed by thousands of people, indexed, reshared and all – Company That Routes Billions of Text Messages Quietly Says It Was Hacked
16 – Android patch time ! Android October patch fixes three critical bugs, 41 flaws in total
17 – You are hacked ! UEFI (aka BIOS) hacked since 2012 – New UEFI bootkit used to backdoor Windows devices since 2012
18 – Not even out for a day, already broke network support for widely used Intel network/wifi cards – Microsoft confirms Windows 11 issues with VirtualBox, Intel Killer
19 – Do you have accounts without MFA ? unacceptable – Large ransom demands and password-guessing attacks escalate
20 – Almost forgot ! I was on 123CMMC with the awesome Dana Mantilia ! We had a great episode on here :
21 – it’s apache web server patch time ! Apache fixes actively exploited zero-day vulnerability, patch now
22 – It smells a lot like….clowd ! The Telegraph exposes 10 TB database with subscriber info
23 – Root cause is credentials guessing or Brut force, so don’t expose your management networks and have decent governance – Ransomware gang encrypts VMware ESXi servers with Python script
24 – Very positive outcome, some souls got saved from evil thanks to this failure – Facebook outage leads to massive user exodus to Telegram, Signal
25 – You should already know this but a reminder – 3 Ways the Government Can Track Your Phone
26 – Don’t forget, private browsing still allows your Internet Service Provider to see everything you do. Private browsing only protects you if someone looks at your browsing history. Firefox improves advertising tracker blocking in private browsing
27 – Take this as an example ! YOU must do it too on all your accounts – Google to turn on 2-factor authentication by default for 150 million users
28 – Good move, especially that investing less than the payment made to criminals is enough to build your whole security posture and strongly reduce the likelihood of such incident and totally squeeze the potential impact – Ransom Disclosure Act would give victims 48 hours to report payments
29 – Adam will never find a job in IT ever again – Fired IT admin revenge-hacks school by wiping data, changing passwords
30 – The Internet of threats (IoT) and the Industrial Internet of Threats (IIoT), must be sandboxed and protected behind layered defense and zero trust network access control – Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers
31 – Fact is, you need MFA at the very least, and, you should think security architecture with additional controls, such as « geo fencing », and more, capabilities depending. ATO (account take over) attacks increased 307% between 2019 and 2021
32 – The cloud leaks again, I think there might be a medication for this, I mean it can’t hold anything, anything it eats just is spread around…. looks like the cloud is sick to me. The entirety of Twitch has reportedly been leaked, Source codes and user payouts among the data released in a 128GB torrent
33 – All these connected crap will get you killed ! STOP connecting everything, this is absolute non sense ! Medtronic urgently recalls insulin pump controllers over hacking concerns
34 – The cloud is a tool, powerful, sensitive and dangerous, that criminals masters ! Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms
35 – Backups are only a corrective measure, it means, it’s the ultimate resource you should nod need for recovery – CISO Point Of View ‘Mashup’: The Importance of Securing Storage & Backup
36 – You are hacked, you just don’t know it yet ! This malware is active since 2018 ! Criminal Hackers use stealthy ShellClient malware on aerospace, telco firms
37 – Good move, but, now that Pandora box is open, I’m afraid it’s too late – European Parliament calls for ban on AI-powered mass surveillance
38 – Challenging times ahead. We know compliance doesn’t equal security, but, self regulation has proven to be ineffective – New Regulations Are Coming — Get a Handle on Your App Portfolio
39 – There is no such thing as free lunch ! Firefox now shows ads as sponsored address bar suggestions
40 – Diversity is critical to ensure resilience. Monoculture is lethal everywhere – Netherlands orders Apple to offer more App Store payment methods
41 – No comment – Microsoft fixes bug blocking Azure Virtual Desktops security updates
42 – How do you like your Yamale ? Some like it hot, hot yamale ! Snake yamale ! Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects
43 – Full unauthenticated remote access, anybody can watch your b…eer – Unpatched Dahua cams vulnerable to unauthenticated remote access
44 – A good reading about pentest on your (not actually yours, but ok) AWS stack – Penetration Testing Your AWS Environment – A CTO’s Guide
45 – If you self host an onionshare instance, make sure you patch – Serious Data Exposure Vulnerabilities Spotted In OnionShare Platform
46 – Good move, no longer have to guess editor’s website, find terms and conditions and discover how to unsubscribe – Apple now requires all apps to make it easy for users to delete their accounts
47 – I don’t take calls anymore except through encrypted channels – Fraudulent robocalls to cost consumers $40 billion in 2022
48 – Cut the BS and do it right or don’t do it ! U.S. govt to sue contractors who hide breach incidents
49 – A good reading about these ICS affected by vulnerabilities – Four Critical Vulnerabilities Discovered in Bosch Rexroth WEB Interfaces
50 – An apache patch patching the patched apache as it didn’t patch patchingly ! Apache emergency update fixes incomplete patch for exploited bug
51 – Automated detection and response is mandatory ! No time, the only time you have is the time to be encrypted ! FIN12 hits healthcare with quick and focused ransomware attacks
52 – How would your organization detect and respond to such incident ?
