Open in app

Sign in

Write

Sign in

Cybersecurity 🔐 And Much More Newsletter 📪 Vol. 3 Num. 19

Seif Hateb
8 min readNov 5, 2023

--

Hey there, 👋

I hope you have been doing well! 😊

📫 Welcome to my newsletter.

📰 In this Newsletter this week:

What’s happening 🚨

  • 134 Okta Customers Impacted.
  • WhatsApp Spyware in the wild .
  • New Linux vulnerability impacting your cloud.
  • A lot of Cisco patches.
  • Threat Hunt using PEAK.
  • A summary of the the top 3 books 📚 on time management, with key takeaways.

Enjoy!

What’s Happening

🚨 Multiple WhatsApp mods spotted containing the Canesspy Spyware

It is fairly uncommon for users of major instant messaging services to notice that the official client applications lack functionality. To remedy this issue, third-party developers create modifications that provide desirable functionalities in addition to visual improvements. Unfortunately, some of these modifications include spyware in addition to genuine changes.

Last year, for example, Kaspersky uncovered the Triada Trojan within a WhatsApp mod. But recently, revealed a Telegram mod with an inbuilt surveillance module that is available on Google Play. It’s the same thing with WhatsApp: some previously innocent modifications were discovered to include a spy module known as Trojan-Spy.AndroidOS.CanesSpy.

The trojanized client manifest includes suspicious components (a service and a broadcast receiver) that are absent from the original WhatsApp client. A broadcast receiver is a device that listens for broadcasts from the system and other apps, such as when the phone begins charging, a text message is received, or the downloader completes its download. When the receiver receives such a message, it invokes the event handler. The receiver in the WhatsApp spy mod runs a service that launches the surveillance module when the phone is turned on or begins charging.

This way, the attackers gain access to the WhatApp communications that are supposed to be E2E encrypted and private.

Read the full report about the WhatsApp mods here.

Before I forget, Same thing happened to Telegram.

🚪 134 Okta customers were impacted by the latest breach

Threat actors who infiltrated the Okta customer support system in October acquired access to 134 customers’ information, according to the business.

“On Thursday, October 19, Okta advised customers of a security incident. Having finalized our investigation, we can confirm that from September 28, 2023 to October 17, 2023, a threat actor gained unauthorized access to files inside Okta’s customer support system associated with 134 Okta customers, or less than 1% of Okta customers. Some of these files were HAR files that contained session tokens which could in turn be used for session hijacking attacks. The threat actor was able to use these session tokens to hijack the legitimate Okta sessions of 5 customers, 3 of whom have shared their own response to this event.”

Read more about the incident here, and checkout the latest recommended remediation actions here.

Read more.

☁️ Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments

Aqua researchers successfully intercepted Kinsing’s experimental excursions into cloud habitats. They discovered the threat actor’s manual attempts to exploit the Looney Tunables vulnerability (CVE-2023–4911) using a simple but common PHPUnit vulnerability exploit attack as part of Kinsing’s continuous campaign.

For now, this is the first recorded occurrence of such an exploit. Surprisingly, the attacker is widening the scope of their cloud-native assaults by obtaining credentials from the Cloud Service Provider (CSP). You can read the whole article by Aqua to learn more details about this exploitation.

💻 A vulnerability in IBM Robotic Process Automation may result in access to client vault credentials

A vulnerability in IBM Robotic Process Automation may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. No workarounds available at the moment.

Read more.

📑 A vulnerability has been discovered in Atlassian Confluence which could allow for data destruction.

A vulnerability in Atlassian Confluence Server and Data Center has been uncovered, which might lead to data loss. Confluence is a collaboration application that connects people, information, and ideas in a collaborative workplace. An attacker who successfully exploits this vulnerability may be able to erase instance data.

At this time, no active exploitation of this vulnerability has been identified in the wild. According to Atlassian, information concerning more specifics about this vulnerability has been made publicly accessible, increasing the likelihood of exploitation in the near future. ****Check out this Blog by CIS about the latest Atlassian Vulnerability.

More information on the CVE can be vounf here.

Here is the official vendor communication.

🌉 Cisco released security advisories for vulnerabilities affecting multiple Cisco products

A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply the necessary updates:

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

📧 New Microsoft Exchange zero-days allow RCE and Data Theft

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.

The zero-day vulnerabilities were disclosed by Trend Micro’s Zero Day Initiative (ZDI) yesterday, who reported them to Microsoft on September 7th and 8th, 2023.

Despite Microsoft acknowledging the reports, its security engineers decided the flaws weren’t severe enough to guarantee immediate servicing, postponing the fixes for later.

ZDI disagreed with this response and decided to publish the flaws under its own tracking IDs to warn Exchange admins about the security risks.

Read more.

Cool Security Stuff

🧠 What do you known about PEAK Threat Hunting Framework?

