al3x@wannaCYbeR(security)~$ echo "Issue \x06"
Alessandra ?? Perotti
Malware Reverse Engineer + Cyber Threat Intel Analyst @ CVS Health | Threat Researcher | GREM | GCIH | GIAC Advisory Board
Greetings, fellow cyber people, and welcome to the sixth issue of wannaCYbeR, a weekly newsletter dedicated to those who are just starting in cybersecurity. While Russian troops continue to advance into Ukrainian territory, the focus of cyber actors has been shifting towards propaganda and ways to let Russian citizens know what’s really happening on the ground.
Squad303, a hacking group connected to Anonymous, has created an online tool that people can use to text Russian citizens and circumvent the government’s propaganda messaging.
“The point of this leak is solely to spread information to the Russian people, and potentially (although unlikely) use these cameras for recon. Since most of these cameras are in deep Russia (and some near the border cities of Ukraine), this is mainly a large anti-propaganda movement.”
The group claims to have sent over 7 million texts to Russian citizens revealing details about the invasion of Ukraine.
In a tweet published on March 15, Squad303 reported that the Kremlin would be afraid of people trying to debunk the Russian misinformation campaign and claimed that the Russian government implemented “full-text censorship of pre-defined messages” sent from 1920.in.?
On the opposite cyber front, a new wiper malware targeting Ukrainian networks has been discovered by researchers with ESET.
"The ultimate goal of the attackers is the same as with IsaacWiper and HermeticWiper: make the systems unusable by erasing user data and partition information," Jean-Ian Boutin? head of threat research at ESET, told The Hacker News. "All of the organizations targeted by the recent wiper attacks were either in the governmental or financial sector."
Speaking of cyberattacks, on Monday, Israel’s government websites were hit by a massive DDoS attack that made them unavailable for a number of hours. Rumors have been attributing the attack to Iranian state actors, but nothing has been claimed yet. Israel hasn’t imposed any sanctions on Russia so far, but the Foreign Minister has also stated that the country “will not be a route to bypass sanctions imposed on Russia by the United States and other western countries.”
In a recent alert, the Cybersecurity & Infrastructure Security Agency (CISA) warned that malicious actors sponsored by the Russian government gained access to an NGO private network by cracking a weak password and bypassing multifactor authentication. They were then able to escalate privileges thanks to the infamous “PrintNightmare” vulnerability.
“As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network. The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527) to run arbitrary code with system privileges.”
Oh, my Linux!
Another Linux kernel vulnerability has been disclosed: it’s a heap overflow that affects the netfilter subcomponent of the kernel and can lead to privilege escalation, remote code execution, and even what’s called “kernel panic.”.
On Wikipedia, a kernel panic is defined as “a safety measure taken by an operating system's kernel upon detecting an internal fatal error in which either it is unable to safely recover or continuing to run the system would have a higher risk of major data loss.”
Essentially, it’s the Linux equivalent to the infamous Windows “blue screen.”
Watch out for those Chrome Extensions
McAfee reports that researchers recently noticed a spike in malicious Chrome extensions that try to mimic legitimate apps: once installed, the software tries to modify cookies, redirect requests to phishing websites, and exfiltrate personal data.
领英推荐
Weekly CISA Bulletin
Are you curious to know everything about the latest vulnerabilities discovered? The Cybersecurity & Infrastructure Security Agency publishes a weekly bulletin with an extensive roundup of vulnerabilities recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), which includes details, CVE scores, and remediation recommendations.
Meme of the Week: IT Help
Special of the Week 1 - Cybersecurity Certifications: the Most Mentioned in Job Ads
One caveat: I haven’t prepared for or taken any certifications yet. This is by choice as, at this stage, I want to focus my learning on just acquiring knowledge rather than studying for a specific set of questions or focusing on a few topics. For the future, I think it’s useful to have an idea of the most common certifications and the ones listed as required or preferable in job postings.
Although, I would invite anyone interested in taking any of these to do their own research, collect information from people who already took them, and in general make sure that the certification is worth their time and money before proceeding.
Special of the Week 2 - Bug Bounty: Top 25 Vulnerability Parameters Cheatsheet Collection
This took me a little while to find, but it was definitely worth the time. After seeing a great post by Hacking Articles containing a collection of bug bounty cheatsheets, I decided to hunt them down (hello, OSINT, my old friend.) The cheatsheets were compiled by Lütfü Mert Ceylan, security researcher and founder of Turkish Bug Hunters. The collection includes parameters we can use to test for:
To download the text files for the whole collection, head to the GitHub repository.
Listen: H4unt3d Hacker FebV1 Mari Galloway
In this podcast episode, Mike Jones talks to Mari Galloway, Cybersecurity Executive and Founder of Women’s Society of Cyberjutsu, a nonprofit dedicated to empowering and creating a community for women in the cybersecurity space. They chat about Mari’s experience, opportunities in cybersecurity, burnout, and the amazing work that WSC does to help train and create opportunities for women to start and advance their cyber careers.
That's all for this week. If you enjoyed the newsletter, please feel free to share it with your connections. Do you know of a great piece of content I should include??Don’t be shy, reach out!
P.S. In case you were wondering, I don't receive any compensation or sponsorship for the content I share. I do it just because I love to nerd out with other people on topics of common interest.
Information Technology and Security | CompTIA Security+ | Google IT Support Professional
2 年Hey Alessandra great stuff as usual. May I ask where you found that table of the certifications? I'd like to keep an eye on that myself, for the future.
Thank you for highlighting the interview I did with Mari Galloway, MSIS CISSP, Cyber Ninja ! Keep doing what you're doing! Keep crushing it Alessandra!