Cybersecurity 🔐 And Much More Newsletter 📪 Vol. 2 Num. 26

Greetings, friends.

Welcome to my newsletter, if you are not yet subscribed, please do. It might include books, articles, tech, tips, and cool stuff about cybersecurity.

Enjoy!

What’s Happening

🚨 Cyber Insurance is Going Away 👏

As hacks continue to cause more trouble, the CEO of one of Europe’s biggest insurers says that cyber attacks, not natural disasters, will become impossible to cover.

Mario Greco, CEO of Zurich, told The Financial Times (behind a paywall) on Monday that cyber attacks are a risk to keep an eye on. Greco said, “Cyber will become something that can’t be insured.” “What if someone took over important parts of our infrastructure? What would that mean?”

Insurance executives are worried about this growing risk because hospitals, pipelines, and government departments have been hit by attacks in the past few months.

⚙️ FIN7 hackers create auto-attack platform

The infamous FIN7 hacker organization utilizes an automated assault system that leverages Microsoft Exchange and SQL injection vulnerabilities to infiltrate business networks, steal data, and pick ransomware targets depending on their financial size.

This mechanism was identified by the threat intelligence team at Prodaft, which has closely monitored FIN7 operations for years.

Prodaft discloses information regarding FIN7’s internal structure, links with other ransomware efforts, and a new SSH backdoor mechanism used to steal files from victim networks.

FIN7 is a financially motivated, Russian-speaking threat actor operating since at least 2012. They have been linked to assaults on ATMs, the concealment of malware-infected USB drives into teddy bears, the creation of bogus cybersecurity organizations to employ pentesters for ransomware attacks, and more.

👾 Microsoft Fixed Two zero-days

For Windows users, the patch that comes out on Tuesday, December 20, 2022, is not too big. Microsoft fixed 48 holes, but only six of them were considered critical. But the numbers don’t tell the whole story. Two of the updates are zero-days, and one of them is already being used to do bad things.

Windows SmartScreen

The wild-exploited Windows SmartScreen Security Feature bypass vulnerability is CVE-2022–44698. To understand how this works, you need to know that files may be cryptographically signed to verify who generated them and that they have not been modified.

Mark-of-the- Web (MOTW) is Windows technology that warns users of potential damage while downloading and opening internet or email attachments. It’s a warning that the user is going to utilize a dangerous file that might damage their machine. Malformed signatures circumvent warnings, so you’ll think everything’s fine when it’s not.

DirectX Graphics Kernel

The other zero-day is branded “Exploitation Less Likely” but has been disclosed. CVE-2022–44710 is a DirectX Graphics Kernel Elevation of Privilege vulnerability. It requires a race situation to exploit. They might get SYSTEM privileges if successful.

Race conditions, or race hazards, occur when a system’s output depends on the sequence or timing of uncontrolled occurrences. Event order deviations are bugs. When the conclusion is foreseeable, attackers can exploit these flaws.

👾 Google Patches Ninth Chrome Zero-Day of 2022

Google on Friday announced an emergency Chrome 108 update to patch a zero-day vulnerability in the browser, the ninth to be fixed this year.

The high-severity security bug is tracked as CVE-2022–4262 and is described as a type of confusion in the browser’s V8 JavaScript engine.

“Google is aware that an exploit for CVE-2022–4262 exists in the wild,” the internet giant says.

The vulnerability was identified by Google Threat Analysis Group security researcher Clement Lecigne. Per Google’s policy, no bug bounty reward will be paid.

The flaw could allow “a remote attacker to potentially exploit heap corruption via a crafted HTML page,” a National Vulnerability Database advisory explains.

Type confusion flaws exist because a block of memory is used by a different algorithm than the one that was supposed to consume it.

In Chrome, such issues could lead to deliberate code flow deviations, allowing attackers to achieve remote code execution (RCE) when untrusted code is served from a malicious page.

