Cybersecurity 🔐 And Much More Newsletter 📪  Vol. 4 Num. 4

Cybersecurity 🔐 And Much More Newsletter 📪 Vol. 4 Num. 4

Hey there, 👋

I hope you have been doing well! 😊

📫 Welcome to my newsletter.

📰 In this newsletter:

This newsletter covers various topics including cybersecurity vulnerabilities such as CVE-2023-45249, CVE-2012-4792, CVE-2024-39891, CVE-2024-34102, CVE-2024-28995, and CVE-2022-22948. It also includes news and breaches related to CrowdStrike, Microsoft Defender SmartScreen, Chrome, VMware vCenter Server, GitHub, and Google. Additionally, it provides information on adopting the OWASP DSOMM DevSecOps framework and getting started with Tines security automation. The newsletter concludes with a list of top time management books and a quote of the week.

Enjoy!

☢️ Threats and Vulnerabilities (TnV)

CVE-2024-37085

VMware ESXi Authentication Bypass Vulnerability: VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

CVE-2024-4879

ServiceNow Improper Input Validation Vulnerability: ServiceNow Utah, Vancouver, and Washington DC Now releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.

CVE-2024-5217

ServiceNow Incomplete List of Disallowed Inputs Vulnerability: ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.

CVE-2023-45249

Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability: Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.

CVE-2012-4792

Microsoft Internet Explorer Use-After-Free Vulnerability: Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.

CVE-2024-39891

Twilio Authy Information Disclosure Vulnerability: Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.

CVE-2024-34102

Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability: Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.

CVE-2024-28995

SolarWinds Serv-U Path Traversal Vulnerability : SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.

CVE-2022-22948

VMware vCenter Server Incorrect Default File Permissions Vulnerability : VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.

🎭 News and Breaches (NnB)

CrowdStrike finally share all the details in an incident report

CrowdStrike published its Preliminary Post Incident Review from last week's massive incident. The company detailed its InterProcessCommunication Template type used in novel attack detection, first introduced in February and tested on March 5th. Since then, it introduced two more templates in April without issue. On July 19th, it introduced two more templates, one of which contained “problematic content data.” This went into production due to “a bug in the Content Validator” that assumed the template from March also meant the July template instance was okay to use. The template “resulted in an out-of-bounds memory read triggering an exception” that led to the Windows crashes.

Hackers exploiting Microsoft Defender SmartScreen bug

Researchers at Fortinet FortiGuard Labs have observed a new campaign exploiting an Internet Shortcut Files Security Feature Bypass vulnerability that we have reported on several times. This vulnerability allows threat actors to spread the information stealer malware versions ACR Stealer, Lumma, and Meduza. Microsoft released patches for this flaw in the Patch Tuesday updates in February this year. Attacks have been noted in Spain, Thailand, and the U.S.

Chrome to scan password-protected files for malicious content

New security warnings will be added to the Chrome web browser to enhance user diligence when downloading potentially suspicious or malicious files. The new warning messages will “convey more nuance about the nature of the danger” to help users make more informed decisions. This will take the form of a two-tier download warning system for suspicious and dangerous files. Each category will have its own icons, colors, and text.

Researchers bypass ‘Windows Hello’ authentication

Microsoft’s Windows Hello for Business (WHfB) was introduced in Windows 10 as a phishing-resistant authentication model that uses cryptographic keys embedded in a computer’s Trusted Platform Module (TPM) and linked to biometric or PIN-based verification. Late last year, Accenture’s red team found that WHfB is susceptible to adversary-in-the-middle (AitM) attacks. In these attacks, an attacker can intercept and alter POST requests to Microsoft’s authentication services, causing WHfB to default to less secure passwords or OTP methods, allowing them to break into PCs and laptops. The Accenture team reported the issue to Microsoft, who has issued a fix. The Accenture team will demonstrate the attack at Black Hat USA 2024 in Las Vegas on August 8.

Over 3,000 GitHub accounts used by malware distribution service

According to BleepingComputer, “threat actors known as Stargazer Goblin have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware.” The malware delivery service is called Stargazers Ghost Network. It “uses GitHub repositories along with compromised WordPress sites to distribute password-protected archives that contain infostealer malware." Researchers from Check Point discovered the operation, saying it’s the first time such an organized and large-scale scheme has been documented running on GitHub. A platform trusted by its users, who are therefore more likely to fall for malicious links within its repositories.

Google scuttles third-party cookie deprecation

Google had previously announced plans to eliminate third-party cookies in Chrome by the start of Q2 2025. It intended to replace cookies with its Privacy Sandbox initiative for personalized ads. Due to publishers’ slow adoption of Privacy Sandbox, Google says it will no longer deprecate third-party cookies. Instead, it will introduce a new Chrome experience “that lets people make an informed choice that applies across their web browsing.” Google didn’t release many details about this “experience” other than that users will be able to adjust their choice at any time.