What is your RPO ? Recovery Point Objective define how much data you’ll lose between last valid and tested backup, and restore time.
What is your RTO ? Recovery Time Objective defines how long it will take for you to recover – Engineering giant Weir Group hit by ransomware attack
53 – Attribution is always a tricky game. Proxy, fork anyone ? But for sure, it’s easier to have visibility when you collect telemetry (backdoor) from most of the computers in the world ;) Microsoft: Russian state hackers behind 53% of attacks on US govt agencies
54 – hard coded credentials + cloud is a recipe for disaster :) leak accelerator :) BrewDog exposed data for over 200,000 shareholders and customers
55 – Rootkit active for 18 months, just spotted now – Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems
56 – All your eggs in the same basket ! Monoculture and Market Share: The State of Communications
and Collaboration Software in the US Government
And that’s about it for this week, good enough I guess !
Have a good weekend all ! See you on here hopefully next week !
Alexandre Blanc Cyber Security
Links
Calendrier
| L | M | M | J | V | S | D |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | 31 | |||||
Recherche
Derniers articles
Tresronours Twitter
Keywords cloud topic
Membre de la FSF
![[FSF Associate Member]](https://blog.inforeseau.com/fsf.png){kind=small}
Liens qui vont bien
Mots clés vrac – keyword cloud
License du contenu – CC By NC SA
This création is licensed under a Creative Commons Paternité - Pas d'Utilisation Commerciale - Partage des Conditions Initiales à l'Identique 2.0 France License.
Archives
- Resumed posting and expanding on X
- Linkedin Access to your account has been restricted – Final debrief and resilience plan
- I’m thankful for the support I get in rough time
- Cyber security news of the day – 2024 May 31
- Alexandre Blanc Cyber Kicked out from Linkedin
- You’ll most likely find me on LinkedIn
- The Russian roulette landing page !
- RTSP, Debian, VLC, not playing, IP Camera
- 5G network hosted in the cloud, no internet, no phone ! So smart ! And I ended on TV, This week in cyber
- They lock the door for privacy… but they keep a copy of the key, and couple of backdoors
- Worst is yet to come, but they all warned you
- Migrating an old WordPress and handling character set, UTF8, latin1, latin1_swedish_ci
- From a broken TLS CA, to Facebook, to FIN12 hit and run
- Yes we can fix this mess, but do we want to ? That’s another story
- Criminals are still dominating the game, why are we doing so wrong, and what can we learn in this tech ocean ?
- Riding cloud can be tricky, don’t fall from it, in the weekly cyber !
- The threat landscape is very dynamic – Cyber news this week
- Cybersecurity is not obvious even for this newsletter !
- Install Slack desktop app on Kali rolling fixing libappindicator3-1 missing dependency
- How to delete all resources in azure to avoid charges after trial on your forced credit card registration
- Proxmox – ZFS – Dead drive on active VM, recover from replicated disk
- Restrict access to proxmox web admin interface
- Migrate your ESXI VMs to proxmox ZFS
- Install your VPN server with pi-hole on OVH VPS in 30 min
- Using raspberry pi 3 as wifi bridge and repeater and firewall
- Raspberry 3 – create a wifi repeater with USB wifi dongle
- raspberry 3 – routeur pare feu point d’acces wifi avec filtrage pub et tracking – router firewall access point with ads and tracking filtering
- Dell XPS 13 touchpad – corriger la sensibilité
- Utiliser Zazeen set top box depuis une connexion videotron
- Fermeture de mon compte facebook – la dernière goutte
- Choisir un kernel par defaut au demarrage de Centos 7.2 – configuration grub2
- Openvpn access server 2.0.25 et android
- Régler la luminosité du laptop par ligne de commande
- chromium outlook web app version complete sous linux
- Nexus 7 2012 – android 5 lollipop solution au probleme de lenteur
- HDD led sur Xubuntu – xfce
- xubuntu 14.04 verrouiller ecran de veille et desactiver mise en veille a la fermeture de l’ecran
- Authentification avec Radmin en utilisant Wine sur Gentoo
- Patcher bash sur une distribution plus supportee comme fedora 11
- Zimbra desktop sous xubuntu 14.04 64bit – fix
- xubuntu 12.10 probleme de son avec VLC – pulse audio – alsa – toshiba L855D – solution
- Evolution sous xubuntu 12.10 – bug affichage a la configuration – solution temporaire
- Booster son acces internet en changeant de DNS pour opendns
- Serveur DLNA sous ubuntu – minidlna
- sshfs sous windows – dokan sshfs
- xubuntu 11.10 Installer le plugin java pour firefox
- Installer Google Earth sur Xubuntu 11.10
- Installer nagios sur Fedora 11 depuis les sources
- Configurer varnish-cache avec des virtualhosts, apache, fedora, redhat, centos
- Installer Varnish depuis les sources sur Fedora 11