Cyber catch up from the last days and conf
Alexandre BLANC Cyber Security
Advisor - ISO/IEC 27001 and 27701 Lead Implementer - Named security expert to follow on LinkedIn in 2024 - MCNA - MITRE ATT&CK - LinkedIn Top Voice 2020 in Technology - All my content is sponsored
While I'm on the way back, I wanted to announce a coming live ahead, which I'm excited about, as I'm invited to speak by SecPod , to discuss about rapid risk reduction :
Feel free to register, we have time, but it's going to be an interesting exchange. You know I'm an advocate for privacy and security by default and by design. This can only happen if you apply due care to your stack !
Since my last share was like 4 days ago, let's catch up with the key news ! Pick what matters for you. As always.
The real cost of a cyber incident ? All security companies use these to sell you something, in this case, it's a post mortem. Whatever security solution or company you go for, be aware that this is also the reality.
Free resources to support crime growth, the cloud always willing to kick in !
They don't know who, but it happened. That's kind of very cloud, visibility or control is not cloud strengh. Oh, I forgot, cloud = leak
Actively targeting users since July 2021, you read it well, 3 YEARS !
As usual, the less apps you install, the smaller attack surface, the safer you are
Funny that I introduce this newsletter in regards to a webinar speaking about reducing the risk by patching quickly. Well, here is an example.
CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems.
It contains all the keywords that are against security and privacy (not the title below but the extract right after)
Look at this, just reading it would even scare people down in hell : "Smart App Control (SAC) is a cloud-powered security feature introduced by Microsoft in Windows 11 "
Frightening. So the researcher has proven that the white horse is white.
Not me saying it - Threat Actor Allegedly Claims Leak of SisaCloud Database (but it has the word "cloud" and the word "leak" together, just saying)
If you fall for this, OR, if you are giving up the control to AI for your content, maybe, you deserve it....maybe
领英推荐
You are hacked, you just don't know it yet. Because you couldn't help yourself, you downloaded this app, or you felt for this fake ad, or even worse, you placed everything in cloud. Well too bad, it was all a trap.
Enjoy the list of infected machines with access for sale. Quick tip, when you turn off your computer, and disconnect it, go for a hike, then you can't be hacked.
If you don't put all your life under technology control, you can't be taken down.
This makes me think about this town in France, in the south of Paris, where smartphones are now illegal, no scrolling in public allowed anymore. Trust me, no privacy abuses from smartphone there anymore.
If you don't own your stack, and blindly trust your provider, you are hacked, also, you don't follow the cyber security basic of overlapping security controls.
APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared.
I always tell you, connected=hacked, here is another example which now you'll know :
They found they could capture the electromagnetic signals from HDMI cables using readily available radio equipment.
By using deep learning AI to analyze these signals, they could reconstruct text and images from the screen with about 70% accuracy.
Industrial control systems should NEVER be connected to internet, ever. Even less to the public cloud nonsense.
Obviously, this one is now known, but how many zero days are there around ? How much operational capabilities do you want to offer to adversaries ? Anything you put online, or even worse, in the cloud, are given away for free to attackers. ( I know, you cloud brainwashed zombies will have hard time, you'll say that I know nothing, bla bla bla, good for you).
And finally a nice open source initiative :
MISP is an open-source threat intelligence and sharing platform for collecting, storing, distributing, and sharing cybersecurity indicators and threats related to incident and malware analysis.
If you want to do things right, you can find interesting solutions, it's about willing to do good, it's not about throwing money because it looks good at the time.
Finally, when is the last time you took a full backup of all the data you have in the leaky cloud ? You should keep formal track of this.
Wishing you a good day all, I'll soon resume my usual posting, getting back at my desk, because typing in a small van is not really comfy :) Yet, I did it :P Also did hike about 60kms in the last 2 weeks, I blew my foot on poorly adjusted shoes (my bad, I ordered them online, half size too big....ouch) :) Anyways, still good to be in the real, nature and all.
Your comments are always welcome, reshare as well, we are surrounded by newsletter, I hope this makes a difference. You are 48K+ subscribers to this newsletter, thank you all !
Executive Administrator
3 个月Thanks for sharing
Thanks for sharing
+1??9?? 0??0??0??[CYBER-SECURITY-Architect / Researcher] ??????- TOP-VOICE LinkedIn ???? ????????
3 个月Thanks dear Alexandre ??????
Agile Master, AI/ML/ZTA Public Private Partnership
3 个月Almost????????