Who thought that hacking domains was like catching sitting ducks?

Researchers at Infoblox and Eclypsium have discovered that a powerful attack vector in the domain name system (DNS) is being widely exploited across many DNS providers. Over a dozen Russian-nexus cybercriminal actors are using this vector to hijack domain names without being noticed. They’ve called it the Sitting Ducks attack.

🧨 Security Tips and Tricks (TnT)

Enhancing Organizational Security: A Guide to Adopting the OWASP DSOMM DevSecOps Framework

In today's rapidly evolving digital landscape, organizations face an ever-increasing array of cybersecurity threats. To combat these challenges, many are turning to advanced frameworks that integrate security seamlessly into their development and operations processes. One such framework is the OWASP DevSecOps Maturity Model (DSOMM). This comprehensive guide will walk you through the process of adopting DSOMM to enhance your organization's security posture.

Understanding DSOMM

The OWASP DSOMM framework is designed to help organizations assess and improve their DevSecOps practices. It outlines four maturity levels, each representing a progressively sophisticated approach to security integration:

  1. Basic understanding of security practices
  2. Adoption of basic security practices
  3. High adoption of security practices
  4. Advanced deployment of security practices at scale

By progressing through these levels, organizations can systematically enhance their security measures and create a more resilient infrastructure.

Starting Your DSOMM Journey

The first step in adopting DSOMM is to assess your current state. This involves evaluating existing security practices and DevOps processes to identify gaps and areas for improvement. Once you have a clear picture of your starting point, you can begin to set clear, measurable goals for each stage of your DSOMM implementation.

It's crucial to align these objectives with your organization's overall security strategy. This alignment ensures that your DSOMM adoption efforts contribute meaningfully to your broader security goals.

Implementing Foundational Practices

With your goals in place, start by integrating basic security measures into your development lifecycle. This includes conducting regular security assessments, implementing fundamental security controls, and integrating security considerations into the development process from the outset.

As you progress, gradually introduce automation into your security practices. This might involve implementing automated security testing, setting up continuous monitoring systems, and integrating threat intelligence into your processes. Automation not only improves efficiency but also helps maintain consistent security standards across your organization.

Fostering a Security-First Culture

One of the key aspects of successful DSOMM adoption is fostering a security-first culture within your organization. This involves promoting collaboration between development, operations, and security teams. Encourage a shift-left approach to security, where security considerations are addressed early in the development process rather than as an afterthought.

Implementing Advanced Security Measures

As your organization progresses through the DSOMM maturity levels, you'll need to incorporate more sophisticated security practices. These might include:

  • Scanning git repositories for potential credential leaks
  • Performing Static Application Security Testing (SAST)
  • Conducting Software Composition Analysis (SCA)
  • Implementing Interactive Application Security Testing (IAST)
  • Performing Dynamic Application Security Testing (DAST)
  • Scanning Infrastructure as Code (IaC) for misconfigurations
  • Conducting infrastructure scanning
  • Performing compliance checks

Each of these practices adds another layer of security to your DevOps processes, helping to create a more robust and resilient system.

Continuous Improvement and Adaptation

Adopting DSOMM is not a one-time effort but an ongoing process of improvement and adaptation. Regularly assess your progress against the DSOMM framework and be prepared to adjust your strategies based on new threats, emerging technologies, and evolving best practices.

Leveraging Tools and Technologies

To support your DSOMM adoption, leverage appropriate DevSecOps tools. These may include vulnerability scanners, configuration management tools, and security information and event management (SIEM) systems. The right tools can significantly streamline your security processes and help maintain consistent standards across your organization.

Measuring and Reporting Progress

Finally, it's essential to measure and report on your progress as you advance through the DSOMM levels. Use metrics to track your advancement and share progress reports with stakeholders. This not only helps maintain support for your DevSecOps initiatives but also provides valuable insights for future improvements.

Conclusion

Adopting the OWASP DSOMM framework is a journey that requires commitment, resources, and ongoing effort. However, the benefits in terms of enhanced security, improved efficiency, and reduced risk make it a worthwhile endeavor for any organization serious about its cybersecurity posture. By following this guide and progressively implementing the DSOMM framework, your organization can significantly enhance its security measures, integrating them seamlessly into your development and operations processes. Remember, in the world of cybersecurity, standing still is moving backward – continuous improvement is key to staying ahead of potential threats.

Here are some resources to get you started:

Beginner's Guide to Tines Security Automations

Introduction to Tines

Tines is a powerful automation platform specifically designed for security teams. It enables users to automate repetitive tasks, streamline workflows, and respond to security incidents more efficiently. This guide will walk you through the basics of getting started with Tines.

Why Use Tines for Security Automation?

