Patching the patched patch did not obviously fix the issue, let's patch

This week we've seen patches over patches to patch patched patch that did not patch. Yes I'm quite exhausted this week, long week, spent parts of my nights on incidents response...

Maybe if we put everything in the cloud.... wait, what ? nah, doesn't fix it, 2 incidents involved cloud breaches.... seems like cloud or not, you need to do it right anyway, but in one case, there is no privacy.... guess where ?

This week in 50 points :

1 - Public print server of Internet allows any non admin user to install the printer, and grand system admin rights to attacker.... You understand that a simple script could achieve this on any Windows machine with an internet access, brilliant - Remote print server gives anyone Windows admin privileges on a PC , I let you just imagine how easy it is to take over a system with this.

2 - Solarwinds criminal hackers hacked cloud back end, critical systems, but as time goes, we learn that the list of victim grows (that said they corrupted cloud backends, so technically it's almost all cloud customers) - DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices - put all your eggs in the same basket, it's safe they said, and they staved to death :D

3 - Node.js deserved a patch, because a bug allowed to crash any system running it - Node.js fixes severe HTTP bug that could let attackers crash apps

4 - Devops just pull tons of crap from internet in their projects, no due diligence, not validation of any kind, no wonder why supply chain risk grow crazy - Empty npm package '-' has over 700,000 downloads — here's why , very smart typo squatting exploits, pretty sure tons of these exist.

5 - Attack surface management, risk register, risk assessment ? New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits , do you know immediately how many systems are at risk ? And have you protected them with Cynet managed by VARS Corporation ? If not this is definitely a move that may help you a lot !

6 - Security by design for industrial control systems (ICS) should be a standard now - Secure PLC Coding Practices – Sarah Fluchs & Vivek Ponnada | Episode #64

7 - Supply chain attack are as attractive as cloud attacks, 1 corruption, millions of victims - Supply Chain Cyber Attacks Expected to Quadruple, Says EU Agency

8 - Cloud PC for rent, give away everything you have, pay now, pay tomorrow, pay forever and always more, to get you data mined, sold, stolen, abused, and maybe have access to it, IF you internet connection works, an amazing revolution - Microsoft's Windows 365 Cloud PC service is live - Costs from $24 to $162 , I really thought it was a joke, because you could already have VMs in the cloud, RDP service broker and all, but they managed to repackage the same stuff, for the 1734 time, and call it "Cloud PC" now, bye bye privacy, bye bye ownership, hello data mining (not by you, and not for you, you shut up, obey and pay)

9 - Alternative PetitPotam fix - Using netsh, smart, non invasive, good solution - Windows PetitPotam attacks can be blocked using new method, I would have called it "petitpopotame" but that just a matter of french taste :D And real cybersecurity company released a patch after !

10 - OSINT paradise against windows ! A list of vulnerabilities or design flaws #Microsoft does not intend to fix!

11 - You relay on unsafe BGP to access your cloud, to unsafe Internet Service Providers, and you may even not encrypt data before it reaches cloud....doomed - Chinese Hackers Target Major Southeast Asian Telecom Companies , not connecting the dots ? Don't worry, time will come

12 - This is so #clowd ! 92% of pharmaceutical companies have at least one exposed database

13 - You have #APIS everywhere, each program talking to another program use #API (application programmable interface), the cloud is full of them - How to stop your exposed API business logic from being breached

14 - RansomEXX is extremely active lately, I hope you have proper defence in place ! RansomEXX ransomware hits Italy's Lazio region, affects COVID-19 site

15 - Using the cloud to spread and infect, spreading more malwares - Raccoon Stealer Bundles Malware, Propagates Via Google SEO

16 - Attackers were in your networks since 2017 ! ‘DeadRinger’ Targeted Exchange Servers Long Before Discovery - You are hacked, you just don't know it yet, connected = hacked. Are you going to take things seriously ? Time to speak to your MSSP, or me, I'll put you in touch at work. Can help (yes, selling you solutions, but not stealing your data, better than cloud !).

17 - Never pay a ransom, do not finance cyber terrorists ! After refusing to pay ransom, hospital does one thing to continue activities

18 - Aside of the cloud architecture issues, and obvious confidentiality issues, there is a lot of work to be done just at the customer configuration level - 44% of cloud privileges are misconfigured, warns Varonis , each time an organization collect your personal data and place it in the cloud, you know it will leak and your identity will be at risk as criminals will impersonate you. Cloud is crime paradise !

19 - Seems they fixed it recently, but - New Cobalt Strike bugs allow takedown of attackers’ servers

20 - Zombies, we serve technology and big tech, not the other way around - We COVID-Clicked on Garbage, Report Finds: Podcast

21 - Manual patching and/or network segmentation are mandatory ! Vulnerable TCP/IP stack is used by almost 200 device vendors, do you know if your "smart" (lol) thermostat has been fixed ? or it's still a backdoor in your network....

