Back from real life, catching up with cyber, big thank for Sufyan !

You may have noticed, as announced in my latest newsletter, I was off the grid for 2 weeks, that was good. The real life, thank to my friends Sufyan, Dennis and Ron, who kept a side signal loop, I felt totally good disconnecting.

This weekly newsletter is thank to my friend Sufyan (and Dennis and Ron), who kept track of the key events during these last 2 weeks, and, I catch up with the news as I share !

And if you don't like my point of view, I absolutely don't care ! Read something you love in your echo chamber.

1 - Fun stuff, Solarwinds hacked again and customers affected again, trust me, coming back after almost 2 weeks in nature, this sounds even more ridiculous - SolarWinds says unknown hackers exploited newly discovered software flaw, here is another one on solarwinds zero days piling up https://www.cyberscoop.com/solarwinds-hacked-again-zero-day/, solarwinds attackers used an APPLE iOS zero day to steal Microsoft and Google credentials ! We trust our phones so much..... they are the key to the kingdom, and they are not even secure....

I apologize, as not having been following the feed, bring some weird perception of it, from external look, like fishes fighting in a small aquarium trying to determine who owns the water.... lol

2 - ICS known to be ever more targeted, OT (operation technology) networks being old slow static systems, they are not suitable for internet exposure (like IOT after all, we are really heading toward self destruction... makes me think I'm happy to live in low density area, and I need to order my solar panels, because the whole ICS, and therefore power grid and stuff, is in high probability of collision route, and I'd rather have some autonomy when everything goes down) - Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities

Because you know, after we'll have connected everything, we'll be 100% at the mercy of the internet, and what is currently a meme, or joke, paying ransom to be allowed to enter your home is soon to be reality

3 - SonicWall told some customers that they needed to disconnect some products "immediately." - I can't say I'm not loving it ! Connected = hacker, more true than ever ! SonicWall releases urgent notice about 'imminent' ransomware targeting firmware - hopefully you had some teams not on vacations to patch on time !

4 - Threat landscape sees "new" advanced persistent threat groups exploiting some good old techiques : Fake Zoom App Dropped by New APT ‘LuminousMoth’ - This is so efficient, fake websites, imitating brands or softwares, releasing malwares, is just so easy to do. And they even have their nice TSL/SSL lock green because after all, anyone can put a certificate on a site nowadays !

5 - Technology is really complex, while freedom matters, it's heavily tight to privacy, which depends 100% on security, things can easily go rogue - The ‘Freedom Phone’ that far-right leaders are hawking is a cheap Chinese Android—and a security nightmare - Due diligence is required, even at individual level. I once wanted to purchase a privacy oriented laptop, was expensive, had hardware switches to protect privacy, but digging online has shown really poor quality on hardware, low reliability, and poor customer support. So, even pursuing the quest of privacy, right to repair, etc, not falling for marketing BS is a skill that must be trained and applied.

6 - When you have the best resources in the worlds, and you are on the top of your domain, will you be able to avoid the evil path ? History tend to prove that humans cant : Hooking Candiru - Another Mercenary Spyware Vendor Comes into Focus - I tell you all the time, connected=hacked, and despite the vulnerabilities, the patches, and all the security show and best practices, that no one can afford to ignore, there is the next level game, international spying. One single way to defend yourself is apply some exponential derivation on today capabilities for the worst, and assume some group in the world have these abilities. Now design your security architecture accordingly.

7 - On the very same angle as point 6 above (cyberweapons in hacking-as-a-service packages), here is another one (with IOC - Indicator Of Compromise and more) - Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware - Connected=hacked, plan accordingly

8 - NEVER EVER KEEP OUTDATED ASSETS AS YOUR PROTECTION TOOL ! That's very basic common sense, but look, how many organizations keep firewalls without support ? A firewall that is not supported or patched is a free pass for any threat actor ! Ransomware attacks targeting unpatched EOL SonicWall SMA 100 VPN Applicances

9 - The cloud is the biggest single point of failure ever created in technology. Something piling up so much nonsense that it defies any common sense even from very high level stand point. We love to put all our eggs in the very same basked : Cloudflare fixes CDN code execution bug affecting 12.7% of all sites

10 - Speaking of stupidity, here we go, it's so big that people will buy it, you lost it 100%, you finance government surveillance programs, and you have ZERO privacy - Microsoft announces Windows 365, a subscription cloud PC - One French president once said, "the bigger it is, the more people will swallow it", and here we go.

