Mobile applications face constant, evolving threats; to address these challenges, Guardsquare is proud to announce the launch of our innovative guided configuration approach to mobile app protection. By combining the highest level of protection with unparalleled ease of use, we empower developers and security professionals to secure their applications against even the most sophisticated threats. Guardsquare is setting a new standard for mobile app protection and we invite you to join us on this journey to experience the peace of mind that comes with knowing your mobile applications are protected by the most advanced and user-friendly product on the market.

In the lead up to October - Cybersecurity Awareness Month! - we're offering everyone a chance to jump on the _secpro train...

For a limited time, get 20% off all subscriptions at the checkout. You can get access to our podcasts, our templates, our security guides, and other _secpro events for a fifth off. And you can cancel anyway. What's there to lose?

Thanks and enjoy!

Welcome to another_secpro!

It's been more than a week since pager bombs hit the papers, yet people are still talking about them! Obviously, this is still worrying some in the tech world. That's why we've included Schneier's review on the problem - to see if we should be worried, where it could lead, and how we should proceed.

And, of course, the explosive

That's why we've put together the news stories, opinion pieces, and practical advice that we think you'll need to start navigating this problem. And instead of boring you with the details, we only invite you to read on!

Cheers!
Austin Miller
Editor-in-Chief

BBC - TfL writes to 5,000 cyber attack customers: The letters state that there may have been unauthorised access to personal information such as bank account numbers and sort codes. Nearly three weeks after the security breach, all customers are still unable to apply for new concession cards, refunds or access their contactless data.

BBC - Cyber criminals hacked school and demanded ransom: Staff at Lancaster Royal Grammar School spent the summer holidays rebuilding the entire IT system after a cyber attack forced them to shut it down. It happened on 16 July after the IT department "noticed something peculiar on the system".

Bruce Schneier - NIST Recommends Some Common-Sense Password Rules:NIST’s second draft of its “SP 800-63-4“—its digital identify guidelines—finally contains some really good rules about passwords. The following requirements apply to passwords: 1. Verifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length... Here the rest on Schneier's website.

Bruce Schneier - An Analysis of the EU’s Cyber Resilience Act: Agood—long, complex—analysis of the EU’s new Cyber Resilience Act.

Bruce Schneier - New Windows Malware Locks Computer in Kiosk Mode: A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.

Bruce Schneier - Israel’s Pager Attacks and Supply Chain Vulnerabilities: Israel’s brazen attacks on Hezbollah last week, in which hundreds of pagers and two-way radios exploded and killed at least 37 people, graphically illustrated a threat that cybersecurity experts have been warning about for years: Our international supply chains for computerized equipment leave us vulnerable. And we have no good means to defend ourselves.

Evil Socket - Attacking UNIX Systems via CUPS, Part I: "A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer)."

Krebs on Security - U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex: The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a top Russian cybercriminal known as Taleon, whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks.

Krebs on Security - Timeshare Owner? The Mexican Drug Cartels Want You: The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.

Microsoft - Storm-0501: Ransomware attacks expanding to hybrid cloud environments: "Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, and law enforcement. Storm-0501 is a financially motivated cybercriminal group that uses commodity and open-source tools to conduct ransomware operations."

noyb - Firefox tracks you with “privacy preserving” feature: "Today, noyb filed a complaint against Mozilla for quietly enabling a supposed “privacy feature” (called Privacy Preserving Attribution) in its Firefox browser. Contrary to its reassuring name, this technology allows Firefox to track user behaviour on websites. In essence, the browser is now controlling the tracking, rather than individual websites. While this might be an improvement compared to even more invasive cookie tracking, the company never asked its users if they wanted to enable it. Instead, Mozilla decided to turn it on by default once people installed a recent software update. This is particularly worrying because Mozilla generally has a reputation for being a privacy-friendly alternative when most other browsers are based on Google’s Chromium."

Unit 42 - Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy: Unit 42 researchers discovered two malware samples used by the Sparkling Pisces (aka Kimsuky) threat group. This includes an undocumented keylogger, called KLogEXE by its authors, and an undocumented variant of a backdoor dubbed FPSpy. These samples enhance Sparkling Pisces' already extensive arsenal and demonstrate the group’s continuous evolution and increasing capabilities.

goliate/hidden-tear: It's a ransomware-like file crypter sample which can be modified for specific purposes. Simples.

ncorbuk/Python-Ransomware - A Python Ransomware Tutorial with a YouTube tutorial explaining code and showcasing the ransomware with victim/target roles.

ForbiddenProgrammer/conti-pentester-guide-leak: Leaked pentesting manuals given to Conti ransomware crooks.

codesiddhant/Jasmin-Ransomware: Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

IDM Europe Identity Management (October 2nd): Identity Management Europe 2024 is Europe’s key gathering for IAM leaders, decision-makers, and influencers. With the increasing complexity of verifying and securing access for diverse enterprise actors in a crowded digital ecosystem, the conference addresses challenges amplified by the widespread adoption of remote work.

Innovate Cybersecurity Summit (October 6-8th): Powered by the collective knowledge of cybersecurity executives, practitioners, and cutting-edge solution providers, Innovate is the premier resource for CISO education & collaboration.

BSidesNYC Conference (October 19th): BSidesNYC is an information security conference coordinated by security professionals within the tri-state area as part of the larger BSides framework. The conference prides itself on building an environment focused on technical content covering various security topics - from offensive security to digital forensics and incident response.

SecTor (October 23rd-26th): SecTor is renowned for bringing together international experts to discuss underground threats and corporate defenses. This cyber security conference offers a unique opportunity for IT security professionals, managers, and executives to connect and learn from experienced mentors. This year, SecTor introduces the ‘Certified Pentester’ program, including a full-day practical examination, adding to the event’s educational offerings.

LASCON 2024 (October 24-25th): The Lonestar Application Security Conference (LASCON) is an annual event in Austin, TX, associated with OWASP, gathering 400+ web app developers, security engineers, mobile developers, and infosec professionals. Being in Texas, home to numerous Fortune 500 companies, and located in Austin, a startup hub, LASCON attracts leaders, security architects, and developers to share innovative ideas, initiatives, and technology advancements in application security.