Cybersecurity 🔐 And Much More Newsletter 📪 Vol. 3 Num. 14

Greetings, friends. 👋

📫 Welcome to my newsletter, if you are not yet subscribed, please do 🥹. It might include books📚, articles ✍️, tech 💻, tips💡, and cool stuff about cybersecurity 🔒.

Enjoy!

What’s Happening

🚨 CISA Warns of Critical ICS Vulnerabilities

CISA released seven Industrial Control Systems (ICS) advisories on April 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-23–096–01 Industrial Control Links ScadaFlex II SCADA Controllers
• ICSA-23–096–02 JTEKT Screen Creator Advance 2
• ICSA-23–096–03 JTEKT Kostac PLC
• ICSA-23–096–04 Korenix Jetwave
• ICSA-23–096–05 Hitachi Energy MicroSCADA System Data Manager SDM600
• ICSA-23–096–06 mySCADA myPRO
• ICSA-20–051–02 Rockwell Automation FactoryTalk Diagnostics (Update A)

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Read more: https://www.cisa.gov/news-events/alerts/2023/04/06/cisa-releases-seven-industrial-control-systems-advisories

🙌 Microsoft Takes Legal Actions and Disrupt Cyber Criminals

Microsoft announced a collaboration with Fortra and the Health Information Sharing and Analysis Center (Health-ISAC) to combat thieves’ use of Cobalt Strike to transmit malware, including ransomware.

To that aim, the company’s Digital Crimes Unit (DCU) said that it has obtained a court order in the United States to “delete illegal, legacy copies of Cobalt Strike so they can no longer be exploited by cybercriminals.”

While Fortra’s (previously HelpSystems’) Cobalt Strike is a genuine post-exploitation tool for adversary simulation, illicit cracked copies of the program have been weaponized by threat actors over the years and have been linked to more than 68 ransomware attacks impacting healthcare organizations in more than 19 countries around the world.

After gaining initial access to a target system, ransomware gangs have used Cobalt Strike to escalate privileges, lateral move across the network, and spread file-encrypting software.

Read more: https://noticeofpleadings.com/crackedcobaltstrike/

🙀 New Apple Zero-days to Patch ASAP

Apple issued security patches for iOS, iPadOS, macOS, and the Safari web browser on Friday to address a pair of zero-day weaknesses that have been exploited in the wild.

The following are the two vulnerabilities:

• CVE-2023–28205 — A WebKit use after a free flaw that could result in arbitrary code execution while parsing specially crafted web content.
• CVE-2023–28206 — An out-of-bounds write vulnerability in IOSurfaceAccelerator that allows an app to execute arbitrary code with kernel privileges.

Apple resolved CVE-2023–28205 with enhanced memory management and CVE-2023–28206 with improved input validation, saying that the issues “may have been actively exploited.”

Clément Lecigne of Google’s Threat Analysis Group (TAG) and Donncha Cearbhaill of Amnesty International’s Security Lab are credited with discovering and exposing the issues.

Information regarding the two vulnerabilities have been withheld due to active exploitation and to prevent further threat actors from exploiting them.

Read more: https://support.apple.com/en-us/HT213720

🇹🇼 🏴 ☠️ MSI Victim to a Ransomware Attack

MSI (short for Micro-Star International), a Taiwanese PC business, has publicly admitted that its systems were the target of a cyber attack.

After noticing “network irregularities,” the corporation stated it “promptly” launched incident response and recovery steps. It also stated that it has notified police enforcement of the situation.

Nevertheless, MSI did not provide any details regarding when the assault occurred or whether it involved the exfiltration of any sensitive information, including source code.

“At this time, the affected systems have progressively resumed regular operations, with no substantial impact on financial activities,” the company stated in a brief statement released on Friday.

In a regulatory filing with the Taiwan Stock Exchange, it stated that it is implementing strengthened network and infrastructure measures to safeguard data security.

MSI further advises consumers to only download firmware/BIOS upgrades from its own website and to avoid downloading files from other websites.

The announcement comes as a new ransomware group known as Money Message adds the company to its victim list. Zscaler identified the threat actor late last month.

Read more: https://www.msi.com/news/detail/MSI-Statement-141688

🏴 ☠️ This is Why ChatGPT leaks your Private Information

On Friday, OpenAI blamed a Redis library bug for this week’s ChatGPT data breach. The flaw, found on March 20, 2023, permitted chosen users to obtain brief descriptions of other users’ discussions via the chat history sidebar. The business temporarily disabled the chatbot.

