Cyber news catch up as I'm back

No longer on the road for a few days, and as I was catching up with many things, I didn't share about the latest news.

So here we go

1 - Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update

Attackers are already actively exploiting six of the bugs and four others are public, including one for which Microsoft has no patch yet. The system your run, even after patching these, is still full of unknown zero days. Unknown to the editor, not to the attacker. This is why you need overlapping security controls

2 - NIST Finalizes Post-Quantum Encryption Standards

The new standards from NIST are designed for two tasks: general encryption and digital signatures.

It's time to switch to these new post quantum encryption standards, and once you did it, consider all previous exchanged data to be public and unsafe. Attackers have been recording internet traffic for years, once current encryption standards are cracked, they'll replay all the saved traffic and read it clear text.

This means that anything sensitive, that was either on internet, or in the public cloud, must be considered public. So, if you had some infrastructures or physical sensitive assets where location is sensitive, you'll have to move ! Yes, that's how bad it is. connected=hacked

But only take action once nothing is left in the dangerous cloud, and when ALL your secure communications are moved out of vulnerable ciphers (non quantum proof)

3 - Microsoft Azure AI Health Bot Infected With Critical Vulnerabilities

Privilege escalation flaws in the healthcare chatbot platform could have allowed unauthorized cross-tenant access and management of other customers’ resources.

Combine the dangerous, totally corrupted and under adversary control cloud AND AI, and you get a nightmare. Oh, and on top, it has healthcare data ! How crazy is this ! ? I'm sorry cloud people, but this is NUTS ! "CROSS TENANT ACCESS OF OTHER CUSTOMER'S RESOURCES", ain't that showing the pile of BS the public cloud throw to your face about security ? It's insulting !

4 - FBI Shuts Down Dozens of Radar/Dispossessor Ransomware Servers

Computer infrastructure in the US, UK, and Germany associated with the cybercriminal group, which targeted SMBs using double extortion, is officially out of commission.

Cool, now time to shut down the public cloud ! It's hurting society way more than cyber crime, it's even the core of cyber crime.

5 - Microsoft fixes issue that sent PCs into BitLocker recovery - no comment

6 - APT41 Spinoff Expands Chinese Actor's Scope Beyond Asia

Earth Baku, yet another subgroup of the highly active and increasingly sophisticated collective, is moving into EMEA with new malware and living-off-the-land (LOL) tactics.

While everybody is blinded by the collapsing AI (yes, it's over and slowing down now), the cyber war still grows, and threat actor move exploiting distracted organization who focused to much on hype, and not enough on the basics.

7 - 3AM ransomware stole data of 464,000 Kootenai Health patients

Enough data has been leaked from the cloud, and stolen during cyber attacks to abuse the identity of almost anyone. Look, that's the information that got stolen here :

• Full names
• Dates of birth
• Social Security numbers (SSNs)
• Driver's Licenses
• Government ID numbers
• Medical record numbers
• Medical treatment and condition information
• Medical diagnoses
• Health insurance information

What else do you need ? ...nothing more really, but you got the traditional liability limitation BS, you can feel good ! "Kootenai Health states that it's unaware of any misuse of the stolen information. It also enclosed instructions for impacted individuals to enroll in 12-24 months of identity protection services, depending on what data was exposed."

I'm telling you, the less information you share, the less tech you use, the safer you are !!!

8 - GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

These CPUs are embedded in many android based devices and other embedded systems. The mitigation requires just a software configuration change. How many manufacturer do you think, are going to fix this ? Oh, by the way, fixing this via configuration change totally reduce the performance of the CPU (a bit like spectre if you remember), and this would render real time OS devices useless...oupsie, fixable, but not really

9 - Scammers dupe chemical company into wiring $60 million

Orion S.A., a global chemical company with headquarters in Luxembourg, has become a victim of fraud: it lost approximately $60 million through “multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties.”

Again, overlapping security controls, security policies and processes totally avoid this. As simple as out of band communication validation ! Cyber Security awareness training also reduce the likelihood of such attacks.