  • Efficiency: Automate repetitive tasks to free up time for more strategic activities.
  • Consistency: Ensure standardized responses to incidents and reduce human error.
  • Scalability: Easily scale operations without proportional increases in manual effort.
  • Speed: Respond to threats faster with automated processes.

Key Concepts

  1. Stories: A story in Tines is a collection of actions that define an automation workflow. Each story has a specific goal, such as incident response, threat detection, or data enrichment.
  2. Actions: Actions are the building blocks of stories. They perform specific tasks like sending an email, making an HTTP request, or parsing data.
  3. Agents: Agents are reusable components that perform actions. They can be configured once and used across multiple stories.
  4. Triggers: Triggers start a story based on specific conditions, such as receiving a particular type of alert or at scheduled times.

Getting Started

Step 1: Sign Up and Set Up

  1. Sign Up: Create an account on the Tines platform.
  2. Dashboard Overview: Familiarize yourself with the Tines dashboard, where you can create and manage stories, actions, and agents.

Step 2: Create Your First Story

  1. New Story: Click on "New Story" to start creating your first automation workflow.
  2. Define the Goal: Set a clear goal for your story, such as automating the response to a phishing email.

Step 3: Add Actions

  1. Add Actions: Click on "Add Action" to define the tasks your story will perform. For example: HTTP Request: Fetch data from an external API. Email: Send an alert email to your team. Parse: Extract useful information from raw data.
  2. Configure Actions: Provide the necessary details for each action, such as URLs, headers, and payloads for HTTP requests.

Step 4: Use Agents

  1. Create Agents: Define agents that can be reused across multiple stories. For example, an agent that sends notifications to Slack.
  2. Configure Agents: Set up the agent with the required parameters, such as Slack webhook URLs or API keys.

Step 5: Add Triggers

  1. Define Triggers: Set up triggers to start your story based on specific events. For example, a trigger could be an incoming alert from your SIEM system.
  2. Configure Triggers: Provide details for the trigger, such as the type of alert and conditions that must be met.

Best Practices

  1. Modular Design: Break down complex workflows into smaller, reusable actions and agents.
  2. Testing: Test each action individually to ensure it works as expected before integrating it into your story.
  3. Documentation: Document your stories, actions, and agents to ensure that your team understands how they work.
  4. Monitoring: Set up monitoring to track the performance and outcomes of your automated workflows.

Conclusion

Tines is a versatile and powerful tool for automating security operations. By following their free certification training, you can start creating your own automated workflows to improve efficiency, consistency, and speed in your security practices. As you become more familiar with Tines, you can explore advanced features and create more complex automations to further enhance your security posture.

For more inspiration, read about How GitLab Incident Response Team improved their operational efficiency using Tines. GitLab’s incident response team needed help scaling operations and improving efficiency, so they sought a platform to build a mature automation program. Tines helped them achieve all of this and more. Two and a half years later, the platform is so essential to their daily operations that completing the Tines certification is now part of the onboarding process for all new incident response team members.

Happy automating!

📚 Smart Book Corner

Top 5 Time Management Books

Getting Things Done: The Art of Stress-Free Productivity by David Allen

Allen introduces the GTD (Getting Things Done) methodology, which emphasizes capturing all tasks and ideas in a trusted system and breaking them down into actionable steps. The book provides strategies for managing workflow and reducing stress.

Deep Work: Rules for Focused Success in a Distracted World by Cal Newport

Newport argues that deep work—focused, uninterrupted tasks—is essential for achieving high levels of productivity. The book offers practical advice on how to minimize distractions and cultivate deep work habits.

The 7 Habits of Highly Effective People: Powerful Lessons in Personal Change by Stephen R. Covey

Covey outlines seven habits that can transform personal and professional effectiveness. Key habits include being proactive, beginning with the end in mind, and prioritizing tasks based on importance rather than urgency.

Eat That Frog!: 21 Great Ways to Stop Procrastinating and Get More Done in Less Time by Brian Tracy

Tracy provides 21 practical techniques to overcome procrastination and improve productivity. The central idea is to tackle the most challenging task (the frog) first thing in the morning to build momentum for the rest of the day.

Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones by James Clear

Clear explains how small, incremental changes can lead to significant improvements over time. The book focuses on the science of habit formation and offers strategies for building good habits and breaking bad ones to enhance productivity.

Quote of the Week

"Perseverance is not a long race; it is many short races one after the other." — Walter Elliot

Subscribe 🔥 to my newsletter for the latest updates on cybersecurity, tech insights, and growth mindset tips. Don't forget to leave a comment and share your thoughts with the community!

Big thanks for sharing this incredible resource! Your generosity is making a real difference, and we're all cheering you on! 🚀👏

Like
Reply

To view or add a comment, sign in

More articles by Seif H.

Insights from the community

Others also viewed

Explore topics