Cybersecurity 🔐 And Much More Newsletter 📪 Vol. 3 Num. 10

Greetings, friends. 👋

📫 Welcome to my newsletter, if you are not yet subscribed, please do 🥹. It might include books📚, articles ✍️, tech 💻, tips💡, and cool stuff about cybersecurity 🔒.

Enjoy!

What’s Happening

🙀 Lazarus Group Exploiting Zero-Day Vulnerabilities 🚨

North Korea’s Lazarus Organization has twice broken into a South Korean financial company’s systems using undiscovered software flaws.

The May 2022 attack and October 2022 infiltration leveraged zero-day vulnerabilities in certificate software widely used by governmental institutions and universities.

AhnLab Security Emergency Response Center (ASEC) is keeping quiet since “the vulnerability has not been properly verified yet and a software patch has not been released.”

Read more about this here

👾 NetWire RAT Platform is Down

An international law enforcement effort took NetWire’s infrastructure offline. The Croatian administrator of the sales website www.worldwiredlabs[.]com was detained along with its confiscation. The domain’s owner, Mario Zanko, was identified by Brian Krebs.

Since 2012, malspam operations have spread the malware, which gives remote attackers full control over Windows, macOS, and Linux systems. It steals passwords and logs keys. The FBI registered on the site and bought a membership to construct a custom NetWire RAT instance in 2020, according to the U.S. Department of Justice (DoJ).

Read more about this here

👾 Jenkins Exposed to Code Execution Attacks

Two significant Jenkins open-source automation server security issues could allow arbitrary code execution on compromised devices, and all Jenkins versions prior to 2.319.2 are impacted.

CVE-2023–27898 and CVE-2023–27905 allow unauthenticated attackers to execute arbitrary code on the victim’s Jenkins server and compromise it.

This was the result of Jenkins’s handling of Update Center plugins allowing bad actors to upload plugins with malicious payloads and perform XSS attacks.

Read more about this here

😭 More Bad News on the LastPass Breaches

An engineer at LastPass failed to update Plex on their computer which had a three years vulnerability (CVE-2020–5741), resulting in the company’s major security breach that highlights the dangers of not updating software.

Last week, the password management service revealed how unknown actors used data stolen from an incident before August 12, 2022, and information “available from a third-party data breach and a vulnerability in a third-party media software package” to launch a coordinated second attack between August and October of the same year.

Attack #1: The invader stole partially encrypted password vaults and user data.

Attack #2 One Cloud Engineer had a keylogger malware installed on their home computer to steal their credentials and use them to access the cloud storage environment.

Read more about this here

👾 UNC2970 Gets Creative with New Malware Families 💰

Since June 2022, UNC2970, a North Korean espionage group, has spear-phished Western media and technology organizations utilizing previously unknown malware families.

According to Mandiant researchers, UNC2970 has a concentrated effort towards obfuscation and leverages several methods to do this along the full chain of delivery and execution.

Now, UNC2970 has switched its tactics to directly target LinkedIn users by creating phony profiles that pose as recruiters. UNC2970 has a network of carefully created LinkedIn identities that impersonate real people. These accounts are carefully crafted to look like the real thing, complete with bios, pictures, and everything else that makes a user seem approachable and worthy of interacting with.

Read more about this here

Security Engineering

🔎🔐 Cyber Defense — Do you ever test your Detections?

Mapping Detection to MITRE ATT&CK

Companies need reliable detection and response mechanisms because cyber threats are constantly improving in sophistication. The MITRE ATT&CK framework fills this void by offering a comprehensive paradigm for analyzing and classifying adversarial actions. Nevertheless, understanding the ATT&CK structure isn’t enough; companies also need to be able to map their detection abilities to it. Here’s where the DeTT&CT initiative comes in.

Can You Explain DeTT&CT to Me?

To bridge the gap between detection capabilities and the MITRE ATT&CK framework, an open-source project known as DeTT&CT (Detection of Threats & Tactics and Techniques) was developed. In 2018, a team of security experts saw the need for a unified method of mapping detection capabilities to the ATT&CK framework and thus launched this initiative.

The DeTT&CT project offers a rule set that can be integrated with security technologies like SIEMs and EDRs to detect adversarial activity according to the ATT&CK framework. Security teams can quickly find the applicable rules for any given attack thanks to the ruleset’s categorization by tactic and approach.

What’s the big deal about DeTT&CT?

