Afleveringen
-
Important Microsoft patch coming soon so make sure to patch your systems soon
-
A short form version of the main stories of the week
-
Zijn er afleveringen die ontbreken?
-
Jorge and Neema do Kaseya and we talk ICloud Max Max baby!
-
Neema and Jorge pretend it's may. Jorge edits audio for the first time.
- Ransomware trends ~ 4:30
- WhatsApp for criminals ~15:00 (because WhatsApp wasn't bad enough..)
- Jorge babbles about privacy, Neema is a total trooper about it. ~ 22:10
- SITA data breach. Neema calls Xi the W word. ~ 37:45
- Android Security and the Google IO presentation ~ 43:20
- BSC! ~ 1:21:00Topic Links
https://thehackernews.com/2021/06/emerging-ransomware-targets-dozens-of.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29
https://nymag.com/intelligencer/2021/06/fbi-snooped-on-criminals-using-encrypted-messaging-app.html
https://threatpost.com/supply-chain-attack-airlines-state-actor/166842/
Android stuff Links
Android & RUST - https://security.googleblog.com/2021/05/integrating-rust-into-android-open.html
Android Ready SE
- https://security.googleblog.com/2021/03/announcing-android-ready-se-alliance.html
- https://source.android.com/compatibility/9/android-9-cdd.pdf?hl=svIOXT Alliance
https://www.ioxtalliance.org/
BSC Links
https://nickjanetakis.com/blog/best-practices-around-production-ready-web-apps-with-docker-composehttps://github.com/dineshsonachalam/Lucid-Dynamodb
https://github.com/muc-dev/linked
https://github.com/ProtonMail/WebClient/issues/242
https://www.indiegogo.com/projects/paperd-ink--2#/
https://www.infoq.com/news/2021/05/grain-web-assembly-first/
https://github.com/google/zx
-
Jorge is away on holiday and Neema steers the cyber ship!
Stories:
https://www.computerweekly.com/news/252501665/Exagrid-pays-26m-to-Conti-ransomware-attackers
https://www.computerweekly.com/news/252501665/Exagrid-pays-26m-to-Conti-ransomware-attackers
https://www.securityweek.com/kenyan-arrested-qatar-first-targeted-phishing-attack?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+securityweek+%28SecurityWeek+RSS+Feed%29
https://techcrunch.com/2021/06/02/stack-overflow-acquired-by-prosus-for-a-reported-1-8-billion/
-
Jorge and Neema blasting cyber security to ashes
Stories:
https://japantoday.com/category/crime/people-in-japan-can-now-earn-%C2%A510-000-bounties-for-scamming-scammers
https://www.zdnet.com/article/colonial-pipeline-ransomware-attack-everything-you-need-to-know/
https://www.pcmag.com/news/darkside-ransomware-group-loses-server-access-after-us-moves-to-disrupt
https://www.flurry.com/blog/ios-14-5-opt-in-rate-att-restricted-app-tracking-transparency-worldwide-us-daily-latest-update/
https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/
https://blog.ethereum.org/2021/05/18/country-power-no-more/
https://blog.1password.com/welcoming-linux-to-the-1password-family/
-
Jorge and Neema doing their Cyber thang
Stories:
https://www.bleepingcomputer.com/news/security/hashicorp-is-the-latest-victim-of-codecov-supply-chain-attack/amp/
https://www.securemac.com/news/facebook-finds-new-ios-spyware-phenakite
https://www.eff.org/press/releases/eff-and-aclu-ask-supreme-court-review-case-against-warrantless-searches-international
https://www.unibw.de/patch/papers/usenixsecurity20-wasm.pdf
https://www.cnbc.com/2021/04/30/eu-says-apples-app-store-breaches-competition-rules.html
-
Jorge and Neema spice things up with some Dual Core luvin!
Stories:
https://www.securityweek.com/us-expels-russian-diplomats-imposes-new-round-sanctions?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
https://threatpost.com/attackers-target-proxylogon-cryptojacker/165418/1
https://techcrunch.com/2021/04/13/fbi-launches-operation-to-remotely-remove-microsoft-exchange-server-backdoors/
https://www.theregister.com/2021/04/21/signal_cellebrite/
Useful links
https://www.apple.com/privacy/docs/A_Day_in_the_Life_of_Your_Data.pdf
https://github.com/WICG/floc/issues/100
https://techcrunch.com/2021/04/13/fortnite-maker-epic-completes-1b-funding-round
-
Just when you thought we were gone ..... Jorge and Neema return with a BANG!
Defenders perspective on Azure!
Useful links:
https://threatpost.com/cna-hit-novel-ransomware/165044/
https://adsecurity.org/?p=4277
https://dirkjanm.io/
https://www.pentestpartners.com/security-blog/azure-ad-attack-of-the-default-config/
-
Jorge and Neema hitchhike the open plains of cyber security!
