Cybersecurity ???And Much More Newsletter ?? Vol. 3 Num. 16

Greetings, friends. ??

???Welcome to my newsletter, if you are not yet subscribed, please do ??. It might include books??, articles ??, tech ??, tips??, and cool stuff about cybersecurity ??.

Enjoy!

What’s Happening

???CISA Added Four New Vulnerabilities to KEV Catalog

CISA has recently identified four new vulnerabilities in its Known Exploited Vulnerability (KEV) catalog: a privilege elevation issue in Android Framework, an insecure deserialization vulnerability in Novi Survey, a type confusion vulnerability in the Google Chromium V8 Engine, and a use-after-free vulnerability in macOS. The mitigation deadlines for these vulnerabilities are in early May, and FCEB agencies should take prompt action to address them.

Read more.

???No Extraterrestrial APT yet, but Space Systems are Critical Infrastructure

According to a recent report from CSC 2.0, which is the successor to the Cyberspace Solarium Commission, the national security implications of the space race now include not just weapons systems, but also the security of critical infrastructure. This infrastructure relies heavily on global positioning satellites, remote imagery, and advanced communication. CSC 2.0 recommends that space systems be considered critical infrastructure to reflect their importance.

Read more.

???Kubernetes RBAC Exploited for Crypto Mining

A recent attack campaign discovered in the wild has been effectively exploiting the security weaknesses in Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency miners.

According to a report by cloud security firm Aqua, the attackers carried out their plan by deploying DaemonSets to take over and hijack resources of the K8s clusters they attacked. The security company, which named the attack RBAC Buster, identified 60 exposed K8s clusters that were exploited by the threat actor behind this campaign.

The attack started with the attacker gaining initial access via a misconfigured API server, then checking for signs of competing miner malware on the compromised server, and finally using RBAC to establish persistence.

Read more.

???US Dept. of Health and Human Services Publishes Cybersecurity Resources

The US Department of Health and Human Services (HHS) 405(d) Program and the Health Sector Coordinating Council Cybersecurity Working Group (HSCC CWG) have recently released several valuable resources to assist healthcare organizations in addressing cybersecurity concerns. These resources include the 2023 edition of the Health Industry Cybersecurity Practices (HICP), Knowledge on Demand, an online educational platform that offers free healthcare-focused cybersecurity awareness training, and a comprehensive report on the Hospital Cyber Resiliency Initiative Landscape Analysis. With these resources, healthcare organizations can confidently take steps to enhance their cybersecurity posture and protect their valuable information assets.

Read more.

???Cisco and VMware Patching some Critical Vulnerabilities

Cisco and VMware have taken swift action to address critical security flaws in their products, which could have potentially been exploited by malicious actors to execute arbitrary code on affected systems.

The most severe vulnerability, a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), has been resolved. The vulnerability was found to reside in the web UI component and arose as a result of improper input validation when uploading a Device Pack.

"A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of an affected device," Cisco said in an advisory released on April 19, 2023.

Furthermore, Cisco has resolved a medium-severity file permissions vulnerability in the same product (CVE-2023-20039, CVSS score: 5.5) that an authenticated, local attacker, could exploit to view sensitive information.

Read more.

???? ♂??Microsoft Contributing to the Shutdown of Israeli Spyware Company

QuaDream, an Israeli spyware company, is shutting down operations after Citizen Lab and Microsoft released reports detailing the company’s tools and victims. The company's spyware “framework” was allegedly used to target dissidents, NGO workers, and journalists in North America, Asia, Europe, and the Middle East. The swift shutdown of QuaDream's operations suggests that the company recognizes the gravity of the situation and the strength of the evidence against it.

Read more.

???Google Releases Emergency Fix for Chrome Zero-day

Google has proactively released a critical update for its Chrome desktop browser to address a vulnerability that is currently being exploited. The vulnerability is related to a type confusion in the Chrome V8 JavaScript engine, which may provide a potential avenue for a remote attacker to exploit heap corruption via a crafted HTML page.

Read more.

Security Tips

???????Telco Security - Let’s Discover the 5G Security Architecture (Part-01)

Before we deep dive into the 5G security features, it is important to understand the high level security architecture. The 5G Security Architecture comprises six domains, each of which serves as a set of security features. These domains can be summarized as follows:

• Network access security (I): This set of security features allows a UE to safely authenticate and access services via the network, including 3GPP access and Non-3GPP access, and provides protection against attacks on the (radio) interfaces. It also includes the secure delivery of security context from SN to AN for access security.
• Network domain security (II): This set of security features ensures the secure exchange of signalling data and user plane data between network nodes.
• User domain security (III): This set of security features secures user access to mobile equipment.
• Application domain security (IV): This set of security features allows for secure message exchange between applications in the user domain and the provider domain. Note that application domain security is beyond the scope of the present document.
• SBA domain security (V): This set of security features enables secure communication within the serving network domain and with other network domains for network functions of the SBA architecture. This includes security aspects for network function registration, discovery, and authorization, as well as the protection of service-based interfaces.
• Visibility and configurability of security (VI): This set of features enables users to stay informed about whether a security feature is in operation or not.

