Cybersecurity And Much More Newsletter — Week 06 (2022)

Greetings, friends.

Welcome to my weekly newsletter, if you are not yet subscribed, please do. It might include books, articles, tech, tips, and of course interesting stuff about cybersecurity.

Enjoy!

What’s Happening

🚨 CISA Says ‘HiveNightmare’ Windows Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 16 new CVE identifiers to its list of known exploited vulnerabilities, including a Windows flaw that federal agencies are required to patch within two weeks. The Apple WebKit zero-day was also on the list. Link

🌍 CISA, FBI, and NSA published a joint advisory warning of ransomware attacks targeting critical infrastructure organizations.

The agencies warn of the use of cybercriminal services-for-hire, highlighting that the market for ransomware is becoming increasingly “professional.” Ransomware gangs increased in using ransomware-as-a-service

(RaaS) model, they also started employing independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cybercriminals.

Below is the list of mitigations recommended by the cybersecurity agencies:

• Keep all operating systems and software up to date,
• If you use RDP or other potentially risky services, secure and monitor them closely,
• Implement a user training program and phishing exercises to raise awareness among users,
• Require MFA for as many services as possible,
• Require all accounts with password logins (e.g., service accounts, admin accounts, and domain admin accounts) to have strong, unique passwords.
• If using Linux, use a Linux security module (such as SELinux, AppArmor, or SecComp) for defense in depth.
• Protect cloud storage by backing up to multiple locations, requiring MFA for access, and encrypting data in the cloud.
• Segment networks,
• Implement end-to-end encryption,
• Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a network-monitoring tool,
• Document external remote connections,
• Implement time-based access for privileged accounts,
• Enforce the principle of least privilege through authorization policies,
• Reduce credential exposure,
• Disable unneeded command-line utilities; constrain scripting activities and permissions, and monitor their usage,
• Maintain offline (i.e., physically disconnected) backups of data, and regularly test backup and restoration,
• Ensure all backup data is encrypted,
• Collect telemetry from cloud environments.

👾 Critical Vulnerability in SIEMENS JT2GO PAR FILE PARSER

Photo by SIEMENS.

A vulnerability has been found in Siemens JT2Go) and classified as critical. This vulnerability affects an unknown part in the library plmxmlAdapterSE70.dll of the component PAR File Parser. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for vulnerability is CWE-122. As an impact, it is known to affect confidentiality, integrity, and availability. Link

👾 Apple Patches Actively Exploited WebKit Zero-Day

Photo by Threatpost.

A memory issue affecting iPhones, iPads, and macOS devices allows attackers to execute arbitrary code after processing malicious web content.

Apple has patched yet another zero-day vulnerability, this time in its WebKit browser engine, that threat actors already are actively exploiting to compromise iPhones, iPads, and macOS devices.

The zero-day tracked as CVE-2022–22620, is a Use-After-Free issue, which is related to the incorrect use of dynamic memory during program operation. Link

💰 $3.6 billion bitcoin seizure shows how hard it is to launder cryptocurrency

Picture by arstechnica.

On Tuesday, Ilya Lichtenstein and Heather Morgan were arrested in New York and indicted for laundering a record $4.5 billion worth of stolen cryptocurrency. In the 24 hours incontinently afterward, the cybersecurity world ruthlessly mocked their functional security blunderers Lichtenstein allegedly stored numerous of the private keys controlling those finances in a cloud-storage wallet that made them easy to seize, and Morgan sported her “ self-made” wealth in a series of cringe- converting rap videos on YouTube and Forbes columns. Read the full article here.

My Favorites

📝 Article — Why I’m done with Chrome

In a blogpost Matthew Green (a cryptographer and professor at Johns Hopkins University summarize the new changes that Google made in Chrome, how the user experience turned out to be, and what impact it has on the users’ security and privacy. Link

📝 Article — Pinch me: In 2022 people are still using weak passwords

In 2021, there were 1,862 data breaches according to the Identity Theft Resource Center’s 2021 Annual Data Breach Report. That is an all-time high and a 68 percent increase over breaches in 2020.

According to Lookout, 80 percent of people’s emails are leaked on the dark web as a result of data breaches. Link

Picture by DigitalJournal.

📚 Books

📚 🤔 Book Currently Reading

• The transformative system shows leaders how to rethink their strategies, retool their capabilities, and revitalize their businesses for stronger, longer-lasting success.
• There’s a learning curve to running any successful business. But once you begin to rely on past achievements or get stuck in outdated thinking and practices that no longer work, you need to take a step back―and unlearn. This innovative and actionable framework from executive coach Barry O’Reilly shows you how to break the cycle of behaviors that were effective in the past but are no longer relevant in the current business climate, and now limit or may even stand in the way of your success.
• With this simple but powerful three-step system, you’ll discover how to:
• Unlearn the behaviors and mindsets that prevent you and your businesses from moving forward.
• Relearn new skills, strategies, and innovations that are transforming the world every day.
• Breakthrough old habits and thinking by opening up to new ideas and perspectives to achieve extraordinary results.
• Packed with relatable anecdotes and real-world examples, this unique resource walks you through every step of the unlearning process. You’ll discover new ways of thinking and leading in every industry. You’ll identify what you need to unlearn, what to stop, what to keep, and what to change. By intentionally and routinely applying the system of unlearning, you’ll be able to adapt your mindset, adopt new behaviors, acquire new skills, and explore new options that will totally transform your performance and the business you lead. This book will help you let go of the past, and encourage your teams and organization to do the same. When you think big but start small, choose courage over comfort, and become curious to tackle uncertainty, you can achieve new levels of success you never dreamed possible.
• Good leaders know they need to continuously learn. But great leaders know when to unlearn the past to succeed in the future. This book shows you the way.

