Cybersecurity ???And Much More Newsletter ?? Vol. 3 Num. 01

Greetings, friends.

Welcome to my newsletter, if you are not yet subscribed, please do. It might include books, articles, tech, tips, and cool stuff about cybersecurity.

Enjoy!

What’s Happening

???PyTorch Compromised with Malicious Dependency

Following a dependency confusion attack, PyTorch package maintainers advised users who installed the library's nightly releases between December 25, 2022, and December 30, 2022, to remove and get the newest versions.

"PyTorch-nightly Linux packages installed through pip at that time installed a dependent, torchtriton, which was compromised in the Python Package Index (PyPI) source repository and launched a malicious binary," the developers said over the weekend. (link )

???Google will Pay $30 Million to Settle Location Tracking Lawsuits

Google settled two "deceptive" location monitoring lawsuits filed by Indiana and Washington, D.C., for $29.5 million. After D.C. and Indiana sued the search and advertising behemoth for tracking users' whereabouts without authorization, the corporation must pay $9.5 million and $20 million, respectively.

Google had paid 40 states $391.5 million for identical charges two months ago. Two more Texas and Washington location-tracking cases remain. (link )

???Google Home Wiretapping

A security researcher received $107,500 for finding vulnerabilities in Google Home smart speakers that could be used to install backdoors and wiretap them.

"An attacker within wireless proximity to install a 'backdoor' account on the device, enabling them to send commands to it remotely over the internet, access its microphone feed, and make arbitrary HTTP requests within the victim's LAN," the researcher, Matt Kunze, wrote in a technical write-up this week.

Malicious queries might reveal the Wi-Fi password and provide the attacker direct access to other devices on the network. Google fixed the problems in April 2021 after responsible disclosure on January 8.

Google Home's software design may be used to install a rogue Google user account to a target's home automation device. (link )

???Chinese researchers claim to have broken RSA Encryption

Chinese researchers claim to have achieved significant progress in quantum computing by cracking the RSA public-key encryption scheme using a quantum computer with about the same amount of processing capacity that will soon be available to the public.

Breaking 2048-bit RSA, which requires finding a mechanism to rapidly and reliably locate the algorithm's secret prime numbers, would be a major development. Even though the RSA method has been mostly supplanted in consumer-facing protocols such as Transport Layer Security, it is still commonly used in legacy corporate and operational technology products, as well as in a large number of code-signing certificates.

If a hostile actor could create these signing keys or find out how to decode the communications that RSA secures, they might snoop on internet traffic and try to pass off dangerous code as a genuine software update, allowing them to take control of other users' devices.

These issues are a significant reason why quantum computing poses a threat to conventional cryptography. In a white paper issued by the UK's National Cyber Security Centre in November 2020, specialists cautioned that nearly all of today's commonly used public-key encryption schemes may be broken with a sufficiently powerful general-purpose quantum computer. This is due to the fact that their security is dependent on how difficult it is to factor in such huge numbers.

In their paper, "Factoring integers with sublinear resources on a superconducting quantum processor," the Chinese researchers make one of the first claims that this is now possible. They say that a 372-qubit quantum computer can be used to break the 2048-bit algorithm. But there are a few things to keep in mind. They could only practice on a 10-qubit device and couldn't show that their theory worked on anything bigger than 48 bits. (link )

?????The FBI's Perspective on Ransomware

In the last decade, cyber hackers and gangs have profited from ransomware, which has been around for almost 30 years. Ransomware gangs have targeted businesses since 2015. Thus, ransoms are now in the millions.

Ransomware's dual pressures work. First, by threatening to delete data. Second, threatening to publish the assault. The second threat is indirect but as dangerous (if not more). Publication may cause brand damage and regulatory concerns.

Most ransomware is now RaaS (Ransomware as a Service). Cybercriminals lease ransomware infrastructure to other attackers in RaaS operations. Customer attackers may pay for software or divide the cash with producers.

Attacked organizations are frustrated and confused. First, call an Incident Response team. IR can help with investigation, recovery, and negotiations. The FBI can assist.

???SpyNote Strikes Again: Android Spyware Targeting Financial Institutions

Since October 2022, SpyNote, a spyware-banking trojan Android virus, has attacked financial institutions. ThreatFabric said that the spyware creator, who sold it to other actors, made the source code public. "This has allowed other attackers to manufacture and distribute malware, frequently targeting banks." The software impersonates Deutsche Bank, HSBC U.K., Kotak Mahindra Bank, and Nubank.

