Cloud issues, Log forge and Monica ! What a week !

Yes you did read it well, log4j, you have to pronounce "log forge", somehow, this is what I've been told (Thank Dennis, already on vacation, you deserve it ! Dennis is the CGM guy ! )

And it's vacation time, holiday time ahead, so this is cool, BUT, criminals do not take any break ! So here is what happened this week, aside, or with log forge, the java hell for a lot !

But first, this Monday, Monica and I will be live to finish this year, live, and we left "premiere" on the picture, but it's actually the second edition, it's coming this monday, subscribe, come discuss with us ! :P

This should be fun ! If it would be my call, I'd definitely would not miss an event where Monica shows up :P

Back to this week fun stuffs, or not fun stuff, and hell we had fun, as the cloud collapsed badly, we had a great overview, thanks to down detector, of poor architecture and cheap cloud implementation, when we saw tons of services going down :) That was one of these #clowd moments. Obviously, if you plan cloud properly, it should be resilient, you should have backups. It does cost millions when properly planned, but will certainly be resilient.

So in the cyber world, we saw the following key points :

1 - The IEC 62443 security standards are evolving - Speaking about ICS, Eric Cosman, co-chair of the ISA SP-99 committee that creates the 62443 standards joins waterfall in this episode

2 - So you placed your HR in the cloud ? lol, too bad, it's gone ! Kronos ransomware attack may cause weeks of HR solutions downtime

3 - Do you use continuous security scans services for your website ? Do you practice due diligence, supply chain security check and timely patching ? WooCommerce Credit Card Stealer Found Implanted in Random Plugins

4 - the same big issue as in cloud, resources sharing is dangerous and insecure - Bugs in billions of WiFi, Bluetooth chips allow password, data theft

5 - Yet another Python supply chain attack - Malicious PyPI packages with over 10,000 downloads taken down

6 - An interesting take on the top trending vulnerability - Apache Log4j vulnerability - CVE-2021-44228 (aka: Log4Shell) (or log forge as I was saying)

7 - December 2021, Microsoft now allow optional encryption on Microsoft teams ! Only on one to one call, and only if admin enforces is it ! The cloud just poo on privacy (which makes me think of winnie the poo, which makes me think of honey pot) - Microsoft rolls out end-to-end encryption for Teams calls

8 - Detection and response on your servers is mandatory - Criminals steal Microsoft Exchange credentials using IIS module

9 - Grab the stinky cheese ! French Organizations Targeted by TinyNuke Banking Malware

10 - We are in the cloud, we are so resilient and scalable ! AWS went down again - and took down a whole host of websites

11 - I hope your network is well segmented, because your storage appliances are vulnerable to log4shell, and this is very bad (yes again, but that was the super hot topic of the week, common ! ) - Centralized list of Storage and Backup systems affected by zero-day log4shell vulnerability (CVE-2021-44228)

12 - Do you have continuous security scans for your websites ? (yes again) - Sites hacked with credit card stealers undetected for months

13 - Cloud storage destroyed by ransomware. You MUST have immutable backups with independent authentication - Why Cloud Storage Isn't Immune to Ransomware

14 - The cloud, leaking data ? what a surprise ! State-sponsored hackers abuse Slack API to steal airline data

15 - No my fault, but the cloud crashed again - The clowd in action ! A big, huge, massive SPOF ! Microsoft says M365, cloud services inaccessible due to Azure AD outage ! What a week, it was almost as good as watching youcorn ! The best popcorn channel ! Also, Cloudflare is experiencing widespread latency and timeouts ! #clowd in style !

16 - Nothing to do with cyber, but I don't care, I do what I want ! At least he can still move when the cloud collapse and Tesla wouldn't start ! Tesla Model S Gets Boost with Jet Engine Upgrade

17 - Smart malware developer always creative and recycling old techniques - New Fileless Malware Uses Windows Registry as Storage to Evade Detection

18 - n these times of massive breaches and wide vulnerabilities, knowing what you have, where it comes from, and basically applying due diligence, is absolutely critical - A Complete Checklist To Supply Chain Security

And that's about it ! So, between now and in seven days or so, there is Xmas ! So I'm wishing you some great time, good vacations ! I hope to be able to go on some trail with my ATV, and will try to disconnect. I may, or may not, post at night, time will say.

Just in case, thank you all for your support. I'll be on here with Monica monday, also I got something else with New Cyber Frontier right after on Monday, and most likely will do an Xmas live with my buddies of Dash of Cyber ! So, not totally disconnected, but way more casual :D

All the best !