11 - Cloud or not cloud, same threats, but it costs much more in the cloud - Linux Variant of HelloKitty Ransomware Targets VMware ESXi Servers

12 - Connected=hacked, and the more you connect stuff, the bigger the impact will be, as you grow you attack surface, this is already killing people, cloud and nonsense is the highway to the end of society - Russian cyber attack on HSE destroyed Covid-19 patient records - This is ridiculous.

13 - The cloud is above the laws - Amazon is getting hauled into court for not recalling dangerous products the right way - But who cares, the world already sold its soul to it. Designed to abuse, and finance toys for very smart world domination cortex, the cloud will take you all down, if you don't see it coming, well, too late for you. (bla bla bla, it doesn't have anything to do with the cloud... well, you short sighted, shut up and try to projects a couple of thousands paths 50 years ahead and think....)

14 - If you used cloud, and your monthly bill grow exponentially (twice more than usual cloud abuses), or, if you own your infrastructure, and things slows down, you might have been crypto jacked - How We Tracked a Threat Group Running an Active Cryptojacking Campaign - IOCs and all, connected = hacked

15 - Because cloud is above the laws, truth is a big threat, and world domination through market manipulation is the way cloud enslaves you, it won't let any truth pass (how come I'm still alive and allowed here, that's a mystery) - Amazon asked Apple to remove an app that spots fake reviews, and Apple agreed - Big tech is ducking with you, and you just don't feel it coming.

16 - Between cyber mercenaries, state sponsored actors, individuals APTs, if you connect, you are hacked, you don't have to believe me.... just facts. 15-Year-Old Linux Netfilter Vulnerability Let Hackers Bypass All Modern Security Mitigations - BUT, WHAT CAN WE DO ABOUT THIS TECHNOLOGY MESS ? EASY ! Just keep offline things that can remain offline ! Ask for not connected cars, don't buy these dumb connected crap that have the word "smart" or "wifi" in it, oven, wash machine, coffee machines, if you are not too dumb, you'll realize that you don't realize to add more connected crap for foreign actors to abuse you and steal all your digital world. I know it's tough, and complicated, but you may have to use your BRAIN ! .... no Alexa isn't an alternative, nor any crap assistant that is here to manipulate you...... I know you don't like it, it hurst, but it's the absolute truth.

17 - You are hacked, what you see is manipulated, and you should really watch black mirror on netflix, I know it embeds DRM and this is very bad, BUT, so far that the most realistic show I've seen (aside of Mr Robot) - Millions Of Apple Users Warned To Delete ‘Very Malicious’ New Spyware

18 - Because it was cheaper, people connected critical infrastructure to the internet instead of dark fibers....and the price is in the end much higher.... connected = hacked : Chinese state hackers breached over a dozen US pipeline operators (speaking about Chinese, in this case, but you know, the whole world is trying to jack each other non stop, and no one will really do something about it, because they all do so, all thinking they control something more critical than the other one, it's absolute shit show).

19 - And the cloud leaks and leaks and leaks, the cloud is a very dangerous and expensive joke that scales up in unlimited fashion slowly destroying the world. Over 1TB of confidential US company data accidentally exposed. Cloud object storage, supported of all foreign intelligence companies ! Designed to steal customer data to feed local intelligence agencies, turned into the best ever foreign spying operation in the world. The cloud deserves the purple heart medal to be honest.

20 - You are hacked, you just don't know it yet - New PetitPotam attack allows take over of Windows domains - This article contains mitigation techniques that you must take care of. CONNECTED = HACKED

21 - The cloud is a joke ! LMAO, can't stop really, back from vacations, nothing change, the cloud is still a failure ! Over 80 U.S. Municipalities Suffer Data Breach via Misconfigured Amazon S3 buckets - I ear you "gna gna gna, it's not the cloud it's a configuration issue", well buddy, never happened at this scale, and this amount of occurrences before the cloud. If planes would fall from the sky at the same pace the cloud is miss-configured, they'd be forbidden to fly. It's time to make the cloud illegal, until it works properly maybe..... I know you don't like my point, but I can't care less ! Stop reading me if you don't like, but I'm telling you, burying your head in the sand looking for excuses won't fix the damn cloud problem.

Oh boy, I'm on fire again ! (I assume you'll feel it if ever you read the whole thing, but I know in the attention economy, no one does, so I can write pretty much anything).

I should be back to regular posting soon, in the meantime, here is a picture to relax, either you are as pissed as me seeing how ridiculous technology is, or you are pissed at me because you are brainwashed cloud lover and you lost your own ability to think critically, anyhow this should bring peace ! :D

Have a good week all, as we are sunday :D