Patches for this vulnerability have been included in Chrome 108.0.5359.94 for Mac and Linux, and in Chrome 108.0.5359.94/.95 for Windows. Users are advised to update to a patched iteration as soon as possible.

This emergency Chrome update arrived just days after Google released Chrome 108 with patches for 28 vulnerabilities. None of these were known to be exploited in attacks.

The week before, on Thanksgiving Day, Google released another emergency Chrome update, to resolve a zero-day vulnerability in the GPU component. The issue is tracked as CVE-2022–4135.

🏴‍☠️ Okta Source Code was Stolen

GitHub warned Okta earlier this month about strange access to Okta’s code repositories.

“Upon investigation, we have concluded that such access was used to copy Okta code repositories” the company’s Chief Security Officer (CSO), David Bradbury communicated.

Even though attackers stole Okta’s source code, the company says they did not get unauthorized access to Okta’s service or customer data. Okta’s “HIPAA, FedRAMP, or DoD customers” are not affected because the company “does not rely on the secrecy of its source code as a way to secure its services.” This means that Okta customers don’t need to do anything.

🏴‍☠️ Twitter Data Breach Exposes 400 Million Users

A threat actor says they are selling the public and private information of 400 million Twitter users that they got in 2021 by exploiting an API flaw that has since been fixed. For an exclusive sale, they want $200,000.

A threat actor named “Ryushi” is selling the alleged data dump on the Breached hacking forum, which is often used to sell user data stolen in data breaches.

The threat actor said that he or she had used a vulnerability to get the information of more than 400 million unique Twitter users. They told Elon Musk and Twitter that they should buy the data before Europe’s GDPR privacy law fines them a lot of money.

Ryushi wrote in a forum post, “Twitter or Elon Musk, if you are reading this, you are already at risk of a GDPR fine over 5.4 million users breach source. Imagine the fine for 400 million users breach.”

“If you want to avoid having to pay $276 million USD in fines for a GDPR violation like Facebook did (because 533 million users were scraped), your best bet is to buy this data exclusively.”

🏴‍☠️ Lastpass Breach Exposes Customers’ Vaults

LastPass said on December 22nd, 2022, that attackers took user vault data from its cloud storage earlier this year using information acquired in August 2022.

Lastpass’ development environment “cloud storage access key and dual storage container decryption keys” were taken by the attacker. “The threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,” Toubba said on 12–22–22. “The threat actor was also able to copy a backup of customer vault data from the encrypted storage container, which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, and fully-encrypted sensitive fields like website usernames and passwords, secure notes, and form-filled data.”

Security Bites

👋 Tips — 🔐 Security — Be Safer on the Internet as a User

While you might have seen this in the past, it is never enough of a reminder to follow these straightforward steps to be safe on the internet:

• Utilize distinct, strong passwords for each account. Consider utilizing a password manager to generate and store strong passwords for you, and avoid using the same password for several accounts.
• When feasible, enable two-factor authentication (2FA). This increases the security of your accounts by asking you to provide a code delivered to your phone or email when signing in, in addition to your password.
• Be cautious when clicking on links or downloading attachments, particularly if they originate from unknown sources. Links and attachments are frequently used by scammers to distribute malware and harvest personal information.
• Utilize a firewall and anti-virus software to safeguard your device from malware and other dangers. Ensure that these programs are always up-to-date.
• Keep your sensitive information confidential. Be cautious with the information you disclose online, particularly on social media. Avoid disclosing important information such as your complete name, address, and bank details.
• Utilize a virtual private network (VPN) when using public Wi-Fi to access the Internet. A VPN encrypts your internet connection to prevent monitoring and interception of your online activity.
• Enable privacy settings on your social networking profiles. This allows you to restrict access to your posts and personal information.

Don’t forget to tell your grandma about this, she might be clicking on the wrong link and trying to send you some money to help you pay for your air ticket.

