In the lead up to October - Cybersecurity Awareness Month! - we're offering everyone a chance to jump on the _secpro train...

For a limited time, get 20% off all subscriptions at the checkout. You can get access to our podcasts, our templates, our security guides, and other _secpro events for a fifth off. And you can cancel anyway. What's there to lose?

Thanks and enjoy!

Snyk is thrilled to announce DevSecCon 2024, Developing AI Trust Oct 8-9, a free virtual summit designed for DevOps, developer and security pros of all levels. Join Roman Lavrik from Deloitte, among many others, and learn some presciptive DevSecOps methods for AI-powered development.

Welcome to another_secpro!

It has been a difficult week world over. That applies to everyone, not just those working in cybersecurity. In the wake of the controversial weaponization of pagers by Israeli forces, maybe now is the time to consider that how the public perception of cybersecurity is going to change in the near future. If nothing else, we might see people who are feeling less secure about hardware simply because of the fact that they know so little about how it works. That means that now is as good a time as any to capitalize on that ignorance and worry to make a step up.

That's why we've put together the news stories, opinion pieces, and practical advice that we think you'll need to start navigating this problem. And instead of boring you with the details, we only invite you to read on!

Cheers!
Austin Miller
Editor-in-Chief

Bruce Schneier -FBI Shuts Down Chinese Botnet: The FBI hasshut down a botnet run by Chinese hackers: "The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations…. The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as of June 2024."

Bruce Schneier - Remotely Exploding Pagers: Schneier's commentary on the latest controversy in the Israeli crisis.

Bruce Schneier - Python Developers Targeted with Malware During Fake Job Interviews: "Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware."

GitHub - SAML authentication bypass via Incorrect XPath selector: Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system.

Google Cloud - An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader: In June 2024,Mandiant Managed Defenseidentified a cyber espionage group suspected to have a North Korea nexus, tracked by Mandiant under UNC2970. Later that month, Mandiant discovered additional phishing lures masquerading as an energy company and as an entity in the aerospace industry to target victims in these verticals.

Huntress - Cracks in the Foundation: Intrusions of FOUNDATION Accounting Software: On September 14, Huntress discovered an emerging threat involvingFOUNDATION Accounting Software, which is commonly used by contractors in the construction industry. Attackers have been observed brute forcing the software at scale, and gaining access simply by using the product’s default credentials. We're seeing active intrusions among plumbing, HVAC, concrete, and similar sub-industries.

Krebs on Security -This Windows PowerShell Phish Has Scary Potential: Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user.

Krebs on Security - Scam ‘Funeral Streaming’ Groups Thrive on Facebook: Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here’s a closer look at the size of this scheme, and some findings about who may be responsible.

SecureList - Exotic SambaSpy is now dancing with Italian users: "In May 2024, we detected a campaign exclusively targeting victims in Italy. We were rather surprised by this, as cybercriminals typically select a broader target to maximize their profits. For example, a certain type of malware might target users in France and Spain, with the phishing emails written in both of the respective languages. However, for such a campaign, the malware’s code includes no particular checks to ensure it only runs in France and Spain. What sets this campaign apart is that, at various stages of the infection chain, checks are made to ensure that only Italian users are infected. This prompted us to investigate further and discover that the attackers were delivering a new RAT as the final payload that we dubbed SambaSpy."

This week, we turn our attention to zero trust. Take a look at these resources, so you can get comfortable with the latest trend in the business.

pomerium/awesome-zero-trust: Is there a better place to start an investigation than with these curated "awesome" lists? A perfect place for the beginner/resource hoarder to get started.

ukncsc/zero-trust-architecture: A collection of resources from the British government.

OpenNHP/opennhp: Zero Trust Network Hiding Protocol (NHP) open-source implementation.

codenotary/immudb: Immutable database based on zerotrust, SQL/Key-Value/Document model. Tamperproof data change history.

smallstep/cli: Azerotrustswiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

Geekle: Cyber Security Global Summit 2024 (24th September): "Online conference for software engineers about latest tech trends in Cyber Security": web, mobile, and major updates.

National Cyber Summit 2024 (24th September): "National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising leaders. NCS offers more value than similar cyber conferences with diverse focus-areas, premier speakers, and unmatched accessibility. Our core focus is on three things: education, collaboration and innovation."

Beyond Checking the Box: Implementing a Pragmatic Risk Management Program (25th September): "Join Steve Ryan, attest services manager and head of healthcare services at BARR Advisory, and Larry Kinkaid, cybersecurity consulting manager at BARR, for an in-depth conversation on how to transform your risk management program into a source of real value."

Cypher India 2024 (25th September): "Cypher started as a simple idea in 2015: Let’s connect the AI community with all industries, both old and new. It seemed to resonate. Cypher has grown to become the “largest AI conference in India”. No conference has ever grown so large so fast. But we also pride ourselves in organising the “best AI conference in India”.

Data Security Posture Management (DSPM) with Snowflake and BigID (25th September): "Given the growth in data volume, velocity, variety, and vulnerabilities, knowing where all your data is and how to improve security posture and manage risk is critical for board-level discussions. Join Snowflake and BigID for a webinar on practical strategies to strengthen security posture and reduce risk."

Government Cybersecurity Roadshow: Illinois 2024 (25th September): "The State of Illinois has long since been a leader in the cybersecurity realm. With the ever-increasing threat vector presented by new age cyber threats, there is a constant back and forth of threat identification and solution creation. Few organizations are more open to these rapidly evolving threats than that of the public sector."

Leeds Cyber Security Conference 2024 (26th September): "A one-day event looking at all things cyber security, information security, and digital. ISO 27001 to Email Security, Microsoft Tools to Threat Intelligence."

Women Impact Tech Denver 2024 (26th September): "Join us for this unique virtual event where you get the opportunity to interact with countless women who are driving change, pioneering new ideas, and thriving in the tech industry."

2024 Southwest Cybersecurity Capabilities and Careers Symposia (3CS) (27th September): ive symposia provide the opportunity to learn, experience, and discuss the latest tools, techniques, and technologies for Teaching, Practicing, Demonstrating, and Showcasing Cybersecurity Capabilities.