Cybersecurity And Much More Newsletter — Week 07 (2022)

Greetings, friends.

Welcome to my weekly newsletter, if you are not yet subscribed, please do. It might include books, articles, tech, tips, and of course interesting stuff about cybersecurity.

Enjoy!

What’s Happening

🚨 Conti ransomware gang takes over TrickBot malware operation

Image by BleepingComputer

After four years of activity and numerous takedown attempts, the top members of the gang move under new management, the Conti ransomware syndicate, who plan to replace it with the stealthier BazarBackdoor malware.

🌍 Apple’s retail employees are reportedly using Android phones and encrypted chats to keep unionization plans secret

Image by AndroidPolice

Inflation is disrupting operations at the world’s biggest company. Apple may be the world’s largest company with a market cap of almost $3 trillion, but its retail workers seem to hardly benefit from all that success, according to the latest reports. As a result, employees at several Apple Stores across the US are secretly working to unionize based on issues surrounding their take-home pay.

👾 Watch out for this bump in LinkedIn phishing

It’s not just endless spam for unsuitable job positions and motivational speeches. It turns out there’s a whole lot of phishing happening behind the scenes, too.

At the beginning of February, Brian Krebs reported that scammers are using “Slinks” to redirect to phishing pages. Worse still, that particular technique has been around since 2016. In the most recent example, the phishing attempts seen in the wild were not hunting LinkedIn accounts specifically. Even so, tying bad URLs to reassuringly convincing LinkedIn redirects will always end badly for someone.

👾 Pegasus Spyware should be banned, EU Data Agency

NSO Group offices in Herzliya, near Tel Aviv, Israel. Photographer: Jack Guez/AFP/Getty Images

As news of Pegasus continues to spread — Amnesty International discovered this week that the personal assistant and father of a Polish senator was targeted by the spyware — groups are again calling for a crackdown. The European Union’s data privacy head, the European Data Protection Supervisor, said on Tuesday that Pegasus should be banned in the EU.

🔐 Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm

By analyzing the encryption process of Hive ransomware, a group of South Korean researchers confirmed that vulnerabilities exist by using the Ransomware Gang’s own encryption algorithm.

They have recovered the master key for generating the file encryption key partially, to enable the decryption of data encrypted by Hive ransomware. This way they become able to recover 95% of the master key without the attacker’s RSA private key and decrypted the actual infected data.

To the best of my knowledge, this seems like the first successful attempt at decrypting Hive ransomware. It is expected that their method can be used to reduce the damage caused by Hive ransomware.

My Favorites

📝 Article — Tech workers' burnout is reaching alarming levels

Image: rbadowski/Stock.adobe.com

Burnout has always been a problem for workers and this has only been exasperated during the pandemic.

A survey last year highlighted the level of overtime that workers in Ireland had been putting in since the start of the pandemic, with many remote workers finding it harder to disconnect.

But it was also highlighted that the burnout among security professionals was the highest due to the spike in cyber attacks and the shortage of cyber talents.

📚 Book -

Surround yourself with books, they are your ultimate allies.

📚 🤔 Book Currently Reading

Salt by Mark Kurlansky

📚 🤩 Books I Recommend Reading

Social engineering by Christopher Hadnagy

  • The first book to reveal and dissect the technical aspect of many social engineering maneuvers. From elicitation, pretexting, influence, and manipulation all aspects of social engineering are picked apart, discussed, and explained by using real-world examples, personal experience, and the science behind them to unravel the mystery in social engineering.
  • Kevin Mitnick-one of the most famous social engineers in the world-popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats.

Einstein by Walter Isaacson

  • By the author of the acclaimed bestseller Benjamin Franklin, this is the first full biography of Albert Einstein since all of his papers have become available.
  • How did his mind work? What made him a genius? Isaacson’s biography shows how the imagination that distinguished his science sprang from the rebellious nature of his personality. His fascinating story, a testament to the connection between creativity and freedom, reflects the triumphs and tumults of the modern era.

🎙 Podcast — Hackers Are Making a Fortune Stealing from Kids in ‘Roblox

This week on Cyber, Motherboard staff writer Joseph Cox walks us through the underground world of Roblox.

Roblox is one of the most popular and profitable video games ever created. Unless you’ve got kids, there’s a decent chance you’ve probably never heard of it. What makes it so engaging is that it’s a place where players develop and sell their own games and items. There is an internal economy and culture built around it. Roblox is, dare I say, a metaverse all its own.

Lurking at the edges of that metaverse🤮 is a group of people called Beamers. With so many items floating around the Roblox economy is worth so much cash and so many of them are owned by children. That’s a target an unscrupulous hacker can hardly pass up.

💻 Tech — Quantum Cryptanalysis: Hype and Reality

Image: Interior of an IBM Quantum Computing System.

Today, nation-states and even private companies compete for “quantum computing superiority,” a quantum computer that is so fast that it can solve problems that cannot be realistically solved by classical computers (the kinds of computers that we use every day).

The United States, China, the European Union, and individual European nations (France, Germany, the United Kingdom) are pumping billions into the field. And make no mistake: Quantum computers are here today. They just aren’t very powerful for solving real-world problems like factoring or revealing the secrets of photosynthesis.

But we are so close to making it powerful enough to solve complex problems (when used for good) or to make privacy disappear from the internet.

This article addresses the technical, practical, economic, and strategic reasons why cryptanalysis is a boogeyman.

🎥 Videos — How To Speak?

Patrick Winston’s How to Speak talk has been an MIT tradition for over 40 years. Offered every January, the talk is intended to improve your speaking ability in critical situations by teaching you a few heuristic rules.

We perform good or bad in a job or life in general according to our ability to speak, write and generate ideas, this makes speaking better or writing and thinking differently a definite way to become a better person, friend, or individual.

I can’t remember how many times I’ve watched this amazing lecture, it helped millions of people across the globe, and so it did to me.

🎥 Videos — Allen Iverson Special: Best Plays and Moments vs. NBA 96 Class — Kobe Marbury Nash Ray Allen 🏀 🏀 🏀

NBA 96 Class was one of the best in my opinion, but according to you what was the best one in history? I grew up trying to imitate Iverson’s cross-overs for hours with my friends, I was not close by any means in style but helped me learn new tricks 😂

Quote of the Week

If you’re interested in starting a career in Cybersecurity, watch this one, and don’t forget to subscribe to my channel and leave a comment if there are any topics you’re interested in seeing on my next videos.

Check my other stuff here.

Originally published at https://www.linkedin.com.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Seif Hateb

Seif Hateb

Cybersecurity Professional, Lecturer, Cryptographer, Martial Artist.