Organizations can gain a deeper understanding of their detection skills and pinpoint any gaps that need to be addressed by mapping those capabilities to the MITRE ATT&CK methodology. DeTT&CT provides a standardized approach to this, making it simpler for businesses to develop and maintain reliable detection systems.

Organizations can improve their threat detection and response with security tools and the DeTT&CT guidelines, which are mapped to the ATT&CK framework. The potential damage from a cyber assault can be mitigated by cutting down on the time it takes to notice and respond to threats.

How to use DeTT&CT

To use DeTT&CT is a simple matter. The project delivers a rule set that can be integrated with numerous security products. The security teams can quickly determine which rules apply to a certain assault because the rules are categorized by the method and technique used in the attack.

Organizational security teams should determine which tactics and techniques are most pertinent before using the DeTT&CT regulations. After they have these tactics and procedures mapped out, they can use the DeTT&CT rules to build in detection mechanisms.

You should know that the DeTT&CT guidelines are not meant to be applied universally. When it comes to security, every business has its own set of requirements, so the regulations must be tailored to each individual enterprise. To stay up with the ever-changing nature of threats, security teams should also routinely assess and improve their detection capabilities.

Conclusion

Organizational cyber defense hinges on the efficacy of its detection and response capabilities. The DeTT&CT project provides a standardized means of mapping detection capabilities to the MITRE ATT&CK framework, which is a complete model for analyzing and classifying adversarial behavior. Organizations can lessen the severity of the damage from a cyber attack by employing the DeTT&CT guidelines in conjunction with their existing security measures.

Cloud Security

☁️ 🔐 Cloud Security Basics — Following the IAM Best Practices to Secure your Cloud

Any business that uses cloud services must take steps to ensure its data is safe. Security in the cloud relies heavily on Identity and Access Management (IAM). Using IAM, businesses can control who has access to what in the cloud, protecting critical information from prying eyes.

Establishing a rigorous password policy is the first step in utilizing IAM to secure the cloud. Users should be compelled to use complex, long passwords by this policy. In addition, it needs to mandate frequent password changes to keep hackers at bay.

RBAC, or role-based access control, is another crucial part of IAM (RBAC). With RBAC, businesses can give users specific permissions based on what they’re expected to do in their jobs. This limits access to only what is necessary for each user’s specific role. Moreover, RBAC facilitates user access management by enabling administrators to delegate and revoke roles with relative ease.

As an additional safety measure, businesses should use multi-factor authentication (MFA). Multiple Factor Authentication (MFA) necessitates the use of at least two different authentication methods, such as a password and a security token. Attackers will have a considerably harder time accessing cloud resources, even if they manage to steal a user’s password.

Monitoring and auditing are also crucial components of cloud security. The cloud usage of employees should be monitored and audited, thus businesses should set up a mechanism for doing so. Forensic evidence in the event of a security breach can be gathered and attempted intrusions can be thwarted with this method.

Lastly, businesses should set up a strategy for keeping track of their keys. It is important to treat access keys for cloud resources the same way you would a password. To avoid unauthorized access, it’s important to change out access keys on a regular basis and keep them in a safe place.

Ultimately, it is critical for any business that uses cloud services to implement an IAM strategy to ensure that its data is safe. Organizations can safeguard their cloud resources from unauthorized use by enforcing policies like RBAC, MFA, monitoring and auditing, and access key management.

Note: Next, we will go over more sophisticated methods and approaches, like Passwordless.

Application Security

🧑🏻‍💻 🔐 Fixing AppSec — Secure Coding is a Must, but the culture does not follow

Developing secure applications requires training in secure development. The objective of this process is to train programmers to create code that is secure by design, discover vulnerabilities, and adhere to the organization’s security policies. An organization’s security risks and security team workloads can both be reduced by adopting a culture of secure development.

A preventative measure that can lessen the likelihood of an application being compromised is to educate developers on secure development techniques. Developers can make programs less vulnerable to attack by hackers if they learn to recognize and fix security flaws as they arise throughout the development process. This frees up the security team’s time to concentrate on more pressing matters, such as maintaining constant system monitoring and providing rapid responses to incidents.

It is easier and less expensive to address security concerns when they are discovered early in the development process. Yet, it can be expensive and time-consuming to correct security problems once the application has been deployed. Security issues can be avoided altogether with the help of developers who are aware of best practices for secure code.

To sum up, learning secure development practices is essential for making secure software. Companies may save time and money by reducing the number of security breaches, relieving the workload of security personnel, and teaching developers how to implement secure coding standards.

