Cyber security news catch up from the camp
Alexandre BLANC Cyber Security
Advisor - ISO/IEC 27001 and 27701 Lead Implementer - Named security expert to follow on LinkedIn in 2024 - MCNA - MITRE ATT&CK - LinkedIn Top Voice 2020 in Technology - All my content is sponsored
Funnily, it seems I blew up Microsoft AI limit using some very insulting wording as you can see :
The cyber security news I (and maybe you) missed over the last couple of days :
Each input opportunity is an opportunity to inject a payload. Pretty much unlimited.
By injecting malicious bytecode into interpreters for VBScript, Python, and Lua, researchers found they can circumvent malicious code detection.
Law firms are heavily targeted by attackers, and often, successfully. More investment in security posture and better practice could help.
Law firms make the perfect target for extortion, so it's no wonder that ransomware attackers target them and demand multimillion dollar ransoms.
When you can't secure it, you reduce the attack surface to minimize the risks
It might also be aligned with the company strategy to give up on desktop as well.
It took two years to manage to somehow punish big tech for abuses, lies, theft on a small part of the terrible abusive practice
The process took two years, but this is the first successful settlement obtained under Texas' Capture or Use of Biometric Identifier Act, which forbids the capture of biometric data without users' explicit consent. That's just an example of the level of evilness of big tech. That's Meta / Facebook, but all big tech and cloud are having nasty practices.
The less you share, the safer you are. Each stolen information from you is sold, value stolen from you, and then, used to manipulate you.
The cloud is crime paradise, that's what it is. The attack surface is unmanageable.
Sadly, you can't whitelist cloud in your defence, this would be your worst mistake. Researchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver?remote access trojans (RATs).
You can't trust a single thing you see online, or from technology, always research, verify, confirm.
As the cloud did bring a new generation of copy pasters who barely understand what they do (sorry, truth hurt), this leads to extremely easy targets to trick into infecting their infrastructure.
You can't assume a platform is safe, each time there's an input, there's a potential payload. You know, connected = hacked
This is obviously targeting low hanging fruits, the public cloud joke.
Reminder, the less apps you use, the less third party your rely one, the safer you are !
These android trojan are usually distributed under rogue APK files, or via exploit sent to you either via SMS, email or instant messaging. Keep your system up to date, never trust anything, assume compromise.
Your mobile is the key to all your life (banking, networking, social media, emails and more)
It's BitDefender patch time ! When the security tool becomes the the vulnerability
领英推荐
Wireless is weak, you know it, it means that connected=hacked is even more true over wireless
Operators don't care, the same way they sell you unsupported and unpatched phones, the same way they ignore the security stack. Confidentiality isn't a matter for them. More effort on selling your location, activities and behaviour than actually considering security.
Keep in mind, what goes in your smartphone or through it, has a huge likelihood of being public.
Responsibility and accountability ? Finally the cloud shared responsibility model that destroyed so many companies is not going to save them from this one !
If it does, it'll show that technology should be decommissioned from critical society operations. Otherwise, it just the digital far west and I elected myself king of the world and you all owe me millions ! ...sounds crazy ? Well, that's no different than big tech and cloud
Combined with the above topic, here is another interesting take
The sustained cyberattack, likely made worse by a mitigation snafu, disrupted several Azure cloud services for nearly eight hours on July 30.
Just don't trust anything you see, always verify, big tech is not your provider, you are their product - Facebook Ads Lead to Fake Websites Stealing Credit Card Information
Great news, this should allow the real victims to know that their information have been stolen
Significant upcoming legislation promises to tighten the screws on cyber incident response in Australia, mirroring CIRCIA in the US.
Don't fall for the fake job trap !
DEV#POPPER is back, looking to deliver a comprehensive, updated infostealer to coding job seekers by way of a savvy social engineering gambit.
Cloudy days on the stolen data, watch your accounts and credit card statements !
First I thought it was a smart move to take a domain with some squatting to exploit stolen credit-cards, but it's a legitimate domain of shopify, so it has to do with an usual cloud leak.
This shows the state of technology, and it's not nice.
Malicious actors could potentially exploit this vulnerability if they gain physical access to a user's device. Just LOL. Apple typical stuff.
All this connected crap is lying, stealing, and putting you at risk ! No connected cars ! Car owners MUST have the choice, big tech must be stopped !
Two US senators accuse carmakers of deceptive language and shifty practices in sharing and resale of driver data.
We need a strong a significant action against automotive industry, this has to STOP.
There is a lot more, but this is enough. Thank you if you made it to here. Hopefully this last point convinced you to boycott any new car, and just buy used old ones, safer and disconnected.
Connected=hacked, but also tracked, manipulated, deceived and abused.
This article is written from my very old van, no connected to anything, in the middle of the trees, using a mobile phone as access point. My next car will be an old one, and like we see these videos about old car renovations, that the path I'll take for a lot of things, until we get ethical automotive available.
Founder of The ITSM Practice Podcast | ITIL Ambassador | Helping CIOs in Fintech, Telecom, and Managed Services Define Robust Service Management and Security Operating Models
3 个月Commenting for visibility to my network of IT Security Professionals: - Unfortunately, whitelisting cloud services in your defense is not advisable and could be a critical mistake. - Researchers are warning that threat actors are increasingly exploiting the Cloudflare Tunnel service in malware campaigns. - These campaigns often deliver remote access trojans. How can ISO 27001 adoption/compliance be ensured when cloud services like Cloudflare Tunnel are exploited in malware campaigns? ---------- ?? Follow me on LinkedIn for daily insights on ITSM and IT Security. ?? Check out The ITSM Practice Podcast on Spotify: podcasters.spotify.com/pod/show/theitsmpractice #itil #itsecurity
Historian and Bibliographer of the Stalinist Holodomor Genocide of 1932-33.
3 个月Thank you for this summary, Alexandre! I don’t know if old cars will be any better, though, unless they are Very old. My 2002 had a computer of sorts and at a particular spot on the higheay, my windshield wipers came on for a pass or two. Yes, mumbles of wtf nature blued the skies momentarily. Both hands were on the wheel, so not accidentally turned on. Hmm.