SpyNote (aka SpyMax) may install arbitrary apps, capture SMS messages, calls, videos, and audio recordings, monitor GPS whereabouts, and prevent uninstallation. Like previous banking malware, it requests accessibility service rights to extract two-factor authentication (2FA) codes from Google Authenticator and capture keystrokes to steal banking credentials. (link )

???Dridex Malware Now Attacking macOS Systems

A recent study indicates that a version of the famed Dridex financial virus has targeted Apple's macOS operating system via an undocumented attack technique.

Trend Micro researcher Armando Nathaniel Pedragoza stated in a technical paper that the group has "developed a new approach to distribute documents containing harmful macros to users without needing to pose as bills or other business-related files."

Dridex, also known as Bugat and Cridex, is a recognized information thief that steals sensitive data from compromised PCs and executes harmful modules. It is ascribed to the cybercrime organization Evil Corp (aka Indrik Spider).

The virus is also seen as a descendant of Gameover Zeus, which was itself a successor to another banking trojan named Zeus. Previous Dridex operations targeting Windows utilized macro-enabled Microsoft Excel documents delivered via phishing emails to deliver the payload. (link )

???Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

Microsoft has given insight into four families of ransomware that are known to affect Apple macOS systems: KeRanger, FileCoder, MacRansom, and EvilQuest.

In a report released on Thursday, the tech giant's Security Threat Intelligence team said, "Even though these malware families are old, they show the range of capabilities and bad things that can happen on the platform."

The first way these ransomware families spread is through what the company that makes Windows calls "user-assisted methods," in which the victim downloads and installs trojanized applications. It can also come as a second-stage payload dropped by malware that is already on the infected host or as part of an attack on the supply chain.

???WhatsApp Introduces Proxy Support to Help Users Bypass Internet Censorship

In the newest version of its Android and iOS apps, the popular instant messaging service WhatsApp has added support for proxy servers, allowing users to evade government-imposed restrictions and internet shutdowns.

"Choosing a proxy allows you to connect to WhatsApp using servers put up by volunteers and groups devoted to facilitating free communication," the firm owned by Meta said.

Proxies function as an intermediate between end users and the service provider by directing requests from a client to the server and sending the server's answer back to the device. The option may be accessed by heading to Settings > Storage & Data > Proxy > Use Proxy and inputting the address of a trusted proxy server. (link )

???New Citrix Critical Vulnerabilities Patched

Over the previous three months, Citrix reported two significant security problems that affect thousands of ADC and Gateway endpoints.

The virtualization services provider fixed CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8) on November 8 and December 13, 2022.

CVE-2022-27510 is an authentication bypass that might provide unauthorized access to Gateway user capabilities, while CVE-2022-27518 is a remote code execution problem that could allow system takeover.

Security Bites

???Tips - ???Security - The Relationship between Quantum Computing and Security

What is Quantum Computing?

Quantum computing employs superposition and entanglement to process data. Quantum computers store and process information differently than ordinary computers, which employ bits. Quantum computers employ qubits, which can represent 0 and 1 simultaneously. Superposition lets quantum computers execute some functions quicker than regular computers.

Quantum computers use entanglement and superposition. Entangled qubits may interact in ways that conventional bits cannot, allowing exponentially quicker computations.

Quantum computers are currently developing, therefore their potential remains unknown. They could penetrate specific encryption or determine the global minimum of a complicated energy landscape, according to some experts. Others think quantum computers will ultimately do all traditional computer jobs quicker.

How is it a threat to traditional information security?

Quantum computers have the potential to change information security by being able to break some presently safe forms of encryption. Numerous modern encryption techniques, such as RSA and AES, depend on the computational impossibility of factoring huge numbers or solving certain mathematical problems. However, similar issues may be addressed considerably more quickly on a quantum computer, making present encryption systems potentially susceptible.

How to stay safe from Quantum Computing Threats?

To defend against this possible danger, researchers are creating new quantum-resistant encryption methods. Quantum key distribution (QKD) is one such example; it enables two parties to interact securely by transferring a key encoded in the state of a quantum system. QKD offers a safe method of communication even in the presence of a quantum computer since the principles of quantum physics preclude an adversary from measuring the key without compromising it.

Using post-quantum cryptography, a kind of encryption that is meant to be resistant to assaults by both classical and quantum computers is another method for defending against quantum attacks. Lattice-based cryptography and multivariable cryptography are some examples of post-quantum algorithms. In a post-quantum era, these algorithms are now being explored and developed as a possible means of securing communications.

I highly Recommend Reading this whitepaper about Getting Ready for Post-Quantum Cryptography

???Tips - ???Security - Secure Your Password Manager

What is a password manager?

Password managers create, store, and manage secure, unique passwords for online accounts. You may access your encrypted passwords using a master password or another authentication mechanism.

Some password managers can autofill login forms, create random passwords, and notify you of security breaches.

