SecPro

Towards better knowledge and better practiceIn the lead up to October - Cybersecurity Awareness Month! - we're offering everyone a chance to jump on the _secpro train...For a limited time, get 20% off all subscriptions at the checkout. You can get access to our podcasts, our templates, our security guides, and other _secpro events for a fifth off. And you can cancel anyway. What's there to lose?Thanks and enjoy!Upgrade for 20% off#169: Growing TensionsTowards better knowledge and better practiceJoin Roman Lavrik from Deloitte Snyk hosted DevSecCon 2024Snyk is thrilled to announce DevSecCon 2024, Developing AI Trust Oct 8-9, a free virtual summit designed for DevOps, developer and security pros of all levels. Join Roman Lavrik from Deloitte, among many others, and learn some presciptive DevSecOps methods for AI-powered development.Save your spotWelcome to another_secpro!It has been a difficult week world over. That applies to everyone, not just those working in cybersecurity. In the wake of the controversial weaponization of pagers by Israeli forces, maybe now is the time to consider that how the public perception of cybersecurity is going to change in the near future. If nothing else, we might see people who are feeling less secure about hardware simply because of the fact that they know so little about how it works. That means that now is as good a time as any to capitalize on that ignorance and worry to make a step up.Check out _secpro premiumThat's why we've put together the news stories, opinion pieces, and practical advice that we think you'll need to start navigating this problem. And instead of boring you with the details, we only invite you to read on!Cheers!Austin MillerEditor-in-ChiefTime for some news!Bruce Schneier -FBI Shuts Down Chinese Botnet: The FBI hasshut down a botnet run by Chinese hackers: "The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations…. The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as of June 2024."Bruce Schneier - Remotely Exploding Pagers: Schneier's commentary on the latest controversy in the Israeli crisis.Bruce Schneier - Python Developers Targeted with Malware During Fake Job Interviews: "Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware."GitHub - SAML authentication bypass via Incorrect XPath selector: Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system.Google Cloud - An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader: In June 2024,Mandiant Managed Defenseidentified a cyber espionage group suspected to have a North Korea nexus, tracked by Mandiant under UNC2970. Later that month, Mandiant discovered additional phishing lures masquerading as an energy company and as an entity in the aerospace industry to target victims in these verticals.Huntress - Cracks in the Foundation: Intrusions of FOUNDATION Accounting Software: On September 14, Huntress discovered an emerging threat involvingFOUNDATION Accounting Software, which is commonly used by contractors in the construction industry. Attackers have been observed brute forcing the software at scale, and gaining access simply by using the product’s default credentials. We're seeing active intrusions among plumbing, HVAC, concrete, and similar sub-industries.Krebs on Security -This Windows PowerShell Phish Has Scary Potential: Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user.Krebs on Security - Scam ‘Funeral Streaming’ Groups Thrive on Facebook: Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here’s a closer look at the size of this scheme, and some findings about who may be responsible.SecureList - Exotic SambaSpy is now dancing with Italian users: "In May 2024, we detected a campaign exclusively targeting victims in Italy. We were rather surprised by this, as cybercriminals typically select a broader target to maximize their profits. For example, a certain type of malware might target users in France and Spain, with the phishing emails written in both of the respective languages. However, for such a campaign, the malware’s code includes no particular checks to ensure it only runs in France and Spain. What sets this campaign apart is that, at various stages of the infection chain, checks are made to ensure that only Italian users are infected. This prompted us to investigate further and discover that the attackers were delivering a new RAT as the final payload that we dubbed SambaSpy."This week's toolsThis week, we turn our attention to zero trust. Take a look at these resources, so you can get comfortable with the latest trend in the business.pomerium/awesome-zero-trust: Is there a better place to start an investigation than with these curated "awesome" lists? A perfect place for the beginner/resource hoarder to get started.ukncsc/zero-trust-architecture: A collection of resources from the British government.OpenNHP/opennhp: Zero Trust Network Hiding Protocol (NHP) open-source implementation.codenotary/immudb: Immutable database based on zerotrust, SQL/Key-Value/Document model. Tamperproof data change history.smallstep/cli: Azerotrustswiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.Upcoming events for _secprosGeekle: Cyber Security Global Summit 2024 (24th September): "Online conference for software engineers about latest tech trends in Cyber Security": web, mobile, and major updates.National Cyber Summit 2024 (24th September): "National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising leaders. NCS offers more value than similar cyber conferences with diverse focus-areas, premier speakers, and unmatched accessibility. Our core focus is on three things: education, collaboration and innovation."Beyond Checking the Box: Implementing a Pragmatic Risk Management Program (25th September): "Join Steve Ryan, attest services manager and head of healthcare services at BARR Advisory, and Larry Kinkaid, cybersecurity consulting manager at BARR, for an in-depth conversation on how to transform your risk management