Cybersecurity 🔐 And Much More Newsletter 📪 Vol. 3 Num. 08

Greetings, friends.

Welcome to my newsletter; if you are not yet subscribed, please do. It might include books, articles, tech, tips, and other cool stuff about cybersecurity.

Enjoy!

What’s Happening

🚨 CISA Added 3 New Vulnerabilities to its catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The list of flaws was:

• CVE-2022-47986 (CVSS score: 9.8) - IBM Aspera Faspex Code Execution Vulnerability
• CVE-2022-41223 (CVSS score: 6.8) - Mitel MiVoice Connect Code Injection Vulnerability
• CVE-2022-40765 (CVSS score: 6.8) - Mitel MiVoice Connect Command Injection Vulnerability

🇨🇳 China Instructs State Firms to Phase out Big4 Auditors

China's government has ordered state companies to phase out the "Big Four" auditors, including Deloitte, KPMG, EY, and PwC.

The move is part of a broader effort to strengthen the country's regulatory oversight of businesses and ensure that auditors are independent and objective in their assessments. The decision comes after a series of high-profile accounting scandals involving Chinese companies listed on overseas stock exchanges.

Critics argue that the move could lead to a reduction in the quality of audits and cause confusion among investors, as they may be unfamiliar with the local audit firms that will replace the Big Four.

Read more about it here.

📱Google Plans to Enhance the Security of SoC Processors

Google has announced a partnership with several ecosystem partners to enhance the security of system-on-chip (SoC) processors.

The partnership, called the Silicon Security Collaboration, aims to develop new security technologies and standards for SoC processors that can be used in a wide range of devices, from smartphones to smart home devices.

The collaboration will focus on several key areas, including hardware-based security, secure boot, and device attestation. The partners will work together to develop open standards and best practices for these areas, with the goal of improving the security of devices across the ecosystem.

The Silicon Security Collaboration is an important step forward in improving the security of SoC processors, which are a critical component of many devices. By working together, the partners hope to develop new technologies and standards that can help protect devices from a wide range of security threats.

The partners in the Silicon Security Collaboration include Google, Arm, Qualcomm, MediaTek, Samsung, and several others. The collaboration is open to other companies that want to join, and the partners are encouraging other ecosystem players to get involved.

Some of the specific initiatives that the Silicon Security Collaboration will focus on include:

• Developing open standards for hardware-based security, including secure enclaves and trusted execution environments
• Developing secure boot mechanisms that can protect devices from boot-time attacks
• Developing device attestation mechanisms that can verify the integrity of devices and their components

The Silicon Security Collaboration is an important initiative that could help improve the security of devices across the ecosystem. By working together, the partners hope to develop new security technologies and standards that can help protect devices from a wide range of threats.

Read more about it here.

👾 Lazarus Group using New Backdoors

Lazarus Group, a state-sponsored hacking group from North Korea, is currently employing a new backdoor named "Winordll64". This backdoor is being used to target organizations based in South Korea, including government agencies and private-sector organizations.

New findings reveal that a new backdoor, associated with a malware downloader named Wslink, has been discovered. The tool is likely used by the notorious North Korea-aligned Lazarus Group.

The payload, called WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete files, execute PowerShell commands, and obtain comprehensive information about the underlying machine.

The backdoor is typically delivered through malicious email attachments and has the ability to bypass antivirus software. Once installed, the backdoor allows attackers to remotely execute commands and steal sensitive information.

Lazarus Group has been implicated in numerous high-profile cyberattacks, such as the 2014 hack of Sony Pictures and the 2017 WannaCry ransomware attack. The group is notorious for its sophisticated and persistent attacks and is believed to be responsible for numerous attacks against financial institutions and cryptocurrency exchanges.

Read more about it here.

😱 VMware Released Patches for Critical Carbon Black Vulnerabilities

On Tuesday, VMware released patches to address a critical security vulnerability affecting its Carbon Black App Control product.

Tracked as CVE-2023-20858, the shortcoming carries a CVSS score of 9.1 out of a maximum of 10 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x.

The virtualization services provider has identified the issue as an injection vulnerability. Security researcher Jari Jääskelä has been credited with discovering and reporting the bug.

According to the company's advisory, "A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system."

VMware has stated that there are no workarounds that resolve the flaw, and customers must update to versions 8.7.8, 8.8.6, and 8.9.4 to mitigate potential risks.

Read more about it here.

🇰🇷 SAMSUNG Announces a New Anti-Malware Security Feature

Samsung has announced a new feature called Message Guard that comes with safeguards to protect users from malware and spyware via what's referred to as "zero-click" attacks.

The South Korean chaebol said the solution "preemptively" secures users' devices by "limiting exposure to invisible threats disguised as image attachments."

The security feature is currently available on Samsung Messages and Google Messages, but it is only compatible with the Samsung Galaxy S23 series for now. Plans are in place to expand it to other Galaxy smartphones and tablets later this year, but only those that are running on One UI 5.1 or higher.