Introduction

Threat hunting is a proactive cybersecurity approach that involves actively searching for and identifying potential threats and intrusions within an organization’s network or systems. It goes beyond traditional security measures by actively looking for signs of compromise or malicious activities that may have evaded detection.

What is PEAK?

PEAK (PEAK, an acronym for “Prepare, Execute, and Act with Knowledge) is a threat hunting framework designed to enhance an organization’s ability to detect and respond to advanced and persistent threats. It focuses on proactively searching for indicators of compromise (IOCs), unusual patterns, or suspicious activities within an organization’s network or systems.

Created by SURGe, the security research team at Splunk, PEAK provides a structured approach to threat hunting by leveraging the power of security analytics platforms. It combines the use of data collection, analysis, and visualization to identify potential threats and gather valuable insights. It helps blue teams structure, measure, and improve their threat hunting processes.

How does PEAK Work?

It incorporates three distinct types of hunts:

  • Hypothesis-Driven: This is the classic approach, where hunters form a supposition about potential threats and their activities that may be present on the organization’s network, then use data and analysis to confirm or deny their suspicions.
  • Baseline (AKA Exploratory Data Analysis or EDA): In this type of hunt, hunters establish a baseline of “normal” behavior and then search for deviations that could signal malicious activity.
  • Model-Assisted Threat Hunts (M-ATH): Hunters use machine learning (ML) techniques to create models of known good or known malicious behavior and look for activity that deviates from or aligns with these models. Think of this as almost like a hybrid of the hypothesis-driven and baseline types, but with substantial automation from the ML.

To learn more about PEAK and its implementation, you can read the full article here.

If you are new to threat hunting, read more about it here.

My Favorites

Read 📖 — Top 3 Books on Time Management

“Getting Things Done: The Art of Stress-Free Productivity” by David Allen

Author Bio: David Allen is a productivity consultant and the creator of the Getting Things Done (GTD) method. He has spent decades researching and teaching effective productivity techniques.

Book Summary: “Getting Things Done” provides a comprehensive system for organizing tasks, projects, and commitments. It offers practical strategies for clearing mental clutter, managing priorities, and achieving stress-free productivity.

Key Takeaways:

  • Capture all your tasks and ideas in an external system to free up mental space.
  • Clarify the specific actions required for each task to prevent overwhelm.
  • Organize tasks into actionable lists based on context and priority.
  • Review and update your task lists regularly to stay on track.
  • Engage in regular “mind sweeps” to capture any loose ends or potential commitments.

“The 7 Habits of Highly Effective People: Powerful Lessons in Personal Change” by Stephen R. Covey

Author Bio: Stephen R. Covey was a renowned author, speaker, and leadership expert. He was recognized for his influential work on personal development and effectiveness.

Book Summary: “The 7 Habits of Highly Effective People” presents a holistic approach to personal and professional success. Covey introduces seven habits that can transform individuals and improve their effectiveness in various aspects of life.

Key Takeaways:

  • Be proactive and take responsibility for your choices and actions.
  • Begin with the end in mind and set clear goals based on your values and principles.
  • Put first things first by prioritizing important tasks and activities.
  • Seek understanding through empathetic listening and effective communication.
  • Continuously improve yourself through lifelong learning and self-reflection.

“Eat That Frog!: 21 Great Ways to Stop Procrastinating and Get More Done in Less Time” by Brian Tracy

Author Bio: Brian Tracy is a renowned author, speaker, and productivity expert. He has written extensively on personal and professional development, focusing on time management and goal achievement.

Book Summary: “Eat That Frog!” provides practical strategies to overcome procrastination and improve productivity. Tracy shares techniques for prioritizing tasks, eliminating distractions, and taking action on the most important activities.

Key Takeaways:

  • Identify your most important task (the “frog”) and tackle it first thing in the morning.
  • Break down big tasks into smaller, manageable steps.
  • Focus on high-value activities that align with your goals.
  • Use time-blocking techniques to allocate dedicated time for specific tasks.
  • Develop a sense of urgency and maintain momentum to avoid procrastination.

Quote of the Week

“Success is no accident. It is hard work, perseverance, learning, studying, sacrifice, and most of all, love of what you are doing.” — Zinedine Zidane

Subscribe 🔥 Subscribe to my Youtube Channel and leave a comment if there are any topics you’re interested in seeing in my next video.

Check out my other stuff here.

#cybersecurity #newsletter #seifhateb #infosec #informationsecurity #growth #books #2023 #vulnerabilities #technology #science #research #hacking

Seifhateb
Cybersecurity
Infosec
Information Security
Newsletter

--

--

Seif Hateb
Seif Hateb

Written by Seif Hateb

27 Followers
4 Following

Cybersecurity Professional, Lecturer, Cryptographer, Martial Artist.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams