- 1. Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents – Krebs on Security
Interesting: "Mark Rasch, a former prosecutor with the U.S. Justice Department, said the plaintiff is claiming the parents are liable because he gave them notice of a crime committed by their kids and they failed to respond. “A lot of these crimes are being committed by juveniles, and we don’t have a good juvenile justice system that’s well designed to both civilly and criminally go after kids,” Rasch said."
- 2. Linux Attackers Take Advantage of Unpatched Vulnerabilities
"“The answer to the question of why so many systems are still running end-of-life versions of Linux distributions is patching, misconfigurations and software-defined infrastructure,” explained Aaron Ansari, vice president of cloud security at Trend Micro. “People start out with outdated images, or misconfigure them or never patch them due to inability or fear of breaking the custom app.”"
- 3. Cybercriminals Inducing Insiders to Plant Malware
Is training and awareness enough? - "The takeaway here is that companies should expect to see more of these types of pitches, both cold and warm, via email and other communication mediums. Why? Because they are effective, even if the batting average is below .200. The cost for cybercriminals to engage is low, and every success produces an attractive ROI. Provide your employees with triage training and a path to report when that proverbial knock sounds at their door."
- 4. Firmware: Beyond Securing the Software Stack
I'd say this must be part of your vulnerability and patch management programs today. Malware already exists that exploits firmware, so, there's that.
- 5. CERIAS – Center for Education and Research in Information Assurance and Security
- 6. F5 Bug Could Lead to Complete System Takeover
- 7. From Pearl to Pegasus: Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits – The Citizen Lab
- 8. Google, Amazon, Microsoft unveil massive cybersecurity initiatives after White House meeting
- 9. How Data Brokers Sell Access to the Backbone of the Internet
But the data can be used for good too! - ""Thanks to Team Cymru for providing access to their Pure Signal Recon product. Their tool’s ability to show Internet traffic telemetry from the past three months provided the breakthrough we needed to identify the initial victim from Candiru’s infrastructure," the report reads. " - This is netflow data...
- 10. Security and compliance still a challenge for container architectures – Help Net Security
- 11. How do I select an automated red teaming solution for my business? – Help Net Security
- 12. Details Disclosed for Zoom Exploit That Earned Researchers $200,000
- 13. New iOS Zero-Click Exploit Defeats Apple ‘BlastDoor’ Sandbox
- 14. Top 10 Things You Must Do to Avoid Getting Hacked
Not a bad list, one that I would use to have a conversation with users and/or develop a security policy. Multi-factor, password vault, keep software updated, use something other than SMS for 2nd factor, don't install random crap software from the Internet (and browser extensions too).
- 15. IoT devices are insecure by default
- 16. HP OfficeJet 4630/7110 MYM1FN2025AR 2117A Cross Site Scripting
Stored XSS in a printer, could be an interesting sleeper attack? Not sure what else you could get other than the creds to the printer, if they have any to begin with...
- 17. Watch as hackers disrupt Iran’s prison computers; leak live footage
- 18. Get a Free SSL Certificate From AWS
- 19. Will Low-Code Development Lead to Security Problems and Data Breaches?
- 20. Vulnerability allowed hackers to tamper medication in infusion pump
No details, but an interesting video: https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/overmedicated-breaking-the-security-barrier-of-a-globally-deployed-infusion-pump/ - Looks like how some of the AV gear is configured, as there is not authentication (or easily bypassed) and you can interact with the device and send commands, causing the device to behave differently in the real-world.
- 21. AWS privilege escalation: exploring odd features of the Trust Policy
- 22. How Threat Detection is Evolving
- 23. People shouldn’t care about privacy
The use-cases for fully homomorphic encryption are interesting, but also the limiting factor as many different data types and processes will actually need to read your data, therefore you should still care about privacy: "Preventive Medicine: Imagine knowing in advance what you need to do to stay healthy throughout your life. This is increasingly possible with AI but requires sharing all your health data — everything from your DNA to your medical history to your lifestyle habits. With FHE, you could send all of this data in encrypted form, and the AI would respond with encrypted health recommendations that you alone could see. Facial Recognition: From science fiction to the palm of your hand, facial recognition is now a part of our everyday experience. We use facial recognition to enter buildings, to unlock our phones, to tag people in pictures, and soon, to log in to websites everywhere. This, however, requires your biometric fingerprint to be on file, which, in the wrong hands, can be used to impersonate you. With FHE, you could authenticate yourself securely, without anybody being able to steal this biometric data. Voice Assistants: Every time you or someone in your family speaks to Siri, Alexa, or Google Assistant, personal information is sent to the companies behind them. With FHE, your voice query would be sent encrypted to your AI assistant, and they could respond without actually knowing what you asked! This means you would no longer have to worry about your family’s data being misused or stolen. It would no longer matter if you had microphones in the most sensitive places in your home because nobody would be able to listen to what you say."
- 24. Microsoft Breaks Silence on Barrage of ProxyShell Attacks
- 25. New variant of PRISM Backdoor ‘WaterDrop’ targets Linux systems
“The threat actor behind this variant has managed to maintain a zero or almost-zero detection score in VirusTotal for its samples and domains. This is most likely due to their campaigns being fairly small in size. The waterdropx[.]com domain was registered to the current owner on August 18, 2017, and as of August 10, 2021, it was still online,” - https://cybersecurity.att.com/blogs/labs-research/prism-attacks-fly-under-the-radar - "We have conducted further investigation of the samples and discovered that several campaigns using these malicious executables have managed to remain active and under the radar for more than 3.5 years. The oldest samples Alien Labs can attribute to one of the actors date from the 8th of November, 2017." - It's HTTP and it's using a specific User-Agent, I would think this could be easily detected...
- 26. Phishing campaign uses UPS.com XSS vuln to distribute malware
- 27. 1Password Secret Retrieval?—?Methodology and Implementation
IN-depth technical article that details what was tried and what worked to accomplish this: "This .NET application is built on the same version of the CLR (4.7.2) the latest 1Password binary uses at the time of upload (8/13/21). This binary gets function pointers to various critical functions responsible for decrypting secrets within the 1Password SQLite database and waits until the 1Password application is unlocked by the user. Once unlocked, it writes the results as a JSON array to C:UsersPublic1Password.log for you to view and parse." (https://github.com/djhohnstein/1PasswordSuite)
- 28. Razer bug lets you become a Windows 10 admin by plugging in a mouse
"When the Razer Synapse software is installed, the setup wizard allows you to specify the folder where you wish to install it. The ability to select your installation folder is where everything goes wrong. When you change the location of your folder, a 'Choose a Folder' dialog will appear. If you press Shift and right-click on the dialog, you will be prompted to open 'Open PowerShell window here,' which will open a PowerShell prompt in the folder shown in the dialog." - I also saw on Twitter a theory that you could do this with any programmable USB device, like a rubber ducky... (https://twitter.com/Serianox_/status/1429355333756071937)