Windows Vulns Galore, Homoglyph Domains, Pegasus, & “Trust No One”! – PSW #703
This week in the Security News: Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor!Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor!
Announcements
CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
- 1. Senate bill gives contractors, others 24 hours to disclosure breachesBecause breach notification is the most important thing missing from data security programs.
- 2. How Data Discovery and Zero Trust Can Help Defend Against a Data BreachIt's all about the information, Marty.
- 3. Risk of Cloud Breaches Rising, Teams Struggling to Address Them, Fugue and Sonatype Survey FindsBut I thought migrating to the cloud solved all your security woes.
- 4. Security And Compliance Tools And Strategies For The CloudSome of these recommendations might be more readily apparent if the focus was on compliance first rather than security. just sayin'.
- 5. China’s GDPR is coming: are you ready?Wait. Aren't they the bad guys?
- 6. ‘Trust No One’ Should Be Our New Security MottoWait, what? New?
- 1. White House: The United States, Joined by Allies and Partners, Attributes Malicious Cyber Activity and Irresponsible State Behavior to the People’s Republic of ChinaThe United States has long been concerned about the People’s Republic of China’s (PRC) irresponsible and destabilizing behavior in cyberspace. Today, the United States and our allies and partners are exposing further details of the PRC’s pattern of malicious cyber activity and taking further action to counter it, as it poses a major threat to U.S. and allies’ economic and national security.
- 2. Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security DepartmentThis Joint Cybersecurity Advisory was written by the FBI and the CISA to provide information on a Chinese APT group known in open-source reporting as APT40. This advisory provides APT40’s TTPs and IOCs to help cybersecurity practitioners identify and remediate APT40 intrusions and established footholds.
- 3. Chinese State-Sponsored Cyber Operations: Observed TTPsTrends in Chinese State-Sponsored Cyber Operations NSA, CISA, and FBI have observed increasingly sophisticated Chinese state-sponsored cyber activity targeting U.S. and allied political, economic, military, educational, and critical infrastructure (CI) personnel and organizations to steal sensitive data, critical and emerging key technologies, intellectual property, and personally identifiable information (PII).
- 4. Apple security updatesSafari 14.1.2 macOS Catalina and macOS Mojave19. iOS and iPadOS 14.7, watchOS 7.6, tvOS 14.7, macOS 11.5 all dropped 7/19 & 7/21.
- 5. New Windows 10 vulnerability allows anyone to get admin privilegesWindows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files. SYSTEM, SECURITY, SAM, DEFAULT, and SOFTWARE databases can be read by anybody.
- 6. The US government is offering big bucks to track down foreign hackersThe US State Department has announced that it is offering up to $10 million for information that can help identify or locate state-sponsored threat actors.
- 7. Microsoft secured court order to take down domains used in BEC campaignMicrosoft obtained a court order that allowed the company to take down malicious “homoglyph” domains that are being used to conduct fraud. In all, Microsoft took down 17 domains that were crafted to appear legitimate through variations in spelling or the use of characters that are similar in appearance.
- 8. Saudi Aramco data breach sees 1 TB stolen data for saleThis month, a threat actor group known as ZeroX is offering 1 TB of proprietary data belonging to Saudi Aramco for sale. ZeroX claims the data was stolen by hacking Aramco's "network and its servers," sometime in 2020. As such, the files in the dump are as recent as 2020, with some dating back to 1993, according to the group.