10 - 35% of exposed API keys still active, posing major security risks

Nightfall AI’s research revealed that secrets like passwords and API keys were most often found in GitHub, with nearly 350 total secrets exposed per 100 employees every year.

Looks clowdy to me !

11 - X faces GDPR complaints for unauthorized use of data for AI training

Well, I think that on top of X, we could add all the big tech, all the public cloud, and most AI companies who unlawfully used users data, oh, Adobe as well, and any company where you stored data on servers you don't own. Yes, that the reality. Let's call it cloud. The world of abuses (don't worry, the law is protecting them, but you should be aware).

12 - UN Approves Cybercrime Treaty Despite Major Tech, Privacy Concerns

The treaty would allow any country to request technology firms to aid in cybercrime investigations and preserve data about their users — potentially imperiling penetration testers and security researchers, among others.

There is only one way to keep privacy, freedom and security, it's by never ever giving away your data. If you have to, share fake data, poison it. If you don't get it, well, just keep doing what you are doing, it's not for you.

13 - AMD Issues Updates for Silicon-Level 'SinkClose' Processor Flaw

The vulnerability has been around for nearly 20 years and gives sophisticated attackers a way to bury virtually undetectable bootkits on devices with EPYC and Ryzen microprocessors.

Finally it's time to patch your AMD CPU.... it's good, but the ability to patch CPUs is also an interesting entry point...

14 - CLFS Bug Crashes Even Updated Windows 10, 11 Systems

A quick and easy exploit for crashing Windows computers has no fix yet nor really any way to mitigate its effects.

No patch, no fix, no comment, no windows at home

15 - Chrome, Edge users beset by malicious extensions that can’t be easily removed

Oh, the trojan browser get infected ! Google must not like it, losing the user spying exclusivity ? :P

The threat actors behind this campaign have set up spoofed websites offering popular software such as VLC or KeePass for download, but the downloaded installer does not even attempt to install the program the user wanted. Never trust, always verify.

16 - Critical AWS Services Vulnerability Let Attackers Execute Remote Code

Vulnerable by default and by design. The public cloud, the opposite of security.

Article list some manual mitigation against these. Cloud = leak

17 - FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

18 - Scout Suite: Open-source cloud security auditing tool

Scout Suite is an open-source, multi-cloud security auditing tool designed to assess the security posture of cloud environments.

I haven't tested, but it looks interesting. This can't hurt anyway, there is ALWAYS something to do to reduce the amount of leaks from public cloud. You can't stop it, ever, but you can reduce the leaks, a bit, as much as can do.

19 - Misconfigurations and IAM weaknesses top cloud security concerns

Traditional cloud security issues often associated with cloud service providers (CSPs) are continuing to decrease in importance, according to the Top Threats to Cloud Computing 2024 report by the Cloud Security Alliance.

Interesting to see some of the cloud nightmare and leak accelerator issues. The cloud always leaks, it's a constant ( as in a mathematical sense), but sometimes it leaks more and faster.

20 - Chinese hacking groups target Russian government, IT firms

Given the current geo political situation, I have to say that this is fairly surprising. The article states this very well "This case highlights the complex interplay between allied countries with strong diplomatic ties and common strategic goals yet active cyberespionage operations against each other."

21 - Criminal Hackers leak 2.7 billion data records with Social Security numbers

I was telling you, the technology world failed so badly, that there is no way to protect from identity theft. We've been betrayed by technology, and now, we must be paranoid. As this is getting worse, the more we get cloud, the worse it gets. You must minimize your digital footprint.

Avoid sharing any information, focus on privacy, refuse any invasive technology. We need to rebuild privacy, to stand a chance in the future. Only the information you didn't share might actually save you from future abuses.

Overall, it's way more easy to not share your data or information, especially not in public cloud, than keeping is secure in a connected world.

The only information that doesn't leak is the information that never end on a connected device.

For organizations, the only safe information is the information you don't collect.

Yes, that where we are now.

Have a good day / week all, that's the wrap for today ! Comments, reshares, likes and all are always welcome. If you did read till the end, thank you !