“If both users were active at the same time, the first message of a newly began conversation may have appeared in someone else’s chat history,” the company said.

The redis-py library bug caused aborted queries to damage connections and extract unrelated user data from the database cache. To make matters worse, the San Francisco-based AI research business said it accidentally applied a server-side update that increased request cancellations and error rates.

While the issue has been rectified, OpenAI stated that it may have revealed payment-related information for 1.2% of ChatGPT Plus subscribers on March 20 between 1 and 10 a.m. PT. This comprises included active user’s first and last name, email address, payment address, credit card number (just the last four digits), and expiration date. Credit card numbers were not revealed.

Read more: https://openai.com/blog/march-20-chatgpt-outage

🏴 ☠️ FBI Cracks Down on Genesis Market

Genesis Market, an illicit online marketplace that specialized in the sale of stolen credentials connected with email, bank accounts, and social networking platforms, was shut down by a collaborative multinational law enforcement operation.

Along with the infrastructure confiscation, a massive crackdown involving officials from 17 countries resulted in 119 arrests and 208 property searches in 13 countries. Operation Cookie Monster is the codename for the “unprecedented” law enforcement exercise.

Since its debut in March 2018, Genesis Market has expanded into a key hub for criminal activity, providing access to data taken from over 1.5 million infected systems worldwide, totaling more than 80 million credentials. According to Trellix data, the bulk of infections associated with Genesis Market-related malware have been found in the United States, Mexico, Germany, Turkey, Sweden, Italy, France, Spain, Poland, Ukraine, Saudi Arabia, India, Pakistan, and Indonesia, among other places.

Some of the well-known malware families used to compromise victims include AZORult, Raccoon, RedLine, and DanaBot, all of which are capable of collecting sensitive information from users’ PCs. DanaBot also distributes a fraudulent Chrome extension meant to steal browser data.

Read more: https://www.trellix.com/en-us/about/newsroom/stories/research/genesis-market-no-longer-feeds-the-evil-cookie-monster.html

🤖 Google is helping Android users to have more privacy

Google Play has various programs to help developers build consumer trust by describing how their apps handle privacy and security. Now they are implementing a data destruction policy today. This policy regulates in-app data.

Applications that let users create accounts must soon allow users to cancel their accounts and data from within the app and online. Users must also have the ability to delete their accounts and data without reinstalling an application.

Developers who need more time can file for an extension in Play Console until May 31, 2024 to comply with the new policy.

Read more: https://android-developers.googleblog.com/2023/04/giving-people-more-control-over-their-data.html

Security Tips

📡 🔐 Telco Security — DNSSEC for 5G Security

Introduction

Using secure protocols is crucial for maintaining the security of sensitive information. In the context of cybersecurity, secure protocols refer to communication protocols that use encryption and authentication to protect data in transit.

By using secure protocols, organizations can ensure that their data is protected from interception and tampering by malicious actors. This is especially important for industries such as finance, healthcare, and government, where sensitive information is frequently transmitted over networks.

Today, we are going to discuss the significance of DNS in securing 5G networks. DNS, which stands for Domain Name System, is an essential component of the internet infrastructure that helps translate domain names into IP addresses that computers can understand.

DNS is particularly important in securing 5G networks because it helps prevent malicious actors from intercepting and redirecting traffic, which could compromise the integrity and confidentiality of data transmitted over the network.

By using secure DNS protocols such as DNSSEC, 5G network operators can further enhance the security of their networks and protect users from cyber threats. In addition, DNS can also be used to enable new 5G use cases, such as network slicing and edge computing, which require efficient and reliable name resolution services.

DNSSEC Definitions

DNSSEC stands for Domain Name System Security Extensions. It is a set of protocol extensions that add security to the Domain Name System (DNS) by enabling DNS responses to be validated.

DNSSEC allows users to verify that the DNS response they receive is authentic and has not been tampered with in transit. This helps prevent attackers from intercepting and redirecting traffic, which could compromise the integrity and confidentiality of data transmitted over the network.

Before we start!

Before implementing DNSSEC, there are a few important considerations to keep in mind. First, it’s important to understand that DNSSEC does not provide complete protection against all types of attacks or privacy. It is not a substitute for other security measures such as firewalls and intrusion detection systems.

Additionally, implementing DNSSEC can be complex and may require significant resources, including specialized hardware and software, as well as trained personnel. It’s also important to consider the potential impact on network performance, as DNSSEC can introduce additional latency and increase the size of DNS responses.

