Cybersecurity ???And Much More Newsletter ?? Vol. 3 Num. 09
Greetings, friends.
Welcome to my newsletter, if you are not yet subscribed, please do. It might include books, articles, tech, tips, and cool stuff about cybersecurity.
Enjoy!
What’s Happening
?????2023 National Cybersecurity Strategy
Today, the Biden administration released its plan to strengthen the country's cybersecurity. The plan includes laws that hold companies responsible for selling software and services that do not prioritize security. The White House's new national cybersecurity strategy also involves more active participation by cloud providers and the U.S. military in disrupting cybercriminal infrastructure. Additionally, it identifies China as the largest cyber threat to U.S. interests.
The strategy relies on five pillars:
Read the full document here , or start with the fact sheet .
?????Chinese hackers using a new evasive backdoor
The Chinese cyber espionage hacking group Mustang Panda was noticed deploying a new custom backdoor named 'MQsTTang' in attacks starting this year.
Mustang Panda is an advanced persistent threat (APT) group that is known to use customized versions of the PlugX malware to steal data from organizations all over the world. The threat actors are also known as TA416 and Bronze President.
The new MQsTTang backdoor malware from Mustang Panda doesn't seem to be based on any previous malware. This suggests that the hackers probably made it to avoid being found and make it harder to figure out who did it.
ESET's researchers discovered MQsTTang in a campaign that started in January 2023 and is still ongoing. The campaign is aimed at political and government groups in Europe and Asia, especially in Taiwan and Ukraine.
???Billions of IoT Devices Exposed to this TMP Vulnerability
The Trusted Platform Module (TPM) 2.0 reference library specification has been found to contain two major security flaws that could lead to information exposure or privilege escalation.
Quarkslab is credited with identifying and reporting vulnerabilities in November 2022. Where CVE-2023-1017 describes an out-of-bounds write vulnerability, and CVE-2023-1018 describes an out-of-bounds read vulnerability.
"These vulnerabilities can be triggered from user-mode applications by sending malicious commands to a TPM 2.0 whose firmware is based on an affected TCG reference implementation," the Trusted Computing Group (TCG)?said?in an advisory.
TPM is a hardware-based solution (a crypto-processor) that is made to provide secure cryptographic functions and physical security mechanisms that can't be changed.
?? Info Stealer Trojan Identified in Python PyPI
As part of a project to learn more about initial attack vectors other than phishing and exploiting web applications, Kroll's Cyber Threat Intelligence team has made a tool that makes it easier to find and get malicious packages that are added to the Python Package Index (PyPI).
They have discovered several packages with varying degrees of sophistication. The most intriguing package they examined was "Colour-Blind," a malicious package discovered by Kroll. Colour-Blind is a fully featured information stealer and remote access tool (RAT) written in Python. In their research, Kroll presents a detailed analysis of the functionality and an assessment of the skill level of the actors who have created the malware.
???First UEFI Bootkit Malware to Bypass Secure Boot
BlackLotus, a stealthy Unified Extensible Firmware Interface (UEFI) bootkit, is the first known malware that can get around Secure Boot protections. This makes it a powerful threat in the cyber world.
"This bootkit can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled," Slovak cybersecurity company ESET?said?in a report shared with The Hacker News.
UEFI bootkits are installed in the system firmware and give full control over the operating system (OS) boot process. This means that OS-level security mechanisms can be turned off and arbitrary payloads can be run with high privileges during startup.
In a nutshell, BlackLotus takes advantage of a security flaw known as CVE-2022-21894 (also called "Baton Drop") to avoid UEFI Secure Boot protections and set up persistence. The vulnerability was supposedly?addressed?by Microsoft as part of its January 2022 Patch Tuesday update.
?? ???LastPass Suffers a Second Attack
"The threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack," the password management service?said.
In December 2022, LastPass announced a serious data breach that let threat actors get into encrypted password vaults. The company said that it happened because the same adversary launched a second attack on its systems.
The company said that one of its DevOps engineers had their home computer hacked and infected with a keylogger as part of a long-term cyber attack that stole sensitive data from its Amazon AWS cloud storage servers.
From August 12, 2022, to October 26, 2022, this break-in was aimed at the company's infrastructure, its resources, and the aforementioned employee. The original incident, on the other hand, ended on August 12, 2022.
In August, hackers got into the company's development environment through a single employee account that had been hacked. They were able to access source code and technical information that was only available to the company.
LastPass said in December 2022 that the threat actor used the stolen information to get into a cloud-based storage environment and get "certain elements of our customers' information.”
Later that same month, it was found out that the unknown attacker had gotten into a backup of customer vault data that was said to be encrypted with 256-bit AES. It did not divulge how recent the backup was.
Security Bites
?? Tips - ?? Security - Enhance your Security and Reliability using the Well-Architected Framework
The importance of reference architectures in security and reliability
Reference architectures are pre-designed solutions that serve as a guide for building a system. They help reduce complexity and maintain consistency throughout the project. They play a critical role in ensuring that systems are secure and reliable by incorporating best practices from the beginning, preventing costly and time-consuming issues later on.