This is the latest security measure introduced by Samsung, which also includes the Knox security platform. According to the company, Knox can already protect users from attacks that use video and audio formats.

Zero-click attacks are highly sophisticated and targeted attacks that exploit unknown vulnerabilities (called "zero-days") in software. These attacks trigger the execution of malicious code without any interaction from the user.

🍎 Apple Releases Advisory about 3 new vulnerabilities

Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS.

The first flaw is a race condition in the Crash Reporter component (CVE-2023-23520) that could enable a malicious actor to read arbitrary files as root. The iPhone maker said it addressed the issue with additional validation.

The two other vulnerabilities, credited to Trellix researcher Austin Emmitt, reside in the Foundation framework (CVE-2023-23530 and CVE-2023-23531) and could be weaponized to achieve code execution.

"An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges," Apple said, adding it patched the issues with "improved memory handling."

The medium to high-severity vulnerabilities have been patched in iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2 which were shipped on January 23, 2023.

Security Bites

👋 Tips - 🔐 Security - Compliance Driven vs Security Driven Architecture, what if you combine both?

ComplianceForge has published a comprehensive comparison of four popular cybersecurity frameworks: NIST 800-53, ISO 27002, NIST CSF, and SCF. Each framework has its own strengths and weaknesses, and the choice of framework depends on factors such as industry, regulatory requirements, and organizational goals.

• NIST 800-53 is a comprehensive framework that covers a wide range of security controls and is often used by government agencies and contractors.
• ISO 27002 is an international standard that provides a framework for information security management and is widely recognized in the private sector.
• NIST CSF is a risk-based framework that provides a flexible approach to cybersecurity and is used by organizations of all sizes.

SCF is a newer framework that is gaining popularity due to its focus on critical infrastructure and supply chain security.

The comparison provides a detailed analysis of each framework, including its scope, structure, and applicability. It also highlights the similarities and differences between the frameworks and provides guidance on how to choose the right framework for your organization.

In conclusion, the choice of cybersecurity framework depends on multiple factors, and organizations should carefully consider their requirements before selecting a framework. ComplianceForge's comparison of NIST 800-53, ISO 27002, NIST CSF, and SCF provides a valuable resource for organizations looking to evaluate and select a framework that best suits their needs.

However, it is critical to map this to the threats you are exposed to using frameworks like MITRE ATT&CK and intelligence signals. Register for the PurpleHat Conference 2023 to watch my keynote about how to do that and more exciting stuff.

Read more about it here.

My Favorites

📚 🤩 Cryptography Books I Recommend Reading 🕹

Title: Applied Cryptography: Protocols, Algorithms, and Source Code in C

Author: Bruce Schneier

Overview: This book is a classic in the field of cryptography and covers a wide range of topics, from basic encryption and decryption techniques to more advanced topics like digital signatures and key exchange protocols. The book also includes sample code in C, making it a great resource for programmers.

Title: Cryptography Engineering: Design Principles and Practical Applications

Author: Bruce Schneier, Niels Ferguson, and Tadayoshi Kohno

Overview: This book is a practical guide to cryptography, covering topics like key management, protocol design, and implementation issues. The authors provide real-world examples and case studies to illustrate their points, making the book accessible to a wide range of readers.

Title: The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography

Author: Simon Singh

Overview: This book provides an engaging history of cryptography, covering everything from the ancient Greeks to modern-day quantum cryptography. The book is well-written and accessible to non-technical readers, making it a great choice for anyone interested in the history and science of encryption.

🎙 Podcast - Three infosec podcasts worth exploring

• Darknet Diaries: Host Jack Rhysider explores true stories from the dark side of the internet, including hacks, breaches, and cybercrime.
• Security Now: A weekly podcast hosted by Steve Gibson and Leo Laporte that covers the latest in security news and trends.
• Risky Business: A weekly podcast hosted by Patrick Gray that covers the latest news and analysis in the world of information security.

Enjoy listening!

🎥 Videos - The future of work: Will robots take my job?

Disclaimer: This is not about ChatGPT.

This video from 2014 discusses the future of work and whether robots will take over jobs. The speaker argues that while some jobs may be replaced by automation, new jobs will also emerge as technology advances. They suggest that individuals should focus on developing skills that cannot be easily automated, such as creativity and empathy. The video serves as a useful resource for individuals interested in the future of work and the impact of technology on the job market. Watch the video here.

Quote of the Week

"If you are pained by any external thing, it is not this thing that disturbs you, but your own judgment about it. And it is in your power to wipe out this judgment now." - Marcus Aurelius

If you’re interested in starting a career in cybersecurity, watch this one, and don’t forget to subscribe to my channel and leave a comment if there are any topics you’re interested in seeing in my next video.

Check out my other stuff here.