Weekly cyber, with or without covid !

Hi all, this weekly cyber will cover the key points of what happened this week from my standpoint.

Why covid in the title ? because despite multiple vaccines, as many of us, it has been my turn to get the COVID, and really tried to hide in my basement and all (yes I know, except for the trailer thing I spoke about last week, but that was just before...oh wait.... a trailer of covid ? nah...), but anyways it found me, pretty much like a foreign zero day or even all the betraying GPS trackers in my car that track me without consent, or event the NSO group zeroclick phone hijack...or worse, nah, that's enough !

So, getting better, but I guess, we all got it mostly, at this point ! Anyways, let's get back to what matters ! What this week gave us in the cyber field (or information security field as someone told me today on linkedin) :

1 - Speaking about tracking and privacy abuse, we really need to have some deep change in the automotive industry, they are as bad as the cloud big tech, even worse - Class-Action Lawsuit Targets Company that Harvests Location Data from 50 Million Cars - Then in the post comment I added bunch of info about how to destroy the trackers, or try to locate them, not easy at all !

2 - For you cloud primates ! AWS’s latest announcement will accelerate the already explosive growth of APIs (seems to grow as fast as the leaks, or the other way around)

3 - The cloud leak money as well - Beanstalk DeFi platform loses $182 million in flash-load attack (sad, I really think decentralization, the totally opposed to cloud concept, is the future)

4 - A great analysis of PYSA ransomware organized crime group ! Researchers Share In-Depth Analysis of PYSA Ransomware Group

5 - A good resource allowing you to review some key aspects for your cyber maturity strategy - HowTo: Create a Cyber Maturity Strategy

6 - Interesting report by Flare systems, one of the darkweb intelligence system I use for my own work - Securing Your Organization’s Digital Footprint in 2022 and Beyond (yes there is a form to get the document, but information is good)

7 - You have no choice as organizations are attacked, including yours - 76% of Organizations Worldwide Expect to Suffer a Cyberattack This Year

8 - Cool news ! another free decryptor ! Free decryptor released for Yanluowang ransomware victims

9 - Zero click installation means, users are hacked without any interaction - Newly found zero-click iPhone exploit used in NSO spyware attacks

10 - The cloud backup that leaked your crypto ! Criminal hackers steal $655K after picking MetaMask seed from iCloud backup (when you put data in the cloud, it leaks, and when this data is a backup with the key of your crypto wallet, you lose all your money on top of it ! The power of the cloud ! ....icloud ... ilol)

11 - Could you believe that cyber incident and data leak on bank didn't require mandatory disclosure ? Well, thankfully time are changing ! Game-Changing FDIC regulations will make us safer

12 - It's?#Lenovo ?firmware patch time as the?#UEFI ?allow remote code execution AND storage of malware within hardware - Lenovo UEFI firmware driver bugs affect over 100 notebook models

13 - From Lockbit themselves, they tell you how they penetratd 30 more companies from the first one - Company allegedly hacked as reported by LockBit ransomware with details: From the network of this company, we penetrated into about 30 more companies . PART 1.?(that a supply chain attack when your provider is falling for a ransomware, it does remind of the OKTA breach or other MSPs that allowed attacker to make a lateral move in many other organizations)

14 - it's privatebin patch time and not paste time - Cross-Site Scripting (XSS) Vulnerability Found In PrivateBin

15 - QNAP this week gave use a rodeo of security issues, action items and more - QNAP urges customers to disable UPnP port forwarding on routers (see in comments of the post in this link for all the QNAP related info of this week)

16 - 2022, Microsoft finally disable a protocol that allowed to steal identities and auth tokens fairly easily - Microsoft disables SMB1 by default for Windows 11 Home Insiders

17 - Absolutely great article about why we must rethink the cloud security ! Rethinking Cyber-Defense Strategies in the Public-Cloud Age

18 - Have you missed or learned from the following incidents ? Top 5 Cyber Attacks Of Q1 2022

19 - Not only you need efficient solution, but it has to be backed by a skilled team, supported by a SOC to keep you as safe as doable - Most Email Security Approaches Fail to Block Common Threats

20 - It's JAVA patch time ! Critical cryptographic Java security blunder patched – update now ! (this is a serious vulnerability, we didn't get too much noise on it but you can't miss it ! Exploit POCs are already available)

21 - It's SNORT patch time ! As the OT / ICS module working on modbus (analysing register transactions) can be abused to trigger a DoS and therefore halt the monitoring - Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System

22 - Cloud patching automation blindly apply patches allowing to takeover the platform and escape containers :) lol?#clowd - Amazon Web Services fixes container escape in Log4Shell hotfix (they fix the fix that allowed anyone to run command as root )

23 - Cloud threat is growing, a pretty good take - Denonia Malware Shows Evolving Cloud Threats

24 - Supply chain risk assessment - What Do Log4j, Kaseya, Godaddy, And Panasonic All Have In Common? Supply Chain Attacks Damage Revealed

25 - Aside of the obvious OWASP controls, such as input validation for APIs (it means making sure received data falls under acceptable range) and running pentesting over your APIs, you also need to consider security services on top of them - API Gateway vs WAF vs API Security Platform

26 - Everest ransom teams is actively hiring ! (Don't go, these are criminals, but they hire) - Crypto software is working and looking for a new additional targets - This gives you an idea of how well organized they are. Do you want to take a chance ignoring the threat ?

27 - It's?#android ?patch time again ! Critical bug in Android could allow access to users' media files

28 - Speaking about hiring, Human resources and hiring managers are an ideal target for criminal hackers ! Indeed, nothing more easy than pretending to be an applicant and send a payload in a fake CV ! Criminal Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers

29 - The key point not to be a target is being in better posture than the others - Adversaries Look for "Attackability" When Selecting Targets

30 - Unpatched bug requires you to migrate to a fork / alternative solution ! Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails

31 - A cloud delivered security service using the exact same key for all the customers allow admin credentials takeover ! Cisco Umbrella default SSH key allows theft of admin credentials - The cloud is a joke

32 - Where do you stand with your vulnerability management ? Future Trends in Vulnerability: Lessons Learned from 2021’s Top 3 CVEs Vulnerability Remediation

33 - Are you paying your very very very expensive cloud invoice for threat actors to mine crypto crap ?! Docker servers hacked in ongoing cryptomining malware campaign

34 - How the cloud betrays you with fake sense of security ! Into the Breach: Breaking Down 3 SaaS App Attacks in 2022

35 - Great article and reporting here about lapsus$ having stolen T-Mobile source code as well - Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

36 - Atlassian patch time (Jira + confluence) - Atlassian fixes critical Jira authentication bypass vulnerability

37 - Cybersecurity leaders are struggling with a simple question that tends to be difficult to answer with any accuracy: What is the cost of a cyber attack on our organization? Managing Cyber Risk with Cyber Risk Quantification

And that's a wrap ! Wishing you all a good weekend ! As usual, I hope you found some value in these shared resources !

Please leave a comment, share, always appreciated !