Genetically Modified and Irradiated Food — Jun Nishihira MD, PhD

This is a Controversial Issue. This book explains the technologies used in these processes so they can be understood by those in general public health, scientific organizations, politicians, and opinion-makers/policymakers. The facts presented include a massive amount of scientific evidence that these technologies are safe and can be beneficial. Because the world is facing a future with an increasing number of people, new technologies are needed to ensure enough safe and healthy food, thus technologies that have the potential to dramatically increase the availability of safe and healthy food should be welcomed by everybody.

📚 🤩 Books I Recommend Reading Superintelligence by Nick Bostrom

• Superintelligence asks the question: what happens when machines surpass humans in general intelligence? Will artificial agents save or destroy us? Nick Bostrom lays the foundation for understanding the future of humanity and intelligent life. The human brain has some capabilities that the brains of other animals lack. It is to these distinctive capabilities that our species owes its dominant position. If machine brains surpassed human brains in general intelligence, then this new superintelligence could become extremely powerful-possibly beyond our control. As the fate of the gorillas now depends more on humans than on the species itself, so would the fate of humankind depend on the actions of the machine superintelligence.
• But we have one advantage: we get to make the first move. Will it be possible to construct a seed Artificial Intelligence, to engineer initial conditions so as to make an intelligence explosion survivable? How could one achieve a controlled detonation?
• This profoundly ambitious and original audiobook breaks down a vast track of difficult intellectual terrain. After an utterly engrossing journey that takes us to the frontiers of thinking about the human condition and the future of intelligent life, we find in Nick Bostrom’s work nothing less than a reconceptualization of the essential task of our time.
• Isaac Newton was born in a stone farmhouse in 1642, fatherless and unwanted by his mother. When he died in London in 1727 he was so renowned he was given a state funeral-an unheard-of honor for a subject whose achievements were in the realm of the intellect. During the years he was an irascible presence at Trinity College, Cambridge, Newton imagined properties of nature and gave them names-mass, gravity, velocity-things our science now takes for granted. Inspired by Aristotle, spurred on by Galileo’s discoveries and the philosophy of Descartes, Newton grasped the intangible and dared to take its measure, a leap of the mind unparalleled in his generation.
• James Gleick, the author of Chaos and Genius, and one of the most acclaimed science writers of his generation brings the reader into Newton’s reclusive life and provides startlingly clear explanations of the concepts that changed forever our perception of bodies, rest, and motion ideas so basic to the twenty-first century, it can truly be said: We are all Newtonians.

🎙 Podcast — How Elite Operators Change Their Life

The greatest lessons you need to learn often get lost. People are either too successful to share their secrets, or they fail too fast and their experience is lost forever to history. In today’s episode, Andrew gives you a peek into how one elite UK Royal Navy SBS officer has changed his life on his own terms. And how he views money in a way that most people don’t. Link

💻 Tech — Future tech: The most exciting innovations from CES 2022

Color-changing cars at the press of a button, speakers and remotes that never need to be charged, and lightbulbs that can track your health vitals: are just some of CES’s favorite pieces of future technology that were revealed at the Consumer Electronics Show (CES) 2022. Check the top 10 most interesting gadgets from the event. Link

🎥 Videos — Michael Jordan's last 3 minutes in his FINAL BULLS GAME vs Jazz (1998) was one of the best NBA finals ever seen, I wonder what would happen if MJ ended his career that day, what are your thoughts about it? Or If MJ missed that jump shot during the last 6 seconds.

🎥 Videos — How I hacked a hardware crypto wallet and recovered $2 million

Joe Grand was contacted to hack a Trezor One hardware wallet and recover $2 million worth of cryptocurrency (in the form of THETA). Knowing that existing research was already out there for this device, it seemed like it would be a slam dunk. Little did he realize the project would turn into a roller coaster ride with over three months of experimentation, failures, successes, and heart-stopping moments. It reminded him that hacking is always unpredictable, exciting, and educational, no matter how long you’ve been doing it. In this case, the stakes were higher than normal: He only had one chance to get it right. Link

If you’re interested in starting a career in Cybersecurity, watch this one, and don’t forget to subscribe to my channel and leave a comment if there are any topics you’re interested in seeing on my next videos.

Originally published at https://www.linkedin.com.