Cybersecurity 🔐 And Much More Newsletter 📪 Vol. 3 Num. 17

Seif Hateb
9 min readMay 10, 2023

--

Greetings, friends. 👋

📫 Welcome to my newsletter, if you are not yet subscribed, please do 🥹. It might include books📚, articles ✍️, tech 💻, tips💡, and cool stuff about cybersecurity 🔒.

Enjoy!

What’s Happening

🚨 Another Week, another Critical Flaw

CISA has recently identified four new vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog:

  • PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.
  • Google Chrome Skia Integer Overflow Vulnerability
  • The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.
  • Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
  • Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time.

The mitigation deadlines for these vulnerabilities are in early May, and FCEB agencies should take prompt action to address them.

Read more.

🌐 Apache Superset Misconfiguration

Apache Superset, a data visualization and exploration tool, has a potentially exploitable and insecure default configuration in versions released before April 5, 2023. An attacker might use this flaw to gain access to the admin panel, steal passwords, compromise data, and even remotely execute code. Apache Superset 2.0.1 and earlier versions are affected. It is strongly recommended that users upgrade to version 2.1 or later of Apache Superset.

Read more.

🤖 Google is Taking Down CryptBot

Google said that it got a brief court order in the U.S. to stop the spread of a Windows-based malware called CryptBot that steals information and “slows down” its growth.

Mike Trinh and Pierre-Marc Bureau, who work for the tech giant, said that the efforts are part of what the company is doing to “not only hold criminal operators of malware accountable but also those who profit from its distribution.”

CryptBot is thought to have infected more than 670,000 computers in 2022. Its goal was to steal private information from Google Chrome users, such as login information for social media accounts and Bitcoin wallets.

Read more.

↕️ NGOs are Getting Malware with their Software Updates

An advanced persistent threat (APT) threat actor with connections to China has been using legal software update channels to spread malware within an international NGO. When executing automated updates, an authorized part of a program obtained MgBot backdoor installations from trusted sources, as found by researchers at ESET. Researchers have hypothesized that a man-in-the middle attack on the supply chain was responsible for the outbreak.

Read more.

📄Microsoft confirms that Papercut Servers are Delivering Ransomware

Microsoft has confirmed that attacks that aim to spread the Cl0p and LockBit ransomware families are linked to the ongoing abuse of PaperCut servers.

The tech giant’s threat intelligence team thinks that a group of hackers called Lace Tempest (formerly DEV-0950) is behind some of the attacks. This group works with other hacking groups like FIN11, TA505, and Evil Corp.

Microsoft said in a series of tweets that “in observed attacks, Lace Tempest ran multiple PowerShell commands to send a TrueBot DLL, which connected to a C2 server, tried to steal LSASS credentials, and injected the TrueBot payload into the conhost.exe service.”

Read more.

⛓️ Google Authenticator Syncs to the Cloud but is not E2EE

Users can now easily sync their authentication codes across many devices and Google Accounts with the help of Google Authenticator. If a user’s device is lost or stolen, they won’t have to worry about getting locked out of their accounts. Someone with access to your Google Account might view all 2FA secrets since the synchronized sign-in codes are not encrypted using end-to-end encryption (E2EE). In the future, Google Authenticator will support E2EE.

Read more.

Security Tips

🤝 RSA Conference Summary: The Good and The Bad

The Good! Companies to Watch and Announcements

Google Cloud adds ChromeOS data controls and security integrations

To further safeguard company information, Google Cloud has introduced new data controls and security integrations for ChromeOS. CrowdStrike and Palo Alto Networks are integrated for security analytics and monitoring, while Netskope is integrated for IAM purposes.

BlackBerry upgrades Cylance cybersecurity portfolio

BlackBerry’s Cylance cybersecurity suite has been expanded to include endpoint, event management, SaaS app connection, threat intelligence, and eSIM visibility features. In addition, the organization has expanded its collaboration with MSSP Solutions Granted.

Akamai launches Prolexic Network Cloud Firewall

Akamai has introduced the Prolexic Network Cloud Firewall, a new feature that lets customers to design and administer their own ACLs, allowing for greater flexibility in network edge security.

