In the Security News for this week: Was it Russia?, Blocking software updates, crowd-sourced attacks, protecting FPGAs, moving Linux to modern C, Nvidia hit, the split of cyber criminals, Namecheap banning, Anonymous declares war, the Alan framework, and leaving your Docker port exposed, & more!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
"The ban on software updates, specifically, captured the attention of cybersecurity experts. One of the most basic pieces of advice for consumers and companies is to make sure all software is updated to the latest version, because known vulnerabilities are patched out. If Russia was prevented from updating software, this would, in theory, make unpatched systems easier to hack. Dmitri Alperovitch, a cybersecurity veteran and the chairman of the Silverado Policy Accelerator, told Motherboard in an online chat that such a ban is “just going to drive them even more towards open source [software].”"
"From our perspective, this sudden appearance of many different highly motivated actors of wildly differing levels of capability presents a special hazard given the current political environment. Even low-capability actors have a possibility of getting lucky, and if they get lucky in the wrong place, real-world consequences could come into play. These groups may be mistaken for state-sponsored organizations, without understanding what kind of reactions they might trigger. This is our greatest concern, that the response to a misattributed attack will lead to an escalation in the conflict. "
"Reality Leigh Winner is an American former intelligence specialist who, in 2018, was sentenced to five years and three months in prison for unauthorized release of classified information to the media."
"So why bother? The change being made doesn't include useful features that appear in newer versions. The situation came to Torvald's attention when, in order to patch a potential security problem with the kernel's linked-list primitive speculative-execution functions, another problem was revealed in the patch. While fixing this, Torvalds realized that in C99 the iterator passed to the list-traversal macros must be declared in a scope outside of the loop itself. "
"Given the timing of the attack, it certainly raises questions about if it’s at all tied to the recent Russian aggression in Ukraine as the cyber attack began at roughly the exact same time as the Russian incursion into Ukraine. Shortly thereafter, the US announced major sanctions against Russia in retaliation for its actions, so it’s possible that hackers friendly with Russian interests could be counter-attacking, and a huge and important company like Nvidia would certainly be a juicy target. However, several days ago the Secretary of the Department of Homeland Security, Alejandro Mayorkas, said the US doesn’t know of any specific and credible threats targeting US companies at this time, but that companies should be prepared just in case. " - Every breach is not Russia, or is it?
Interesting how this is split: "A member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang’s internal chats after the group’s leaders posted an aggressive pro-Russian message on their official site, on Friday, in the aftermath of Russia’s invasion of Ukraine. The message appears to have rubbed Conti’s Ukrainian members the wrong way, and one of them has hacked the gang’s internal Jabber/XMPP server. Internal logs were leaked earlier today via an email sent to multiple journalists and security researchers."
"If your endpoint must be exposed, Docker recommends configuring a docker context in order to only expose the Docker socket to users who are able to log into the Docker host via SSH. An alternative, and also complementary solution to creating a docker context, is a zero-trust infrastructure architecture, where only known or signed containers are allowed to run. In addition, proper zero-trust implementations necessitate that communication between containers is only possible when containers are able to authenticate among themselves via pre-shared certificate."
Executive Director at RM-ISAO
Product Security Research and Analysis Director at Finite State
Google has followed Microsoft and Apple’s lead and removed the apps of Russia Today (RT) and Sputnik from its mobile app Store, Play, per Reuters. The two Kremlin-linked media outlets were sanctioned in the European Union following Russia’s invasion of Ukraine.
Cybersecurity firms have found a new data wiper used in destructive attacks today against Ukrainian networks just as Russia moves troops into regions of the country. ESET telemetry shows that it was installed on hundreds of machines in the country.
US chipmaker giant Nvidia confirmed today it’s currently investigating an “incident” that reportedly took down some of its systems for two days.
The Lapsus$ data extortion group claims they breached and stole 1 TB of data from Nvidia’s network.
They also leaked online what they claim to be password hashes for all Nvidia employees.
Ukraine stands up to Russian cyberattacks; Putin could launch revenge attacks against US, expert is concerned that economic sanctions currently being levied against Russia could become justification for the Russian President to authorize revenge cyber-attacks against American computer networks – particularly those within our supply chain.
The Conti ransomware group, alleged to have ties to Russian intelligence, posted a warning Friday that said it was "officially announcing a full support of Russian government." Said it would use "all possible resources to strike back at the critical infrastructures” of any entity that organizes a cyber attack "or any war activities against Russia."
Cyber risk quantification should be at the center of an enterprise's actions to understand and measure risk posed in the event of a cyberattack. That data should then be used to estimate - financially - cyber risk exposure. To start this process, enterprises need 3 pillars to build a good cyber risk quantification program: the right data, appropria...
This week we're joined by Fleming Shi from Barracuda Networks - and Doctor Doug pontificates on: Fodcha , Cranefly, linkedin, CISA, really high speeds, Elon, and more on the Security Weekly News.
This segment is sponsored by Barracuda Networks.
Visit https://securityweekly.com/barracuda to learn more about them!
The NIST Cybersecurity Framework simplifies the language of Cybersecurity across the organization. Learn from the person who led the contracting team for the development of the NIST Cybersecurity Framework what the framework is all about and how it can reduce risk to the organization.
To view the article from the CISO COMPASS Book that sparked t...