Reference architectures also help ensure that systems meet specific security and reliability requirements. They are designed to be scalable and flexible, adapting to changing business requirements and technology trends. Overall, reference architectures are a valuable tool for ensuring security and reliability in systems.
领英推荐
Overview of the Cloud Well-Architected-Frameworks
Both Amazon Web Services (AWS) and Microsoft Azure offer a well-architected framework aimed at improving the security, reliability, performance, and cost-effectiveness of cloud-based applications.
The AWS Well-Architected Framework includes five pillars:
Each pillar has a set of best practices and design principles that help ensure that your cloud-based applications are secure, reliable, and performant, while also being cost-effective.
Microsoft Azure's Well-Architected Framework is similar, but with four main pillars:
Azure's framework provides a set of best practices for each pillar, along with a review process that helps ensure that your cloud-based applications are designed according to these principles.
Both frameworks are designed to help you build secure, reliable, and cost-effective applications in the cloud, and they provide a set of best practices and design principles aimed at achieving these goals. By following these frameworks, you can ensure that your applications are designed to be secure, efficient, and cost-effective, while also being able to adapt to changing business requirements and technology trends.
How to use it to enhance your security posture
Many companies ignore or deprioritize best practices like the CIS benchmarks, or the OWASP Top 10. However, this article aims to motivate you to give the well-architected framework a try and improve your security posture.
Let’s use Microsoft Azure in our example. By following the security pillar of the framework, companies can implement a proactive and comprehensive approach to security that can help mitigate the risks of cyber threats. Here are some of the key security best practices that the framework recommends:
Read more about Azure WAF , and AWS WAF here .
My Favorites
??????Books I Recommend Reading ??
3 Time Management Books to Read
"Getting Things Done: The Art of Stress-Free Productivity" by David Allen
This book is a classic guide to managing your time and productivity. It gives you a way to organize your tasks and projects so that you can be more effective and efficient. The author's approach emphasizes the importance of capturing all of your ideas and commitments in a trusted system, and then regularly reviewing and updating that system to ensure that you are on track.
"The 7 Habits of Highly Effective People" by Stephen Covey
This book is a classic that will never go out of style. It has helped millions of people become more productive and effective. The author presents a set of seven habits that can help you become more proactive, focused, and goal-oriented. The habits are designed to help you take control of your life and achieve your personal and professional goals.
"Deep Work: Rules for Focused Success in a Distracted World" by Cal Newport
This book is a modern guide to getting more work done in the age of technology. The author says that you need to be able to focus deeply and get rid of distractions if you want to do good work and reach your goals. He gives a set of real-world tips on how to improve your ability to focus and work more efficiently.
3 books on IoT security that you might find useful:
"Building Secure and Reliable IoT Systems" by Adam Dunkels, Olaf Landsiedel, and Zach Shelby
This book gives an overview of how to build secure Internet of Things (IoT) systems. It talks about encryption, authentication, and secure communication protocols, among other things. It also has case studies of real IoT systems and how security measures were put in place.
"IoT Security: Practical Guide Book" by Dr. Ahmed Banafa
This book is a practical guide to securing IoT systems. It talks about things like risk assessment, device security, and cloud security. It also includes case studies and examples of how to secure specific IoT applications, such as smart homes and industrial IoT.
"Practical IoT Security" by Brian Russell and Drew Van Duren
This book shows how to secure IoT systems in a practical way by talking about things like threat modeling, risk assessment, and vulnerability management. It also has case studies and examples of how to secure certain IoT applications, like medical devices and vehicles that are connected to the internet.
???Podcast - Jocko's 5-Year Plan
Jocko Willink, a retired Navy SEAL commander and author, discusses the importance of developing a 5-year plan to achieve your goals and become a better person in his podcast episode clip titled "Jocko's 5-Year Plan." He explains that having a clear vision of what you want to achieve and breaking it down into smaller, manageable tasks is essential to success. He emphasizes the need to prioritize the most important tasks and to be flexible in adapting to changing circumstances. By setting a course for the future and working diligently towards it, you can achieve your goals and become the best version of yourself.
???Videos - 100+ Computer Science Concepts Explained
Learn the fundamentals of Computer Science with a quick breakdown of jargon that every software engineer should know. Over 100 technical concepts from the CS curriculum are explained to provide a foundation for programmers.
???Videos - Top 50+ AWS Services Explained in 10 Minutes
Amazon Web Services (AWS) is the world's largest and most complex cloud with over 200 unique services. Learn about the top 50 cloud products in just ten minutes.
Quote of the Week
“All men are alike when asleep.” ― Aristotle
If you’re interested in starting a career in cybersecurity, watch this one , and don’t forget to subscribe to my channel and leave a comment if there are any topics you’re interested in seeing in my next video.
Check out my other stuff here .