Cybersecurity And Much More Newsletter — Week 09 (2022)
Greetings, friends.
Welcome to my weekly newsletter, if you are not yet subscribed, please do. It might include books, articles, tech, tips, and of course interesting stuff about cybersecurity.
Enjoy!
What’s Happening
My Unpopular Opinion of the day #1: it feels like ideological conformity is trendy.
🚨 CISA Adds Another 95 Flaws to its Actively Exploited Vulnerabilities Catalog
(CISA) this week added 95 more security flaws to its “Actively Exploited Vulnerabilities Catalog”, taking the total number of actively exploited vulnerabilities to 478.
📰 WhatsApp working on allowing polls with end-to-end encryption
WhatsApp is working on a feature that will enable users to create polls for a future update.
WhatsApp will ask users to enter the question of the poll to send to a WhatsApp group.
Other users can then vote on the answer. It is to be noted that polls will only be available in WhatsApp groups and will be end-to-end encrypted, as per the report. Even the answers will be end-to-end encrypted while only people in the group will be able to see the poll and the results.
👾 New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container
The Linux kernel mistakenly exposed privileged operations to unprivileged users. It is known as CVE-2022–0492 and is related to a script that gets executed at the termination on any process in the “Control Groups” aka cgoups v1.
👾 Mozilla Firefox 97.0.2 fixes two actively exploited zero-day bugs
Both zero-day vulnerabilities are “Use-after-free” bugs, which is when a program tries to use memory that has been previously cleared. When threat actors exploit this type of bug, it can cause the program to crash while at the same time allowing commands to be executed on the device without permission.
These bugs are critical because they could allow a remote attacker to execute almost any command, including the downloading of malware to provide further access to the device.
🏴☠️ Attackers can force Amazon Echos to hack themselves with self-issued commands
Academic researchers have devised a new working exploit that commandeers Amazon Echo smart speakers and forces them to unlock doors, make phone calls and unauthorized purchases, and control furnaces, microwave ovens, and other smart appliances.
🏴☠️ Robinhood says millions of customer names and email addresses were taken in a data breach
In November 2021, the online trading platform Robinhood suffered a data breach after a customer service representative was socially engineered. The incident exposed over 5M customer email addresses and 2M customer names. The data was provided to HIBP by a source who requested it be attributed to “Jarand Moen Romtviet”.
🔐 Samsung Encryption Flaw in Over 100 Million Recent Phones
Serious flaws in the way Samsung phones encrypt key material in TrustZone and it’s embarrassingly bad. They used a single key and allowed IV re-use.
So they could have derived a different key-wrapping key for each key they protect. But instead, Samsung basically doesn’t. Then they allow the app-layer code to pick encryption IVs. This allows trivial decryption.
My Favorites
📝 5G/OT/IoT Security — Protecting patients by securing medical devices and the Internet of Medical Things (IoMT)
The research found that 53% of connected medical devices have a known critical vulnerability, and a third of bedside healthcare devices — which patients most depend on for optimal health outcomes — have an identified critical risk.
- Over 50% of connected devices in a typical hospital have critical risks present
- Almost 3/4 of IV pumps have vulnerabilities that could threaten patient safety if exploited
- More than 50% of devices in oncology, pharmacology and laboratory departments run on old versions of Windows that are no longer updated
- While vulnerabilities like Urgent11 and Ripple20 make headlines, the most common device risk remains insecure passwords
- Effective network segmentation addresses over 90% of critical device risks
📚 Book
📚 🤔 Books I’m Currently Reading
Lying by Sam Harris
📚 🤩 Books I Recommend Reading
Failing Forward by John C. Maxwell
- Are some people born to achieve anything they want while others struggle? Call them lucky, blessed, or possessors of the Midas touch.
- What is the real reason for their success? Is it family background, wealth, greater opportunities, high morals, an easy childhood? New York Times best-selling author John C.
- Maxwell has the answer: The difference between average people and achieving people is their perception of and response to failure. Most people are never prepared to deal with failure.
- Maxwell says that if you are like him, coming out of school, you feared it, misunderstood it, and ran away from it. But Maxwell has learned to make failure his friend, and he can teach you to do the same. “I want to help you learn how to confidently.
💻 Tech — Orbiting robots could help fix and fuel satellites in space
For more than 20 years, the Landsat 7 satellite circled Earth every 99 minutes or so, capturing images of almost all the planet’s surface every 16 days. One of many craft that observed the changing globe, it revealed melting glaciers in Greenland, the growth of shrimp farms in Mexico, and the extent of deforestation in Papua New Guinea. But after Landsat 7 ran short on fuel, its useful life effectively ended. In space, regular servicing has not been an option.
Now, though, NASA has a potential fix for such enfeebled satellites. In a few years, the agency plans to launch a robot into orbit and maneuver it to within grabbing distance of Landsat 7. The robot will use a mechanical arm to catch hold of it and refuel it, mid-air.
🎥 Video — WWII Enigma Machine, Other Encryption Devices Dating Back To 1870 Scanned And Modeled
Experts in Germany have scanned the inner workings of encryption machines dating back to the 1870s, including the famous Enigma machines used by the Nazis in World War II.
Quote of the Week
If you’re interested in starting a career in Cybersecurity, watch this one, and don’t forget to subscribe to my channel and leave a comment if there are any topics you’re interested in seeing on my next videos.
Check my other stuff here.
Originally published at https://www.linkedin.com.