News stories
https://gizmodo.com/this-mom-allegedly-created-deepfakes-to-bully-her-daugh-1846471615
https://thehackernews.com/2021/03/google-to-reveals-what-personal-data.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29
https://www.zdnet.com/article/apple-developers-targeted-by-new-malware-eggshell-backdoor/
https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a
https://www.zdnet.com/article/google-cloud-here-are-the-six-best-vulnerabilities-security-researchers-found-last-year/
https://www.nytimes.com/interactive/2021/03/18/magazine/facial-recognition-clearview-ai.html
Bitsized chuncks
https://slack.engineering/migrating-millions-of-concurrent-websockets-to-envoy/
https://www.learnlatex.org/en/
https://www.audacityteam.org/audacity-3-0-0-released/
https://symflower.com/en/company/blog/2021/git-autofixup/
https://lwn.net/SubscriberLink/849125/c4422a7c318a5a17/
-
Neema ans Jorge blow up the complex world of Cyber Security!
Stories:
https://www.zdnet.com/article/this-malware-was-written-in-an-unusual-programming-language-to-stop-it-from-being-detected/
https://www.wired.com/story/privacy-first-browser-brave-launching-search-engine/
https://www.infosecurity-magazine.com/news/ransomware-paralyzes-spanish/
https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware
-
Jorge and Neema ride the wavelength of Cyber. Spoiler: It was too big to handle!
Stories
https://krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/
https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/
https://thehackernews.com/2021/03/why-do-companies-fail-to-stop-breaches.html
https://www.macrumors.com/2021/03/04/eu-prepares-to-charge-apple-in-spotify-dispute/
https://www.gov.uk/government/news/cma-investigates-apple-over-suspected-anti-competitive-behaviour
https://www.reuters.com/article/us-eu-apple-epic-games-antitrust/epic-games-takes-apple-fight-to-eu-antitrust-regulators-idUSKBN2AH0MO
https://www.coindesk.com/amazon-digital-currency-mexico
MS exchange bug
Hunting recommendations
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log
https://github.com/microsoft/CSS-Exchange/tree/main/Security
NSE script to test your instance
https://github.com/microsoft/CSS-Exchange/blob/main/Security/http-vuln-cve2021-26855.nse
Mitigations
https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/
-
Jorge and Neema take a stroll through the lush medows of Cyber security!
Show links:
https://developer.amazon.com/en-US/docs/alexa/custom-skills/security-testing-for-an-alexa-skill.html#
https://www.forbes.com/sites/tonyewing/2020/12/06/stop-using-alexa-and-google-assistant-while-working-until-you-change-these-settings/
https://www.forbes.com/sites/thomasbrewster/2021/02/25/exclusive-hackers-break-into-biochemical-systems-at-oxford-uni-lab-studying-covid-19/?sh=246ebaa42a39
https://taler.net/en/features.html
https://www.sec.gov/Archives/edgar/data/1582961/000119312521055798/d898181ds1.htm
https://frame.work/blog/introducing-the-framework-laptop
https://securityandtechnology.org/blog/a-broad-coalition-for-decisive-action-on-ransomware/
https://www.bleepingcomputer.com/news/security/nsa-microsoft-promote-a-zero-trust-approach-to-cybersecurity/
https://alistapart.com/article/the-future-of-web-software-is-html-over-websockets/
https://arstechnica.com/information-technology/2021/02/ukraine-says-russia-hacked-its-document-portal-and-planted-malicious-files/
-
Stories:
https://www.securityweek.com/many-solarwinds-customers-failed-secure-systems-following-hack?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
https://www.zdnet.com/article/malvertiser-abused-webkit-zero-day-to-redirect-ios-macos-users-to-shady-sites/#ftag=RSSbaffb68
https://www.bloomberg.com/features/2021-supermicro/
https://www.zdnet.com/article/fastest-vpn-how-we-rated-the-top-services/
https://www.zdnet.com/article/more-bosses-are-using-software-to-monitor-remote-workers-not-everyone-is-happy-about-it/
Useful links:
Confiant blog
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
https://core.ac.uk/download/pdf/194998579.pdf
SuperMicro statement
https://assets.bwbx.io/documents/users/iqjWHBFdfxIU/rCS24lsHxSes/v0
-
Neema and Jorge sky dive into the cyber stories of the week!
Stories:
https://threatpost.com/fake-forcepoint-google-chrome-extension-hacks/163728/
https://thehackernews.com/2021/02/researchers-reveal-how-iran-spies-on.html
https://www.securityweek.com/hack-exposes-vulnerability-cash-strapped-us-water-plants?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
https://www.bleepingcomputer.com/news/security/researcher-hacks-over-35-tech-firms-in-novel-supply-chain-attack/
https://mashable.com/article/smartphone-health-app-data-police/?europe=true&utm_source=social&utm_medium=instagram&utm_campaign=mash-com-inst-link&utm_content=later-14423192
Useful links:
https://developer.apple.com/app-store/review/guidelines/#unacceptable - Apples app store policies
https://developer.chrome.com/docs/webstore/program_policies/ - Google app store
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 - Alex birsan article
-
Jorge rides the cyber train and Neema wings it on his hand glider!