My Favorites

📚 🤔 Books I’m Currently Reading 🤞🏻

Title: The Artist’s Way

Author: Julia Cameron

Overview:

Since its first publication, The Artist’s Way has inspired Elizabeth Gilbert and millions of readers to go on a creative journey and discover a deeper connection to process and purpose. Julia Cameron’s original method assists readers in identifying issue areas and pressure points that may be impeding their creative flow and provides ways for releasing any places in which they may be stuck, so creating chances for self-development and self-discovery.

The program starts with two of Cameron’s most important tools for creative recovery: The Morning Pages, a daily writing practice consisting of three pages of stream-of-consciousness, and The Artist Date, a designated block of time to nurture your inner artist. She then provides hundreds of tasks, games, and prompts to help readers examine each chapter completely. She also provides advice on how to establish a “Creative Cluster” of artists who will support your creative activities.

📚 🤩 Books I Recommend Reading 🕹

Title: The Big Five for Life

Author: John Strelecky

Overview:

The life-changing narrative that has sold over a million copies and been Europe’s best-selling Personal Development and Leadership book for an amazing 350 weeks. When a young protégé discovers that his friend and mentor is dying, he returns to spend his final months with him. Through their insightful and illuminating conversations, we understand the significance of accepting who we actually are and the aspects that genuinely define a successful life.

This narrative, told in the context of what it means to be a great leader, will forever alter your perspective on your life’s mission. Because when the pupil gains knowledge, we are all leaders. Even if the only one we are guiding is ourselves. The themes in this book, including The Big Five for Life and Museum Day Morning, have made an everlasting mark on the minds of readers worldwide.

It is a narrative that will change your perception of what truly matters to you in innumerable ways.

🎙 Podcast — Darknet Diaries — EP 131: WELCOME TO VIDEO

Andy Greenberg brings us a gut-wrenching story of how criminal investigators used bitcoin tracing techniques to try to find out who was at the center of a child sexual abuse darkweb website.

This story is part of Andy’s new book “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency”.

🎥 Videos — Warren Buffet interviewed by Charlie Ross

In this video, Warren Buffett, the chairman, and CEO of Berkshire Hathaway shares a wide-ranging interview with Charlie Rose about the Berkshire Hathaway he created, his friends, his values, and life at the young age of 91, compared to Charlie Munger.

🎥 Videos — Interesting SBF Interview with the New York Times

I am not a fan of cryptocurrencies or NFTs, but it was interesting to see how Sam Bankman-Fried, co-founder of the cryptocurrency firm FTX, gave his first live interview since his company filed for bankruptcy. Andrew Ross-Sorkin of The New York Times asked Bankman-Fried to address allegations of fraud and mismanagement and whether the people and organizations who are owed money will get any of it back. Watch the full interview from the DealBook Summit event.

🎥 Videos — Nobel Minds 2022

The 2022 laureates in the fields of physics, chemistry, medicine, and economic sciences talk to Zeinab Badawi and students in the audience at the Royal Palace in Stockholm about their discoveries and achievements, and how these might find practical application. See the link below.

Quote of the Week

“You may be a slow walker, but you will never walk back” ― Abraham Lincoln

If you’re interested in starting a career in cybersecurity, watch this one. Don’t forget to subscribe to my channel and leave a comment if there are any topics you’re interested in seeing in my next video.

Check out my other stuff here.

Resources

• Zurich CEO Mario Greco: «Cyber attacks will become uninsurable» (Link)
• Okta source code was stolen (Link)
• 400 million Twitter User Data on Sale (Link)
• Microsoft Patch Tuesday and the Two New Zero-days (Link)
• Lastpass Data Breach (Link)
• Google Patches Ninth Chrome Zero-Day of 2022 (Link)
• Noble Minds 2022 (Link)
• Warren Buffet interviewed by Charlie Ross (Link)
• Interesting SBF Interview with the New York Times (Link)
• FIN7 hackers create an auto-attack platform (Link)