Accenture and Google Cloud expand their partnership

Accenture and Google Cloud have extended their collaboration. Accenture is expanding its adaptive detection and response offering, as well as its MxDR service, by incorporating Google capabilities and technologies, such as those for security operations, threat intelligence, generative AI, and managed crisis and incident response.

SentinelOne launches security data platform

SentinelOne has announced Singularity Security DataLake, a security data platform meant to deliver real-time insights to spot patterns, detect abnormalities, and respond to attacks.

Thales launches new USB tokens

Thales has introduced the SafeNet eToken Fusion series, which consists of USB tokens that combine Fast IDentity Online 2.0 (FIDO2) and PKI/CBA in a single authenticator. The new tokens are intended to safeguard Microsoft Azure Active Directory users against account compromise and to provide enhanced security for cloud and web application access.

The Bad! The Most Dangerous Attack Techniques

SANS Institute researchers have identified adversarial AI, ChatGPT-powered social engineering, and sponsored advertising attacks as three of the most concerning new types of cyberattack.

Adversarial AI Attacks

  • According to SANS fellow and offensive cyber operations curriculum head Stephen Sims, adversarial AI attacks are being used by threat actors to increase the speed of ransomware campaigns and to find zero-day flaws in complicated software.
  • Adversarial AI, he said, has altered the playing field for attackers by simplifying malware development procedures and making social engineering accessible to a wider audience.
  • To counter this, businesses should implement a defense-in-depth security strategy that uses several layers of defense, automates key detection and response steps, and streamlines incident management.

SEO and Paid Ads Attacks

  • According to SANS instructor Katie Nickels, sponsored advertising attacks and search engine optimization (SEO) attacks are two of the most hazardous new types of cyberattacks.
  • According to Nickels, modern search engine optimization (SEO) and advertising attacks (also referred to as “malvertising”) leverage core marketing methods to breach company networks in the first place.
  • Here, threat actors are using search engine optimization (SEO) keywords and sponsored ads to lure victims to fake websites where they may download malware and get remote access to their computers. These attacks represent an uptick in proactivity on the part of malevolent attackers, who are shifting their focus from older, more predictable methods of attack, as they become more difficult to counter, as Nickels put it.
  • The need for scalable, threat-specific user awareness training programs has increased in light of these two attack avenues.

Innovation and Diversification in Attack Techniques

  • According to John Davis, director of the UK and Ireland for the SANS Institute in EMEA, the attacks described above have become more common, complex, and difficult to detect. This is all part of a bigger pattern in which hackers are employing more sophisticated and specific methods of attack.
  • Many CEOs have a hard time wrapping their heads around the current scope and brazenness of cybercrime. He also notes that every day, 450,000 new malware samples are discovered, and that 3.4 billion phishing emails are sent. No surprise, stores are having trouble keeping their shutters down during this storm. These daring new dangers show that hackers can only survive by constantly trying new things. This explains why long-standing ransomware organizations are downsizing even as Ransomware-as-a-Service (RaaS) grows in popularity.

ChatGPT Powered Social Engineering Attacks

  • According to Heather Mahalik, a fellow at SANS, threat actors are using generative AI to exploit human risk using ChatGPT-powered social engineering, specifically targeting the weaknesses of particular employees in order to enter the entire network of the firm, including the families of those who work there.
  • As a result of this change, users are more vulnerable to attack than ever before, and a single mistaken click on a malicious file can immediately threaten not just an entire organization but also the victim’s livelihood, as stated by Mahalik.
  • In order to protect themselves from ChatGPT-related attacks, businesses must create a culture of cyber alertness throughout the whole organization.

Third-Party Developer Attacks

  • According to Dr. Johannes Ullrich, dean of research at SANS Technology Institute’s college of research, the next most dangerous attack technique is third-party developer attacks (also known as software supply chain attacks), which primarily involve an increase in targeted attacks on third-party software developers to infiltrate enterprise networks through the supply chain.
  • One prominent example of this is the 2022 LastPass breach, in which an attacker used weaknesses in third-party software to escape detection and get access to restricted areas.
  • Ullrich argued that the attack demonstrated the importance of collaboration between enterprises and software developers in order to better align security architectures, exchange threat data, and deal with constantly developing attack methodologies.