Stories:
https://www.zdnet.com/article/google-kills-the-great-suspender-heres-what-you-should-do-next/
https://www.theverge.com/tldr/2021/2/5/22268646/german-police-bitcoin-digital-wallet-missing-password
https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html
https://techxplore.com/news/2021-02-google-diet-cookies-track-users.html
https://www.netscout.com/blog/asert/plex-media-ssdp-pmssdp-reflectionamplification-ddos-attack
Useful link:
https://tldrlegal.com - Breaks down EULAs in an easy to digest manner
-
Neema and Jorge ride the cyber train!
Stories:
https://www.bbc.com/news/technology-55826258https://threatpost.com/rocke-groups-malware-now-has-worm-capabilities/163463/
https://www.infosecurity-magazine.com/news/us-launches-global-action-against/
https://webtransparency.cs.princeton.edu/dark-patterns/
https://www.rfc-editor.org/rfc/rfc8959.txt
https://www.theatlantic.com/ideas/archive/2021/01/why-everybody-obsessed-gamestop/617857/
https://webtransparency.cs.princeton.edu/dark-patterns/
https://www.washingtonpost.com/technology/2021/01/29/apple-privacy-nutrition-label/
-
Neema and Jorge dive in!
Stories:
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
https://www.zdnet.com/article/rogue-cctv-technician-spied-on-hundreds-of-customers-during-intimate-moments/
https://arstechnica.com/tech-policy/2021/01/this-site-posted-every-face-from-parlers-capitol-hill-insurrection-videos/
https://www.securityweek.com/sonicwall-says-internal-systems-targeted-hackers-exploiting-zero-day-flaws?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
-
Neema and Jorge do what they love!
Stories:
https://securityaffairs.co/wordpress/113446/security/cisco-rv-routers-eol.html?utm_source=rss&utm_medium=rss&utm_campaign=cisco-rv-routers-eol
https://securityaffairs.co/wordpress/113332/deep-web/dark-web-darkmarket-seized.html
Defenders perspective: BEC (Business Email compromise)
https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec)
Defense Milestones
Containment
Determining the type of compromise and targets
Acquiring exports of affected local inboxes
Establishing the messaging timeline and techniques
Compromised local accounts?
Reset email password
Reset SaaS solution passwords using the compromised inboxes
Pull account AAA log (30 days before and after reported window)
Suspicion of a compromised foreign account?
Notify any other local stakeholders interacting with the account
Disclose to third party through relationship manager
Pull email flow log (30 days before and after reported window)
Pull original headers from email security gateway if header modification is done
Review the technical markers of the attack
(if typosquatting) Obtain the historic information about the domain
Domain whois (if possible)
Domain DNS history
Spam lists
(if attachments)
Review attachment metadata
Derive technique employed to impersonate legitimate documentation (good indicator of attack sophistication)
Email headers are very helpful, leaking
Technology stack employed for email
Journey of the email
Insight into the spam scoring
Look for skews in language correlating the email to a certain nationality
Some nationalities are more common than others. Most nationalities make the same mistakes.
Gather maximum intel from ongoing conversations with actor under approval and supervision
Put in place side-channel verification (verification phone call, or otherwise double-confirmation on a channel unlikely to be compromised) for all transactions over xyz value
Incorporate your DPO team, follow any triage & regulatory notification process applicable as counselled by them
Establishing loss and recovery potential, factor in Insurance!Eradication
Incorporate your legal and third party management teams, ensure the provisions present in the contract in case of data breaches are honored
Suspicion of a compromised foreign account?
Re-establish trusted inboxes on their side. Receive attestations as determined in contractRecovery & Lessons Learnt
Is email being used as a duck-taping mechanism out of technical debt?
FIX. IT. It will not get any cheaper
Prescribe standard awareness materials to the business analysts of the relevant type, ensure coverage across your colleague-base
Ensure the first-line business analysts/operators are able to easily report future attempts
Gather the technical fingerprint of the attack in standard format (STIX, YARA, etc..) along with the fraud-use case. Share a redacted version with your intel partners and providers.
-
Neema and Jorge jump into the cyber stories of the week
Stories:
https://threatpost.com/google-warns-of-critical-android-remote-code-execution-bug/162756/
https://arstechnica.com/tech-policy/2021/01/whatsapp-users-must-share-their-data-with-facebook-or-stop-using-the-app/
https://wccftech.com/facebook-publishes-newspaper-ads-to-criticize-apples-ios-14-privacy-updates/
Additional Notes:
BT issue fixed as implemented in open AOSP based projects:
https://github.com/search?p=2&q=5d37d17af57c70d7faa459b92e5b1a758a5a8adb&type=Commits
Specifics on the BT PDU that could be abused "RegisterNotification"
https://www.bluetooth.org/docman/handlers/DownloadDoc.ashx?doc_id=309020
LibExif CVE impacting android media framework:
https://bugzilla.suse.com/show_bug.cgi?id=1055857
Makernote:
https://en.wikipedia.org/wiki/Exif#MakerNote_data
LibExif Bug report:
https://bugzilla.suse.com/show_bug.cgi?id=1055857
AppTrackingTransparency:
https://developer.apple.com/app-store/user-privacy-and-data-use/
Facebook´s advisory on iOS 14:
https://www.facebook.com/business/help/331612538028890?id=428636648170202
- Laat meer zien