Note: Committing to a Secure Development Program will give more time for your security teams to focus on what’s important, or to go to more conferences and collect stickers 😆. On the other hand, remind your engineering teams that they know more about the code and product than the security team.

Telecom Security

☎️ 🔐 Video Communications — Are Corporate Over IP Communications Secure?

To protect real-time media transmissions like voice and video, Secure Real-Time Transport Protocol (SRTP) was developed. Video conferencing and other forms of real-time communication typically employ the Real-time Transport Protocol (RTP), which is where SRTP comes in.

SRTP safeguards real-time media information against eavesdropping, forgery, and replay attacks. It protects the data from being tampered with by encrypting the media payload and appending a message authentication code (MAC). Each packet in SRTP also has a unique sequence number, which helps prevent replay attacks.

When it comes to protecting video transmissions, SRTP has emerged as the de facto standard. It’s supported by numerous well-known video chat apps like Microsoft Teams, Zoom, and Google Meet. Both the sender and the receiver need to be SRTP-capable for the connection to be established. Using SRTP ensures that only the sender and the receiver have access to the sent data due to its end-to-end encryption.

In conclusion, SRTP is a crucial method for protecting video transmissions. It’s a safe way to send media in real-time, shielding the data from snooping ears as well as tampering and replay attacks. Businesses may safeguard their video conferencing and other real-time communication apps against cybercriminals by adopting SRTP.

My Favorites

📚🌱 Book Summary

Mindset: The New Psychology of Success by Carol S. Dweck

The Author

Carol S. Dweck is a renowned psychologist who has written extensively on the concept of mindset. Her book “Mindset: The New Psychology of Success” explores the idea that our beliefs about intelligence and ability greatly impact our success in life. Dweck’s work has been influential in the fields of education and parenting, as well as in the business world. She has received numerous awards for her research and contributions to psychology.

The Book

Quick Book Summary

1. The reader will gain a better understanding of the importance of one’s mental attitude to their overall achievement after finishing this book.
2. Dweck distinguishes between a “fixed” and a “growth” mindset. Those with a fixed mindset consider their skills to be static and unchangeable, whereas those with a growth mindset consider their skills to be malleable and amenable to improvement through focused effort.
3. Dweck claims that if you have a growth mindset, you may achieve more in life and feel happier doing it.
4. The book uses real-world examples from sports, business, and academia to demonstrate the power of a positive mental attitude.
5. The book advocates a growth mentality, which sees setbacks and difficulties as learning experiences.

Key Takeaways:

1. One of the most important factors in achieving our goals in life is how we perceive our own abilities and potential.
2. Those with a fixed perspective are less likely to take on new tasks and are more likely to see setbacks as a reflection of their innate talent, whereas those with a growth mindset perceive setbacks and difficulties as opportunities to learn and improve.
3. Third, having a growth mentality can help you become more resilient, creative, and driven.
4. Through focus and training, one’s mindset can be altered.
5. Fifth, adopting a growth mindset can improve your chances of achieving your goals and finding happiness in life.

Happy reading! 📖

📚 🤩 Books I Recommend Reading 🕹

Three Books to learn about Social Engineering:

1. “Social Engineering: The Art of Human Hacking” by Christopher Hadnagy
2. “Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails” by Christopher Hadnagy and Michele Fincher
3. “The Art of Deception: Controlling the Human Element of Security” by Kevin Mitnick

These books provide valuable insights into the psychology behind social engineering and offer practical advice for identifying and mitigating social engineering attacks.

🎙 Podcast — Darknet Diaries EP123: Newswires

With what is happening these days in the financial sector, one more scary story of hacking fraud and trading won’t hurt. Investing in the stock market can be very profitable. Especially if you can see into the future. This is a story of how a group of traders and hackers got together to figure out a way to see into the future and make a lot of money from that.

Listen to it here.

🎥 Videos — What if your City get hacked!

Check out this video on the topic of cybersecurity: The Hacks That Could Turn Your City Against You | Rise of the Machines. It explores how hackers can exploit vulnerabilities in smart city infrastructure, and the potential consequences of such attacks.

Quote of the Week

“Education is not the learning of facts, but the training of the mind to think.” ― Albert Einstein.

If you’re interested in starting a career in cybersecurity, watch this one, and don’t forget to 🔥 ***Subscribe to my Youtube Channel*** and leave a comment if there are any topics you’re interested in seeing in my next video.

Check out my other stuff here.