Cybersecurity And Much More Newsletter — Week 14 (2022)
Welcome to my weekly newsletter, if you are not yet subscribed, please do. It might include books, articles, tech, tips, and of course interesting stuff about cybersecurity.
🚨 Microsoft Exposes Evasive Chinese Tarrask 🏴☠️ Malware Attacking Windows Computers
As a result of tracking the threat actor HAFNIUM, Microsoft uncovered that unpatched zero-day vulnerabilities are leveraged as initial vectors. The Microsoft Detection and Response Team (DART) in collaboration with the Microsoft Threat Intelligence Center (MSTIC) identified a multi-stage attack targeting the Zoho Manage Engine Rest API authentication bypass vulnerability to initially implanting a Godzilla web shell with similar properties detailed by the PaloAlto’s Unit42 team.
🚨 Targeted Attack 🏴☠️ Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan, and KdcSponge Stealer
On Sept. 16, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning that advanced persistent threat (APT) actors were actively exploiting newly identified vulnerabilities in self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus. The alert explained that malicious actors were observed deploying a specific webshell and other techniques to maintain persistence in victim environments; however, in the days that followed, we observed a second unrelated campaign carry out successful attacks against the same vulnerability.
📰 Apple 🍏 is Worried 😧 about User Privacy
At the annual Privacy Summit (IAPP — International Association of Privacy Professionals), Apple’s CEO Tim Cook expressed his concerns about how laws are going to “undermine privacy and security in service of some other aim”.
In other words, he is warning against the efforts made to weaken encryption (or add backdoors) just to enable law enforcement to retrieve information from devices or intercept communications.
Especially with all the efforts already made by the company to protect users’ privacy and offer secure and trustworthy products.
This is one of the biggest dilemmas in the world of encryption, it’s fine to communicate securely, but to what extent? what if end-to-end encryption impacts the overall national security strategy and any similar initiatives to help government agencies be proactive and mitigate risks? (sounds like a long question) But really, How to keep a healthy balance between security and privacy without having a socio-economic impact?
👾 Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities
Microsoft’s Patch Tuesday updates for the month of April have addressed a total of 128 security vulnerabilities spanning its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, among others. 10 of the 128 bugs fixed were rated Critical.
🎉 Purple 🟣 Hat Conference is Coming Soon!
One of my favorite security events for this year is the [Purple Hats Conference], where red meets blue to collaborate, share ideas, and learn about how to build a proactive informed defense. It’s just a half-day, so try to not miss it.
👾 Critical Apache Struts RCE vulnerability wasn’t fully fixed
Apache has fixed a critical vulnerability in its vastly popular Struts project that was previously believed to have been resolved but, as it turns out, wasn’t fully remedied.
As such, Cybersecurity and Infrastructure Security Agency (CISA) is urging users and administrators to upgrade to the latest, patched Struts 2 versions.
Struts is an open-source application development framework used by Java web developers for building model–view–controller (MVC) apps.
📱 Is Bluetooth 🔵 Low Energy Encryption 🔒 Secure?
The first thing to know is that BLE (Bluetooth Low Energy) doesn’t mean, a Bluetooth version that consumes less energy, but more of a version that works more efficiently with devices running on small batteries.
BLE System Architecture has three (03) parts or levels:
- Controller Level: Responsible for physical connectivity and has multiple layers, like:
- Physical Layer: sends, receives, and processes (Modulation, Coding) data.
- Link Layer: Advertises, scans, creates, and maintains connections. also interacts with the Physical layer.
- Host Level: is more of a logical layer that manages profiles, and security, and adapts protocols to standard BLE packets for the Controller layers. It defines how BLE devices interact with each other.
- Application Level: Interacts with applications and profiles to facilitate interoperability.
When we talk about BLE security we must start by understanding the [Security Manager] layer within the Host Level of the BLE architecture. The main goal of this layer is to ensure these (04) data security properties (Authentication, Integrity, Confidentiality, and Privacy) using the distinct security features:
- Pairing: process for creating one or more shared secret keys
- Bonding: storing the keys create during pairing to use in subsequent connections essential to form a trusted device pair.
- Authentication: Verifying that the same keys are on both ends.
- Encryption: encrypt messages for confidentiality.
- Message Integrity: integrity check to protect against message forgeries.
- Secure simple Pairing: encryption to protect against eavesdropping and man-in-the-middle attacks.
- Privacy: changing the Bluetooth device address frequently (Address Randomization), and the ability to derive link keys across transports (Cross-Transport Key Derivation).
