5+All Security Resource Digest for 2023–12–4 and 2023-12-1 [Double Feature!]

I was attending the ISC2 SECURE event in Washington, DC on Friday, Dec. 1, and didn't have a chance to upload the digest on LinkedIn. So, please enjoy this double-feature for both Friday and today (Monday, 2023-12-4)!

5+All Digest Security Resources for...

Monday, Dec 4, 2023:

1. CISA’s Goldstein wants to ditch ‘patch faster, fix faster’ model
2. Executives behaving badly: 5 ways to manage the executive cyberthreat
3. Cybersecurity Specialist Raises Concerns About Turtle macOS Ransomware Threat
4. CISA and Partners Release Joint Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs
5. Can You Speak In Virus? LLMorpher: Using Natural Language in Virus Development

Friday, Dec 1, 2023:

1. Okta Hack Update Shows Challenges in Rapid Cyber Disclosures
2. Crypto Country: North Korea’s Targeting of Cryptocurrency
3. Malvertising and Ad Quality Index: H1 2023
4. 2023 U.S. Bot Security Report: Bot Attack Preparedness in 9,500+ US-Based Websites
5. Rogue ex-Motorola techie admits cyberattack on former employer, passport fraud

Browse these and all resources added in the last day in my personal security resource database, the SSD, for free at Go.StrykerNoStriking.com/Complete-DB.

5+All Security Resource Digest for 2023–12–4

#1: CISA’s Goldstein wants to ditch ‘patch faster, fix faster’?model

CyberScoop | Link to Resource

• Current vulnerability patching model flawed, large companies should take more responsibility in providing secure software and hardware, technology providers should implement default security controls and use secure development practices, AI can help with vulnerability detection and fixing.

#2: Executives behaving badly: 5 ways to manage the executive cyberthreat

WeLiveSecurity | Link to Resource

• Executives’ poor security practices make them attractive targets for threat actors; organizations should conduct internal audits, address common security issues first, help executives understand the impact of their actions, build trust with senior leadership, and implement a specialized cybersecurity program for executives.

#3: Cybersecurity Specialist Raises Concerns About Turtle macOS Ransomware Threat

CyberSec84 | Cybersecurity news. | Link to Resource

• Turtle, a macOS ransomware analyzed by cybersecurity researcher Patrick Wardle, is considered less sophisticated than other strains and may have originated as a Windows threat before being adapted for macOS, highlighting the increasing targeting of macOS by ransomware authors.

#4: CISA and Partners Release Joint Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs

All CISA Advisories | Link to Resource

• IRGC-affiliated cyber actors are exploiting Unitronics PLCs in various sectors, including US water and wastewater systems, using default passwords; organizations are urged to review the joint advisory released by CISA, FBI, NSA, EPA, and INCD and take necessary actions for internet-facing PLCs.

#5: Can You Speak In Virus? LLMorpher: Using Natural Language in Virus Development

SOCRadar? Cyber Intelligence Inc. | Link to Resource

• GPT-powered language-morphism viruses pose a challenge to traditional antivirus systems, as any text can now be converted into executable instructions, requiring cybersecurity stakeholders to adapt and innovate.

5+All Security Resource Digest for 2023–12–1

#1 for 2023-12-01: Okta Hack Update Shows Challenges in Rapid Cyber Disclosures

Wall Street Journal (WSJ) | Link to Resource

• Okta delays product updates and projects by 90 days due to a larger data breach than acknowledged, exposing names and email addresses, emphasizing the challenges in prompt cyberattack disclosures and the need for improved security controls.

#2 for 2023-12-01: Crypto Country: North Korea’s Targeting of Cryptocurrency

Recorded Future | Link to Resource

• North Korea targets cryptocurrency industry, stealing over $3 billion worth of cryptocurrency to fund regime and potentially missile program, urging need for stronger regulations and cybersecurity investments.

#3 for 2023-12-01: Malvertising and Ad Quality Index: H1?2023

Confiant | Link to Resource

• Confiant’s MAQ Index analyzes billions of ad impressions in real time, finding that one out of every 106 impressions had serious security or quality issues, with the security violation rate in Q1 2023 reaching its highest level in four years. Firefox, Edge, and Chrome users were most affected, with Fake Update ads being the most common security issue.

#4 for 2023-12-01: 2023 U.S. Bot Security Report: Bot Attack Preparedness in 9,500+ US-Based?Websites

DataDome | Link to Resource

• Widespread vulnerability to bot attacks found on US-based websites, with only 10.2% successfully blocking all bot requests, and e-commerce and classified ads websites being particularly exposed.

#5 for 2023-12-01: Rogue ex-Motorola techie admits cyberattack on former employer, passport?fraud

The Register?—?Security | Link to Resource

• Ex-Motorola technician pleads guilty to cyberattack and passport fraud, faces up to 20 years in prison.

Please share this digest and database with anyone you think would find these resources helpful. And, let me know what you think?

Final Notes:

• I am actively seeking a new position in cyber intelligence and / or cyber risk analysis! Please feel free to review my resume and my complete project portfolio — including research reports, guides, webinars, podcasts, and personal certifications — for an idea of what I could do for your cybersecurity program.
• This database project — including all its supporting automations and content subscriptions — is entirely self-funded. It’ll remain free to anyone who would like to use it! However, you can help support the project on Ko-Fi or simply by sharing it with others. :)
• Originally published on Medium

Thank you to all contributors to the SSD, including:

• Daruma
• Fireflash38
• James Saturnio
• Jordan Nigg
• Robert Waters