Join Guardsquare to learn more about our new guided configuration approach to mobile application protection.

Our latest innovation ensures that all developers can effortlessly launch apps with industry-leading protection in less than a day.

This webinar will: walk through Guardsquare's new guided configuration approach; discuss how this new approach empowers mobile app publishers to easily configure security features, receive actionable insights, and monitor protection outcomes without sacrificing app performance or user experience; and cover a case study addressing how customers successfully implemented the technology.

Welcome to another_secpro!

It can be hard to know what to believe when it comes to the internet. Not only are the various stories sometimes obviously contradictory, but they might also be written by people who have an interest in presenting contradictory stories to drive up engagement. With that in mind, here are some talking heads the Editor thinks you can rely on (Editor: along with, of course, the Editor...).

Bruce Schneier dispelled exaggerated claims about China breaking modern encryption and highlighted concerns over AI use in whistleblower programs influencing stock markets. He also discussed the indictment of a CEO for security certification fraud and detailed an Israeli operation sabotaging Hezbollah’s communication devices. Meanwhile, Cisco reported a denial-of-service vulnerability in its VPN services, and LinkedIn was fined €310 million by the Irish Data Protection Commission for privacy violations. FortiGuard Labs identified a critical vulnerability in FortiManager software, while new ransomware (Qilin.B) with enhanced evasion tactics was documented by Halcyon. Additionally, Brazil arrested a cybercriminal involved in breaches of sensitive U.S. data, and the SEC charged companies for misleading cybersecurity disclosures.

As always, make sure to check out the templates, podcasts, and other stuff on ourSubstackand access the very best that we have to offer. You might even learn something!

Cheers!
Austin Miller
Editor-in-Chief

Bruce Schneier -No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer: "The headline is pretty scary: “China’s Quantum Computer Scientists Crack Military-Grade Encryption.” No, it’s not true. This debunkingsaved me the trouble of writing one. It all seems to have come fromthis news article, which wasn’t bad but was taken widely out of proportion. Cryptography is safe, andwill befor along time."

Bruce Schneier -AI and the SEC Whistleblower Program: "Whistleblowing firms can also use the information they uncover to guide market investments byactivist short sellers. Since 2006, the investigative reporting siteSharesleuthclaimsto have tanked dozens of stocks and instigated at least eight SEC cases against companies in pharma, energy, logistics, and other industries, all after its investors shorted the stocks in question. More recently, a new investigative reporting site calledHunterbrook Mediaand partner hedge fund Hunterbrook Capital, have churned out18investigative reports in their first five months of operation and disclosed short sales and other actions alongside each. In at least one report, Hunterbrooksays they filed an SEC whistleblower tip."

Bruce Schneier -Justice Department Indicts Tech CEO for Falsifying Security Certifications: TheWall Street Journalisreportingthat the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business.

Bruce Schneier -More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies: "TheWashington Posthas a long and detailedstoryabout the operation that’s well worth reading (alternate versionhere). The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was a former Middle East sales representative for the Taiwanese firm who had established her own company and acquired a license to sell a line of pagers that bore the Apollo brand. Sometime in 2023, she offered Hezbollah a deal on one of the products her firm sold: the rugged and reliable AR924."

Cisco - Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access VPN Brute Force Denial of Service Vulnerability: "A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service... An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service."

(Irish) Data Protection Agency - Irish Data Protection Commission fines LinkedIn Ireland €310 million: The inquiry examined LinkedIn’s processing of personal data for the purposes of behavioural analysisand targeted advertisingof users who have created LinkedIn profiles (members). The decision, which was made by the Commissioners for Data Protection, Dr Des Hogan and Dale Sunderland, and notified to LinkedIn on 22 October 2024, concerns the lawfulness, fairness and transparency of this processing. The decision includes a reprimand, an order for LinkedIn to bring its processing into compliance, and administrative fines totalling €310 million.

FortiGuard Labs - Missing authentication in fgfmsd: A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. Reports have shown this vulnerability to be exploited in the wild.

Halcyon - New Qilin.B Ransomware Variant Boasts Enhanced Encryption and Defense Evasion: Researchers at anti-ransomware solutions provider Halcyon have documented a new version of the Qilin ransomware payload dubbedQilin.B for tracking. According to thePower Rankings: Ransomware Malicious Quartilereport, Qilin (aka Agenda) is a ransomware-as-a-service (RaaS) operation that emerged in July of 2022 that can target both Windows and Linux systems. ‍Qilin operations include data exfiltration for double extortion.

Krebs on Security - Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach: "Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being “USDoD,” a prolific cybercriminal who rose to infamy in 2022 after infiltrating theFBI’s InfraGardprogram and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data brokerNational Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population."

Krebs on Security - The Global Surveillance Free-for-All in Mobile Ad Data: "Not long ago, the ability to digitally track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a dangerous power that should remain only within the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites..."

SEC - SEC Charges Four Companies With Misleading Cyber Disclosures:The charges against the four companies result from an investigation involving public companies potentially impacted by the compromise of SolarWinds’ Orion software and by other related activity. “As today’s enforcement actions reflect, while public companies may become targets of cyberattacks, it is incumbent upon them to not further victimize their shareholders or other members of the investing public by providing misleading disclosures about the cybersecurity incidents they have encountered,” said Sanjay Wadhwa, Acting Director of the SEC’s Division of Enforcement.

Tenable - CVE-2024-8260: SMB Force-Authentication Vulnerability in OPA Could Lead to Credential Leakage: Tenable Research discovered an SMB force-authentication vulnerability in Open Policy Agent (OPA) that is now fixed in the latest release of OPA. The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server's local user account to a remote server, potentially allowing the attacker to relay the authentication or crack the password. The vulnerability affected both the OPA CLI (Community and Enterprise editions) and the OPA Go SDK.

goliate/hidden-tear: It's a ransomware-like file crypter sample which can be modified for specific purposes. Simples.

ncorbuk/Python-Ransomware - A Python Ransomware Tutorial with a YouTube tutorial explaining code and showcasing the ransomware with victim/target roles.

ForbiddenProgrammer/conti-pentester-guide-leak: Leaked pentesting manuals given to Conti ransomware crooks.

codesiddhant/Jasmin-Ransomware: Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

SecTor(October 23rd-26th): SecTor is renowned for bringing together international experts to discuss underground threats and corporate defenses. This cyber security conference offers a unique opportunity for IT security professionals, managers, and executives to connect and learn from experienced mentors. This year, SecTor introduces the ‘Certified Pentester’ program, including a full-day practical examination, adding to the event’s educational offerings.

LASCON 2024(October 24-25th): The Lonestar Application Security Conference (LASCON) is an annual event in Austin, TX, associated with OWASP, gathering 400+ web app developers, security engineers, mobile developers, and infosec professionals. Being in Texas, home to numerous Fortune 500 companies, and located in Austin, a startup hub, LASCON attracts leaders, security architects, and developers to share innovative ideas, initiatives, and technology advancements in application security.

SANS HackFest Hollywood 2024 (October 29th): Choose Your Experience: In-Person or Live Online - whether you're planning to dive into the full HackFest experience in Hollywood, or the free, curated content offered Live Online, you'll walk away with new tools, techniques, and connections that will have a lasting impact on your career.

ODSC West 2024 (October 29th): "Since 2015, ODSC has been the essential event for AI and data science practitioners, business leaders, and those reskilling into AI. It offers cutting-edge workshops, hands-on training, strategic insights, and thought leadership. Whether deepening technical skills, transforming a business with AI, or pivoting into an AI-driven career, ODSC provides unparalleled opportunities for learning, networking, and professional growth."