program into a source of real value."Cypher India 2024 (25th September): "Cypher started as a simple idea in 2015: Let’s connect the AI community with all industries, both old and new. It seemed to resonate. Cypher has grown to become the “largest AI conference in India”. No conference has ever grown so large so fast. But we also pride ourselves in organising the “best AI conference in India”.Data Security Posture Management (DSPM) with Snowflake and BigID (25th September): "Given the growth in data volume, velocity, variety, and vulnerabilities, knowing where all your data is and how to improve security posture and manage risk is critical for board-level discussions. Join Snowflake and BigID for a webinar on practical strategies to strengthen security posture and reduce risk."Government Cybersecurity Roadshow: Illinois 2024 (25th September): "The State of Illinois has long since been a leader in the cybersecurity realm. With the ever-increasing threat vector presented by new age cyber threats, there is a constant back and forth of threat identification and solution creation. Few organizations are more open to these rapidly evolving threats than that of the public sector."Leeds Cyber Security Conference 2024 (26th September): "A one-day event looking at all things cyber security, information security, and digital. ISO 27001 to Email Security, Microsoft Tools to Threat Intelligence."Women Impact Tech Denver 2024 (26th September): "Join us for this unique virtual event where you get the opportunity to interact with countless women who are driving change, pioneering new ideas, and thriving in the tech industry."2024 Southwest Cybersecurity Capabilities and Careers Symposia (3CS) (27th September): ive symposia provide the opportunity to learn, experience, and discuss the latest tools, techniques, and technologies for Teaching, Practicing, Demonstrating, and Showcasing Cybersecurity Capabilities.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{line-height:0;font-size:75%} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Introducing a new way of keeping up with the _secpro#168: A Change in PaceIntroducing a new way of keeping up with the _secproHello!Welcome to another_secpro!This time, we're changing up the newsletter a little...We're splitting the _secpro in two - firstly, thefreenewsletter will stay freebutwe're expanding what is on offer for you all: you'll still getnews and tools, but you'll also get conference information,Packtnew title release information, and other little useful tidbits and trinkets; secondly, thepremiumnewsletter will become a monthly edition that is sent out to all paying subscribers, including: analytical and opinionpieces from the_secprostaff, podcast episodes, templates, expert access, industry-leading advice,offers for events, and any other premium features that we roll out in thenear future. If that appeals to you, click the link below!CHECK OUT THE _SECPRO PREMIUM!Of course, if you only want the free edition, that's cool too. We're going to ensure that our content remains as interestinganduseful for all of you who are sticking with thenewsletter. We might even share some of our premium content here with you from time to time - just as a thank you for sticking with us.Cheers!Austin MillerEditor-in-ChiefCheck out the podcast!Soledad Antelada Toledano is the Security Technical Program Manager at Google. She has previously worked for Berkeley Labs.Soledad was the first woman in the history of the Cybersecurity department at Berkeley Lab. After specializing in 'penetration testing' for several years, Soledad also develops research and advancement tasks for intrusion detection systems, monitoring of high capacity networks and vision and research exercises on how cybersecurity will evolve in the next 10 years adopting techniques of Artificial Intelligence for intrusion detection and handling of BigData generated by monitoring tools.Soledad has combined her work at the Berkeley lab in recent years with the responsibility of being the head of security for the ACM / IEEE Supercomputing Conference, the annual supercomputing conference in the United States, protecting and building the network architecture of SCinet, the fastest network in the world.CHECK OUT THE PODCAST!Time for some news!AquaSec-Hadooken Malware Targets Weblogic Applications: "WebLogic Server is an enterprise-level Java EE application server developed by Oracle, used for building, deploying, and managing large-scale, distributed applications. It’s commonly used in banking, e-commerce, and business-critical systems due to its support for Java technologies, transaction management, and scalability. However, WebLogic is a frequent target for cyberattacks due to vulnerabilities such as deserialization flaws and improper access controls. Misconfigurations, like weak credentials or exposed admin consoles, can lead to remote code execution (RCE), privilege escalation, and data breaches if not properly patched or secured."Bruce Schneier-Microsoft Is Adding New Cryptography Algorithms:Microsoft is updatingSymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details arehere. From anews article.Bruce Schneier-Evaluating the Effectiveness of Reward Modeling of Generative AI Systems:New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “SEAL: Systematic Error Analysis for Value ALignment.” The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values.Bruce Schneier-New Chrome Zero-Day: "According to Microsoft researchers, North Korean hackers have beenusinga Chromezero-day exploitto steal cryptocurrency."Bruce Schneier-Australia Threatens to Force Companies to Break Encryption:In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. "The Assistance and Access Act includes key components that outline investigatory powers between government and industry."Bruce Schneier-YubiKey Side-Channel Attack:There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s acomplicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment.Dr. Web-Void captures over a million Android TV boxes: "Doctor Web experts have uncovered yet another case of an Android-based TV box infection. The malware, dubbed Android.Vo1d, has infected nearly 1.3 million devices belonging to users in 197 countries. It is a backdoor that puts its components in the system storage area and, when commanded by attackers, is capable of secretly downloading and installing third-party software."GitLab-Critical Patch Release:GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user.The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0.Krebs on Security-Bug Left Some Windows PCs Dangerously Unpatched:Microsoft Corp.today released updates to fix at least 79 security vulnerabilities in itsWindowsoperating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused someWindows 10PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.Krebs on Security-Sextortion Scams Now Include Photos of Your Home:An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing.Sekoia-A glimpse into the Quad7 operators’ next moves and associated botnets: "The Sekoia TDR team has recently identified new staging servers, leading to the discovery of additional targets, implants, and botnet clusters tied to the Quad7 operators."This week's toolsNo theme this week. Just some things that we've been playing with. Check them out!ncorbuk/Python-Ransomware- A tutorial kit for making ransomware with Python.captainGeech42/ransomwatch- A tool for monitoring global malware occurences.ForbiddenProgrammer/conti-pentester-guide-leak- Leaked pentesting guides for the Conti team - get into the minds of the threat actor!YJesus/AntiRansom- A toolkit for running anti-ransomware honeypotsUpcoming events for _secpros BSides Charlotte(14th September): "BSides Charlotte 2024 will be held on September 14th and 15th in Charlotte, NC. Join us for talks, competitions, villages, training, capture the flag, and more! A call for papers, volunteers, and sponsorship opportunities will be posted on our website as preparations for the conference are made. Be sure to join us on Discord or follow on X/Mastodon as well for the most up to date information. Our mission is to serve the information security community in and around Charlotte, NC by primarily holding an annual BSides Charlotte Security Conference which offers learning opportunities through talks, activity villages, and capture-the-flag competitions. From time-to-time BSides Charlotte may put on training opportunities and partner with other organizations to bring value added content to the community."The Annual Cyber Security in Financial Services Summit 2024(16th September): "City & Financial Global is pleased to announce the 10th edition of its annual Cyber Security in Financial Services Summit event on 16th September 2024. The purpose of the Summit is to look at the cyber risks, wherever they originate, which pose a threat to London and the financial services community and will provide a forum for Government bodies, regulators, law enforcers, and financial institutions to examine the latest threats and how to combat them. It will also look at the Government’s cyber strategy, the current and future priorities of the National Cyber Security Centre, the NCA’s response to the evolving nature of the cyber threat, and the Bank of England’s stance on cyber resilience in the financial sector."Supply Chain Insight Summit 2024(16th September): "By bringing together industry leaders and innovators, the GDS Supply Chain Summit will explore the latest trends, technologies, and strategies shaping global supply chains. During this period of continuous change where resilience, efficiency, and sustainability are paramount, this summit will highlight key challenges and opportunities spanning the entire supply chain spectrum. From procurement and manufacturing to logistics, distribution, and customer engagement, we will discuss the importance of building strong supply chains for future success. Why attend? Connect with like-minded senior leaders for a curated agenda, focused on tackling your current business critical challenges and driving the industry forward."Mandiant Worldwide Information Security Exchange (mWISE) 2024(18th September): "mWISE 2024 (Mandiant Worldwide Information Security Exchange) is heading to Denver, Colorado from September 18–19. A new, more central location but our goal is the same: gather leading security experts to share knowledge and intel, and to address the greatest cyber threats and challenges our industry faces. mWISE is open to the security community at large — bringing industry, government, and academia together to discuss and understand today’s landscape and identify the threats on the horizon."The AI Tsunami: Is Your API Security Ready for the Perfect Storm?(19th September): "Is Your API Security Ready for the Perfect Storm? provided a comprehensive overview of the emerging threats in API security driven by AI advancements. Experts discussed proactive measures and best practices to safeguard APIs against sophisticated attacks. The event was well-organized, featuring insightful presentations and interactive Q&A sessions. Attendees gained valuable knowledge on fortifying their API security strategies in the face of evolving AI-driven threats."AI in Cybersecurity: A Double-Edged Sword(20th September):"AI in Cybersecurity: A Double-Edged Sword" explores the dual nature of artificial intelligence in the realm of cybersecurity. The event highlights how AI can enhance security measures through advanced threat detection and automated responses, while also acknowledging the risks of AI being exploited by cybercriminals. Featuring expert panels and discussions, the event aims to provide a comprehensive understanding of AI's impact on modern cybersecurity practices.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{line-height:0;font-size:75%} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}