Watch the Keynote.

🔐 🧠 The Value of Soft Skills in the Technology Industry

When we consider working in the technology industry, we frequently consider technical talents such as coding, data analysis, and problem-solving. Soft skills, on the other hand, are equally vital for success in this sector.

Soft skills are non-technical abilities that allow people to engage effectively with others. Communication, teamwork, leadership, adaptability, and time management are a few examples. While these abilities may appear to be less significant than technical talents, they are critical for success in the tech business for a number of reasons.

Successful Communication

Effective communication is critical to success in any industry. It is especially crucial in the technology business, where projects are frequently complicated and require collaboration among various stakeholders. Misunderstandings can develop without appropriate communication skills, leading to errors, delays, and, eventually, project failure.

Collaboration

Projects in the technology business are rarely completed by a single individual. Instead, they necessitate the collaboration of several people with diverse abilities and backgrounds. Teamwork and other soft skills are essential for success in this atmosphere. Individuals must listen to others, respect their perspectives, and collaborate to reach a common goal.

Management

Leadership abilities are valuable in any industry, but they are extremely valuable in the technology industry. As projects get increasingly complex, individuals who can take command, motivate others, and make difficult decisions are required. Projects can become disorderly and unsuccessful if strong leadership qualities are not present.

Flexibility

The technology industry is continually evolving, with new technologies and trends developing on a regular basis. Adaptability and other soft skills are essential for success in this setting. Adaptable people can learn new skills rapidly, adapt to new technologies, and respond to changing conditions.

Time Administration

Projects in the technology industry frequently have tight deadlines and require workers to manage their time wisely. Time management and other soft skills are essential for success in this setting. Individuals who can efficiently manage their time can prioritize work, fulfill deadlines, and complete projects on schedule and within budget.

Conclusion

To summarize, while technical abilities are necessary for success in the tech business, they are not sufficient. Communication, teamwork, leadership, adaptability, and time management are all crucial soft skills. Individuals with these talents are more likely to succeed in this fast-paced, ever-changing industry.

My Favorites

📚 Books I Recommend Reading 🕹

Read 📖 — Top 3 Books to Become a Better Listener

Just Listen: Discover the Secret to Getting Through to Absolutely Anyone by Mark Goulston

  • This book provides practical tips and techniques for improving communication and building relationships by becoming a better listener. Key takeaways include the importance of empathy, the power of asking questions, and the value of acknowledging the other person’s perspective.

The Art of Listening by Lesley-Ann Brown

  • This book explores the various facets of listening, including the challenges and benefits of truly hearing what others have to say. Key takeaways include the importance of being present in the moment, the value of active listening, and the role of listening in building trust.

The Lost Art of Listening: How Learning to Listen Can Improve Relationships by Michael P. Nichols

  • This book examines the ways in which listening affects our personal and professional relationships and explores strategies for becoming a more effective listener. Key takeaways include the importance of being present and attentive, the value of validating the other person’s experience, and the role of listening in building rapport and trust.

Podcast 🎧 — Jack is Back!

Sam Bent, a.k.a. DoingFedTime, brings us a story of what it was like to be a darknet market vendor.

Listen to the Podcast

Quote of the Week

“When you want something, all the universe conspires in helping you to achieve it.” — Paulo Coelho

If you’re interested in starting a career in cybersecurity, watch this one, and don’t forget to 🔥 ***Subscribe to my Youtube Channel*** and leave a comment if there are any topics you’re interested in seeing in my next video.

Check out my other stuff here.

🚨 📢 Apparently, most of you are not interested in subscribing to my youtube channel, so please let me know why and I will make it valuable to you, I promise 😊.

--

--

Seif Hateb

Cybersecurity Professional, Lecturer, Cryptographer, Martial Artist.