The not so weekly Cyber is here ! What's new...
This picture has been AI manipulated to fit the forced weird format

The not so weekly Cyber is here ! What's new...

I'm lucky this time, not only you get a newsletter, but it is sponsored by listen.dev !


80% of organizations rely on open source supply chain and CI/CD while working on innovative solutions (source listen.dev ), yet, these new projects do come with security challenges.

? Open source supply chain attacks have increased rapidly in the past decade and becomes a growing challenge for organizations.

?? While attackers previously targeted run times and deployment, new attack vectors are emerging on CI and build time. This is where identifying efficient solutions make a difference, this is where listen.dev brings you the needed tools to ensure that your development environment security is properly watched.

There is a difference between vulnerable and malicious, vulnerable means there is a possibility and risk to be exploited, malicious means an active harmful attack. Static monitoring is not enough, there needs to be proactive behavioral monitoring of the open-source supply chain.

? Are you delivering product leading to liability risks ? Have you taken all the actions you could to avoid negligence on the security side ? Github actions is an important tool for CI.

Listen.dev is a proactive and dynamic tool which monitors your github actions workflows.


While you are now fully aware of the fact that you can secure your continuous integration pipeline, let's see what's fresh in the news, for companies that may not have done all they could in regards to security, and other vulnerabilities !

1 - Oil and gas giant Halliburton has confirmed in a filing today to the Securities and Exchange Commission (SEC) that data was stolen in the recent attack linked to the RansomHub ransomware gang. Business impact has been significant.


2 - If using a Zyxel router, make sure it's patched - Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)


3 - Transport for London is dealing with a cyber security incident - I always tell you, wireless is weak, well, let's look at this : "Transport for London has set the contactless sign in link to Maintenance mode" as they "have a genuine internal security incident running and are reverting to paper processes". Can't hack paper, not connected, not hacked.

Philosophical side note : today, we still discover old historical manuscripts on paper from centuries, if not thousands years, teaching us some things about history. What is sure, is that non of the information in the tech world and computer of today, will be found in the future. Historians for thousand years ahead may still find middle age notes, but absolute none of all this digital stuff....we are deleting ourselves by digitally transforming in this fog-ware. Thankfully, for now, we still print books...maybe some of these will be found in the future.


4 - Hopefully you keep your stuff patched - Critical Atlassian Vulnerability Exploited To Connect Servers In Mining Networks - It's a CVE score 10, so, that's a wide open door.


5 - How to make your OS more vulnerable ? Install Microsoft tools ! New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access


6 - Ahhh the cloud, I mean, you can't make this up : A third of organizations suffered a SaaS data breach this year


7 - Failing your criminal attempt is worse than failing at your job ! Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt


8 - Throwing away any electronic should be done with a strong hammering if you care about your privacy and data - Video Baby Monitor Repair Uncovers Private Data


9 - All this connected stuff is just evilly spying on you - Cox Media Group To Listen To Users Devices For Ad Targeting


That's about it for today !

Readers, again, don't forget to visit my sponsor for today's newsletter, which is listen.dev ! Have a look, see what they do ! This is helping me as well.

Have a great day all ! till next time !

Jan B.

Beta-tester at Parrot Security* Polymath*

2 个月
回复
Katalin Kish

★ I create value by turning complex info into actionable insights using technology & Maths. MBA, Global E-Commerce Champion

2 个月

10 - Since Australia is part of #AUKUS, the #FiveEyes, the #Quad, etc. I need to add this item about contactless extortion: Australia's criminal heavyweights like #MickGATTO continue showing off their technology capabilities terrorising in our own homes remotely those, who cannot be tricked, bribed or coerced with face-to-face physical violence into aiding crime. My last forced warcrime event in the home I have owned since 2001 in a leafy Melbourne suburb today, around 6am (4. Sept. 2024). Victoria Police, Australian Federal Police, Australian Signals Directorate, Defence Australia & other Australian Government insiders have been using Defense Advanced Research Projects Agency (DARPA), National Security Agency, NSO Group, Central Intelligence Agency-grade technology to aid organised crime likely for decades. We have no functional law-enforcement. My experience with remotely induced physical harm capabilities started in 2019, when I declared self-representation as Victoria Police forced me to fight at court in an admitted silencing attempt - I am a public servant witness to crimes punishable by 10 years in jail. Some of my experience shared here: https://www.dhirubhai.net/pulse/contactless-extortion-australia-katalin-kish-upqyc/

Aaron Lax

Info Systems Coordinator, Technologist and Futurist, Thinkers360 Thought Leader and CSI Group Founder. Manage The Intelligence Community and The Dept of Homeland Security LinkedIn Groups. Advisor

2 个月

You content as always highlights the needs we have in so many areas, thanks as always my friend for your newsletters and posts Alexandre BLANC Cyber Security

要查看或添加评论,请登录

社区洞察

其他会员也浏览了