Note: 5G Service-Based Architecture (SBA) is built on web technology and web protocols to enable flexible and scalable deployments using virtualization and container technologies and cloud-based processing platforms. To protect the SBA, 3GPP TS 33.501 introduces a new security domain for 5G SBA domain security composed of a set of security features that include: Network function registration, discovery, and authorization security aspects; Authentication (TLS 1.2 or 1.3), authorization (OAuth 2.0), and encryption (TLS 1.2 or 1.3) of API calls between the 5G NFs. Read more.

????? The Problem of Bias in Cybersecurity

Bias is a major issue in the cybersecurity business. Cybersecurity professionals' approaches to security are frequently prejudiced, which can result in inefficient security measures and a failure to protect against specific sorts of threats.

• One main type of bias in cybersecurity is an over-reliance on external threats such as hackers and viruses. While external dangers must be addressed, they might obscure internal threats such as employee negligence, which can be equally detrimental.
• Another type of bias is the inclination to over-rely on technology to solve security issues. While technology might be beneficial, it is not a panacea and can introduce new security risks.
• In the cybersecurity industry, elitism is also a significant concern. There is a common misconception that only those with technical backgrounds or computer science degrees can prosper in the sector. This can result in a lack of workforce diversity, as well as a lack of creativity and new viewpoints. It's critical to understand that cybersecurity is a multifaceted field that necessitates a diverse set of talents and viewpoints. The sector can better address the complex and evolving threats it faces by embracing diversity and inclusivity.
• Finally, the cybersecurity industry has a gender bias. Women are underrepresented in cybersecurity occupations, and they frequently encounter workplace discrimination and harassment. This might result in a lack of diversity in the sector and a failure to address the distinct security concerns of various communities.

To address these biases, the cybersecurity sector must adopt a more comprehensive approach to security that takes into account all types of threats and vulnerabilities. It must also acknowledge the value of workplace diversity and inclusivity, and endeavor to establish a more equal and supportive environment for all cybersecurity workers.

My Favorites

???Books I Recommend Reading ??

Read ???- 04 Books for the Stoics

• Meditations by Marcus Aurelius: A collection of personal writings by the Roman Emperor Marcus Aurelius that offers a Stoic philosophy on life and leadership.
• Letters from a Stoic by Seneca: A collection of philosophical essays and letters that offer insight into Stoicism and how to live a virtuous life.
• The Discourses by Epictetus: A series of lectures by the Stoic philosopher Epictetus that cover topics such as ethics, personal growth, and the nature of the universe.
• The Obstacle Is the Way by Ryan Holiday: This book offers a modern take on Stoicism, providing practical advice on how to overcome obstacles and turn them into opportunities for growth and success.

Read ???- 05 Python Books for Hackers

• Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz: This book covers a range of topics, from web scraping and network scanning to exploiting vulnerabilities and creating trojans.
• Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers by TJ O'Connor: This book provides practical examples of how to use Python for hacking purposes, including network analysis, password cracking, and forensics.
• Gray Hat Python: Python Programming for Hackers and Reverse Engineers by Justin Seitz: This book focuses on using Python for reverse engineering, including disassembling code, analyzing network protocols, and creating exploits.
• Python for Offensive PenTest: A Practical Guide to Ethical Hacking and Penetration Testing with Python by Hussam Khrais: This book provides a step-by-step guide to using Python for penetration testing, including reconnaissance, vulnerability scanning, and exploitation.
• Python Penetration Testing Cookbook by Rejah Rehim: This book offers a comprehensive set of recipes for using Python to perform penetration testing, including network analysis, web application testing, and wireless network testing.

Podcast ???- Post-Quantum TLS With KEMs Instead of Signatures!

TLS 1.3 has been widely praised as a major upgrade to the Transport Layer Security protocol responsible for securing the majority of Web traffic. But one area in which TLS 1.3 seems to be lacking is its potential for resistance to attacks that utilize quantum computing – computers that, theoretically, could factor the products of large primes and solve the discrete logarithm problem in relatively short periods of time, significantly affecting the security of TLS 1.3.

Listen here.

Watch ?? - Some Hacker-Like Movies for the Weekend

1. The Matrix (1999) - This sci-fi classic features a team of hackers who discover that the world they live in is actually a simulated reality created by machines.
2. Hackers (1995) - A group of young computer enthusiasts in New York City become embroiled in a plot to steal millions of dollars from a corrupt corporation.
3. The Girl with the Dragon Tattoo (2011) - This thriller follows a computer hacker who is hired by a journalist to investigate a decades-old disappearance, leading to a dangerous conspiracy.

Quote of the Week

"The greatest glory in living lies not in never falling, but in rising every time we fall." - Nelson Mandela

If you’re interested in starting a career in cybersecurity, watch this one , and don’t forget to ???***Subscribe to my Youtube Channel *** and leave a comment if there are any topics you’re interested in seeing in my next video.

Check out my other stuff here .

??????Apparently, most of you are not interested in subscribing to my youtube channel , so please let me know why and I will make it valuable to you, I promise ??.