Finally, it is important to ensure that all DNS servers within an organization are properly configured to support DNSSEC, as failure to properly configure even a single server can compromise the effectiveness of the entire system.

How to implement DNSSEC?

To implement DNSSEC, organizations should follow these steps:

1. Generate keys: DNSSEC uses public-key cryptography to sign DNS records. First, an organization needs to generate a key pair: a private key and a public key. The private key is kept secret, while the public key is made available in the DNS.
2. Sign DNS records: Once the keys are generated, they can be used to sign DNS records. This involves calculating a digital signature for each DNS record using the private key.
3. Publish keys: The public key needs to be published in the DNS so that clients can use it to verify DNS responses. This is done by adding a DNSKEY record to the zone file for the domain.
4. Configure DNS servers: DNS servers need to be configured to support DNSSEC. This involves enabling DNSSEC validation on the server, configuring the server to retrieve the DNSKEY records for a domain, and configuring the server to cache DNSSEC signatures.
5. Validate DNS responses: DNS clients need to be configured to validate DNS responses. This involves configuring the client to request the DNSKEY records for a domain and to use them to validate the signatures on DNS responses.
6. Monitor DNSSEC logs: Organizations should monitor their DNSSEC logs for any suspicious activity, such as failed signature validation or key mismatches.

Some Complementary Features

Here’s a quick overview of each and how they relate to DNSSEC.

• DANE- DNS-based Authentication of Named Entities (DANE) allows administrators to specify what certificate authorities (CAs) can create certificates for a domain. For DANE to work, DNSSEC must be enabled.
• DoT- DNS over TLS (DoT) encrypts DNS traffic using Transport Layer Security (TLS) encryption. DoT is a method for solving the DNS privacy problem that DNSSEC does not.
• DoH– DNS over HTTPS (DoH) aims to solve the same general problem DoT does but goes about it differently. Like DoT, it can be viewed as complementary to DNSSEC.

Conclusion

DNSSEC is an important security protocol that can help protect against certain types of attacks, particularly those involving DNS. However, organizations must keep in mind that DNSSEC is not a silver bullet and is not a substitute for other security measures.

It can be complex to implement and may require significant resources, including specialized hardware, software, and trained personnel. Alternatives such as DoT and DoH can also be considered, depending on an organization’s specific needs and circumstances. As such, organizations should carefully evaluate their security needs and resources before implementing DNSSEC or any other security protocol.

My Favorites

📚 Salt: A World History by Mark Kurlansky

Mark Kurlansky, a best-selling author, explores the fascinating history of salt, a common household item. This mineral, also known as the only rock we consume, has been shaping civilization from the beginning of time. Its story sparkles with surprises and is an integral part of the history of humankind. Salt has been so valuable that it has served as currency, influenced trade routes and cities, caused and funded wars, secured empires, and inspired revolutions. The book, Salt, is filled with colorful characters and interesting details, making it a highly entertaining and multi-layered masterpiece.

🛒 Amazing Deal on Sony

The Sony headphones feature touch control settings, up to 30 hours of battery life, and vegan leatherette material. According to the manufacturer, this headset has two processors that control up to eight microphones, which helps cancel out environmental noise as well as mid-frequency sounds. The Auto NC Optimizer function also optimizes noise canceling performance by analyzing the wearing condition of the headset. It takes into account the shape of your face, whether or not you’re wearing glasses, atmospheric pressure conditions, etc.

The good news is that they are down $180, from $399 to $219, they are still not the cheapest but definitely worth it.

Get it: ebay.com/itm/314074071401

📺 Watch — Our Beautiful Planet

Netflix is sharing the episodes of the documentary “Our Planet” for free on Youtube! Experience our planet’s natural beauty and examine how climate change impacts all living creatures in this ambitious documentary of spectacular scope. In this episode, the unforgiving frontier of climate change, polar bears, walruses, seals and penguins find their icy Edens in peril.

Watch it here: https://youtu.be/cTQ3Ko9ZKg8

Quote of the Week

“Your beliefs become your thoughts, your thoughts become your words, your words become your actions, your actions become your habits, your habits become your values, your values become your destiny.” — Mahatma Gandhi

If you’re interested in starting a career in cybersecurity, watch this one, and don’t forget to 🔥 ***Subscribe to my Youtube Channel*** and leave a comment if there are any topics you’re interested in seeing in my next video.

Check out my other stuff here.