One more thing about the Authentication phase. When pairing devices via Bluetooth, a pair of encryption keys needs to be exchanged in order to secure the communication. But before that happens, the device you are connected with needs to be trustworthy and that’s done through authentication. There are (04) main authentication methods:
- Just works: fast and the least secure, pairing happens without any extra steps and the keys are exchanged.
- Out of band: leverage other methods like QR code scanning before allowing the key exchange.
- Passkey: prompts you to enter a passkey to authenticate.
- Numeric Comparison: You confirm that the passkeys on both ends are the same.
📝 Note — 🔐 Security — Data Protection Quick Guide
Follow these steps to get started with Data Protection:
1 — Understand which data is critical, where it resides and how it can be accessed
2 — Data must be protected over its entire lifecycle
- Data at-rest: file system protection, encryption, integrity checks, and access control
- Data in-transit: encryption, traffic analysis, and monitoring
- Data in-use: obfuscation, anonymization
3 — Use strong encryption and key handling
4 — Follow the Least Privilege and Need to Know principles
5 — Strong passwords and multi-factor authentication
6 — Session control and monitoring
7 — Logging and Auditing of user and system activities
📝 Note — 📡 Telco/IoT Security — How 5G Security Framework Mitigates the Interconnection and Roaming Vulnerabilities
The 5G Security Framework introduces a native security capability to secure interconnections and Roaming called SEPP (short for Security Edge Protection Proxy), which is an HTTP proxy that protects both Control Plane and User Plane, but also provides functionalities such as:
- Topology Masking
- Message Filtering
- Traffic Policing
🚀 Scientists Discovered 🔎 a Bubble around our Solar System 🪐
Sure thing that we have rovers in mars rolling right now, and far galaxies and planets discovered. But a giant bubble covering our solar system! that’s astronomically amazing! Some people might call it a cloud rather than a bubble, but the thing that everybody will agree upon is that it’s huge. It is located at a distance of a light-year from the Sun, and is immersed in a giant bubble! Its diameter is 1000 light-years. The questions I have are, What if this bubble pops? Is it made of Gas? What will happen if an object goes through it?
📚 🤔 Books I’m Currently Reading
Title: The Road to Reinvention: How to Drive Disruption and Accelerate Transformation
Author: Josh Linkner
Companies, communities, and individuals fall for many reasons, but one of the most common — and easily avoidable — is the failure to reinvent. When people and organizations rest on prior successes rather than driving purposeful transformation, they discover too late that they have lost their market position altogether to competitors and external forces.
Title: Power Play: Tesla, Elon Musk, and the Bet of the Century
Author: Tim Higgins
Tesla is the envy of the automotive world. Born at the start of the millennium, it was the first car company to be valued at $1 trillion. Its CEO, the mercurial, charismatic Elon Musk has become not just a celebrity but the richest man in the world. But Tesla’s success was far from guaranteed.
📚 🤩 Books I Recommend Reading
Title: Sapiens: A Brief History of Humankind
Author: Yuval Noah Harari
When historian comes a groundbreaking narrative of humanity’s creation and evolution — a #1 worldwide bestseller — that explores the ways in which biology and records have defined us and superior our understanding of what it capability to be “human.”
One hundred thousand years ago, at least six specific species of humans inhabited Earth. Yet today there is solely one — homo sapiens. What occurred to the others? And what may also take place for us?
Most books about the history of humanity pursue both a historic or a biological approach, but Dr. Yuval Noah Harari breaks the mildew with this distinctly authentic book that starts about 70,000 years in the past with the look of present-day cognition. From analyzing the role evolving people have performed in the global ecosystem to charting the upward thrust of empires, Sapiens integrates history and science to reconsider prevalent narratives, connect past developments with modern concerns, and examine specific occasions within the context of large ideas.
🎙 Podcast — 😱 In some places in the World, They have Animals 🦒 🦔 🦓 Politicians!
Small towns around the world have a longstanding tradition of nominating — and voting for — animals in elected positions like the mayor and some animals have made it to being nominated for president.
🎥 Videos — Pyramids Found Beneath Arctic Ice
New research shows evidence of man-made pyramids in Antarctica, in this clip from Season 3, “Mysterious Ancient Ruins.” If true, how is it possible to build such a massive thing out there where the temperature is -49C and the wind reached 100 mph?! Or it might have been a period where it was free of ice
🎥 Videos — Tracking Stolen Cars
Did you know that a car 🚘 is stolen every ⏱6 minutes in Canada 🇨🇦! It’s terrifying. At owners to hear about such statistics 📊. But who should be responsible for mitigating this imminent risk? The 🤷♂️owners? The 🏭 manufacturers? Insurance 👨💼companies? Or 👮Law enforcement?
Quote of the Week
“Imagination is Everything” — Albert Einstein.