A password manager may help you use secure, unique passwords for all your accounts and manage them more easily.

Why using a password manager is a great idea?

Password managers serve several purposes:

• Strong and unique passwords: Password managers can create and store unique passwords for all your online accounts. Strong and unique passwords are safer and harder to steal.
• Convenience: A password manager stores and manages all your passwords in one place so you don't have to remember them. This is important if you have several internet accounts.
• Security: Password managers encrypt passwords to prevent unwanted access.
• Autofill: Some password managers autofill login forms, saving time and reducing mistakes.
• Security alerts: Some password managers may notify you of possible security breaches, such as a hacked password or using the same password on several accounts.
• Password managers make online account management safer and easier.

How to securely use and manage password managers?

Whether it’s for personal or corporate use, make sure you consider these recommendations:

• Select a trustworthy provider.
• Encrypt your passwords and data using your own keys if the feature is offered.
• Enable MFA for all the accounts and preferably use physical tokens.
• Make sure the browser configurations and extensions are centrally managed.
• Make sure the master passwords are strong and unique.
• Make sure the admin will have the ability to retrieve passwords when employees leave the company.

How to recover when a password manager vendor is breached?

All vendors are subject to data breaches in this day and age and the best way to prepare for it is to follow the best secure configuration practices, have enough visibility on the users and assets, and have a detailed incident response plan:

• Identify the password managers used by all the users.
• Identify the browsers and extensions installed on all the endpoints.
• Verify that MFA is enabled for all the password managers and accounts.
• Reset all the master passwords.
• Reset all the passwords stored on the password managers.

While the steps above seem heavy to undertake in large environments, they might not all be necessary as use cases vary from one company to another.

My Favorites

??????Books I’m Currently Reading ????

Title: The Book of Joy

Author: Dalai Lama

Overview:

Nobel Peace Prize Laureates His Holiness The Dalai Lama and Archbishop Desmond Tutu have endured almost fifty years of exile and oppression's soul-crushing cruelty. Despite or, as they would say, because of their struggles, they are two of the happiest people on the globe.

Archbishop Tutu flew to the Dalai Lama's residence in Dharamsala, India, in April 2015 to commemorate His Holiness's eightieth birthday and to prepare a present for others. They reflected on their lengthy lives in an effort to solve a single pressing question: how can we achieve happiness in the midst of life's unavoidable suffering?

They exchanged personal experiences, engaged in constant teasing, and discussed their spiritual routines. At the conclusion of a week filled with laughter and interrupted by tears, these two global heroes gazed into the abyss and despair of our time and were taught how to live a life filled with pleasure.

From the first hug to the last farewell, this book provides us with a unique chance to witness their extraordinary and unprecedented week together.

??????Books I Recommend Reading ??

Title: Resilience

Author: Eric Greitens

Overview:

In 2012, Eric Greitens received an unexpected message from a former SEAL teammate he hadn't seen in a decade. Zach Walker was one of the hardest of the hard. Since returning to his young family in a tiny logging village after the war, he had struggled. He need assistance because he lacked a sense of purpose, was afflicted by PTSD, and numbed his anguish with excessive drinking.

Zach and Eric began writing and conversing virtually every day as Eric documented his ideas on how to promote resilience in our lives. This ageless manual is comprised of a compilation and editing of Eric's letters, which draw on his own experience as well as ancient and contemporary thought. Greitens demonstrates how to generate a sense of purpose, face grief, exercise compassion, locate a mentor, develop a vocation, and achieve pleasure, among other things. Resilience is a powerful meditation for the fighter inside us all.

This book is a gift not just to Greitens's fellow soldiers, but to all readers.

???Podcast - Jocko Willink: How to Become Resilient, Forge Your Identity & Lead Others | Huberman Lab Podcast 104 The guest is Jocko Willink, a retired Navy SEAL officer and author of multiple books on effective leadership and teamwork, self-discipline and mindset, and host of the Jocko Podcast. He discusses with Dr. Andrew Huberman how people can build and sculpt their identity and psychology through specific mindsets and actions and how to adapt the self to novel and challenging situations, using specific daily routines. (link )

???Videos - 16 Lessons From 2022 - Joe Rogan, Jordan Peterson & Jocko Willink | Modern Wisdom Podcast 565

This year has had over 10,000 minutes of episodes produced so there was a lot to choose from but Chris Williamson ended up settling on 16 insights from some of his favorite conversations both inside and outside of the podcast. (link )

Quote of the Week

“We suffer more in imagination than in reality.” ― Seneca

If you’re interested in starting a career in cybersecurity, watch this one , and don’t forget to subscribe to my channel and leave a comment if there are any topics you’re interested in seeing in my next video.

Check out my other stuff here .