22 - China is all over the place - Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus

23 - Been on many incident response lately involving O365 full take over because global admins felt for the phish - A clever phishing campaign is targeting Office 365 users - MFA and enforced security anyone ? The cloud is dangerous by design and you must work hard to reduce the likelihood of an incident on it, it's expensive, complex, but you must do it.

24 - Anything can be a risk, but no risk is as big as the cloud except the cloud itself - AWS S3 can be a security risk for your business, And Chris will tell me "you are fear mongering, you monster of lies...", but no, no lies, and not even me writing this very accurate articles :D So even if I agree, I'm not alone :D

25 - it can happen ! It's called security architecture and it doesn't exist in the #clowd ! Moving toward a reality where breaches are not a given

26 - This is a very interesting take, and sum it up pretty well. An unbiased pragmatic sponsored article, taking things as they are. Cloud security: It’s exactly the same, only different, please cloud customers, do it right, STOP leaking end user data and ruining people's life with your crappy technology. Do it right, or don't do it.

27 - CISCO patch time, over and over - Cisco fixes critical, high severity pre-auth flaws in VPN routers

28 - Long overdue - Windows admins now can block external devices via layered Group Policy

29 - LockBit 2.0 promises millions of dollars to insiders.... given employees are statistically willing to sell their creds for $100, that's a much better deal - LockBit ransomware recruiting insiders to breach corporate networks, but then, when they don't pay you back, as it happened with another criminal organization, and your job is gone....and you end up in jail...oopsie

30 - Always poison the data, otherwise big tech poison your life ! Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts.

31 - Proper incident response plan and preparation do reduce the impact of such incident - Energy group ERG reports minor disruptions after ransomware attack

32 - This amazing video about how the cloud works is 3 years old and still 100% relevant ! I shared it back then, but well, it seems that it deserves to be reminded. (Chris H. complaining again stating that I'm an anti cloud extremist, no Chris, I'm a privacy focused guy who's digital identity leaked so many times by huge orgs in creepy cloud, that I decided to no longer accept lies, and push for more privacy and security, we share the same goal, we just use different approaches :) )

33 - The cloud even leaks employees as well - Organizations Still Struggle to Hire & Retain Infosec Employees: Report - Security leaders are challenged to fill application security and cloud computing jobs in particular, survey data shows

34 - Microsoft patch did not fix the security issue, so #cybersecurity people released an actual fix - New Windows PrintNightmare zero-days get free unofficial patch

35 - Another security patch that patch nothing - Researchers show how to circumvent Microsoft’s Windows Hello biometric authentication using a spoofed USB camera.

36 - Self destructing message is one of the biggest technology deception ever. Screenshot anyone ? oh blocked screenshot ? second cell and take picture of the screen.... or got MDM that record screen for corporate. Telegram for Mac bug lets you save self-destructing messages forever.

37 - The golden egg chicken would not be left alone for too long - New Haron Ransomware Bears Striking Resemblance To Avaddon

38 - it's raining security vulnerabilities in the OT world lately ! Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks

39 - Assuming you did your risk assessment and you accepted to give away all privacy to Microsoft. This guide bring somehow an enablement guide for Microsoft security tools in windows 10. Windows 10 Hardening: 19 Ways to Secure Your Workstations.

40 - Let's see where this is leading, and what will be the measurable results, I said measurable, not miserable ! My French accent I know - CISA teams up with Microsoft, Google, Amazon to fight ransomware

41 - Apple is done with privacy, Apple backdoored services - Apple's Plan to "Think Different" About Encryption Opens a Backdoor to Your Private Life

42 - Technology is the art of deception - New DNS vulnerability allows 'nation-state level spying' on companies

43 - Insider threat is also an issue with criminal networks, except that consequences might be more lethal for the traitor. Angry Conti ransomware affiliate leaks gang's attack playbook

44 - More and more moving toward hypervisors and cloud underlaying systems, I wonder if we'll reach a point where the back end of one of the big tech cloud ends encrypted. Linux version of BlackMatter ransomware targets VMware ESXi servers.

45 - They should call it the trojan eBook reader - New Amazon Kindle Bug Could've Let Attackers Hijack Your eBook Reader

46 - There is a trend with patches that do not patch lol - Patch bypass flaw in Pulse Secure VPNs can lead to total compromise (CVE-2021-22937)

47 - it's VMware patche time ! VMware Issues Patches to Fix Critical Bugs Affecting Multiple Products

48 - Despite the wrongly optimistic end of the article, answer is NO - Can the public cloud become confidential? , and funnily, right after on the same topic : Researchers Call for 'CVE' Approach for Cloud Vulnerabilities - New research suggests isolation among cloud customer accounts may not be a given (The cloud is a joke, sorry Chris).

49 - Going after the big names, who are partners with top ones, and possibly have very sensitive information - Computer hardware giant GIGABYTE hit by RansomEXX ransomware

50 - CISCO patched (actually, is about to patch) another backdoor - Cisco: Firewall manager RCE bug is a zero-day, patch incoming

Round number, yay ! 50 bullets ! Have a good weekend all, I'm exhausted ! Tough week.

See you soon !