Every week I writer here what I learn this week about cybersecurity.

Webinars

• New Phishing Benchmarks Unlocked:Is Your Organization Ahead of the Curve in 2023 – Joanna Huisman, SVP, Strategic Insights and Research,KnowBe4: Cybercriminals continue to rely on proven attack methods while developing new ways to infiltrate digital environments and break through your human defense layer. But how can you reduce your organization’s attack surface? KnowBe4 looked at 12.5 million users across 35,681 organizations to find out.
• 2023 DBIR Presents Episode 1: System Intrusion – The Verizon 2023 Data Breach Investigations Report (DBIR) examines confirmed breaches and sheds light on how the most common forms of cyber attacks affected the security landscape globally. System Intrusion is the number one breach pattern and represents of 37% all breaches. 80% of System Intrusion incidents involved Ransomware as attackers continue to leverage a bevy of different techniques to compromise an organization and monetize their access.
• How to Design a Least Privilege Architecture in AWS – Dave Shackleford, SANS analyst; Sagar Khasnis, Partner Solutions Architect at AWS: Implementing a least privilege architecture can reduce risk and minimize disruptions by allowing only the minimum required authority to perform a duty or task. Adding network micro-segmentation also restricts east-west movement to reduce the number of vulnerable pathways to applications. When combined, these methods create a granular security environment that provides strong attack resistance. In this webinar, SANS and AWS Marketplace will present examples of how to set up a least privilege stack, covering such key issues as where to start and what to prioritize. Additionally, they will present real-world use cases of least privilege stacks and effective micro-segmentation methods that have been deployed in Amazon Web Services (AWS).

Articles

• Police arrests Ukrainian scareware developer after 10-year hunt – The Spanish National Police has apprehended a Ukrainian national wanted internationally for his involvement in a scareware operation spanning from 2006 to 2011.
• IT worker jailed for impersonating ransomware gang to extort employer – 28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack.
• Thousands of images on Docker Hub leak auth secrets, private keys – Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface.
• How Hackers Can Hijack a Satellite – We rely on them for communications, military activity, and everyday tasks. How long before attackers really start to look up at the stars?
• Hacker Infected & Foiled by Own Infostealer – A prolific threat actor has been operating on Russian-language forums since 2020, but then he accidentally infected his own computer and sold off its contents to threat researchers.
• Estée Lauder beauty giant breached by two ransomware gangs – Two ransomware actors, ALPHV/BlackCat and Clop, have listed beauty company Estée Lauder on their data leak sites as a victim of separate attacks.
• OpenAI credentials stolen by the thousands for sale on the dark web – Threat actors are showing an increased interest in generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials for sale on the dark web and access to a malicious alternative for ChatGPT.
• Microsoft: Hackers turn Exchange servers into malware control centers – Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry and Microsoft Exchange servers with a new ‘DeliveryCheck’ malware backdoor.
• Sogu, SnowyDrive Malware Spreads, USB-Based Cyberattacks Surge – Two separate threat actors are using poisoned USB drives to distribute malware in cyber-espionage campaigns targeting organizations across different sectors and geographies.
• Attackers Pummel Millions of Websites via Critical WooCommerce Payments Flaw – A barrage of targeted attacks against vulnerable installations peaked at 1.3 million against 157,000 sites over the weekend, aimed at unauthenticated code execution.
• The Biden administration is tackling smart devices with a new cybersecurity label – The Biden administration is launching a new cybersecurity label for smart devices today.
• Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps – China-linked APT actors could have single-hop access to the gamut of Microsoft cloud services and apps, including SharePoint, Teams, and OneDrive, among many others.
• Pioneering hacker Kevin Mitnick, FBI-wanted felon turned security guru, dead at 59 – Kevin Mitnick, whose pioneering antics tricking employees in the 1980s and 1990s into helping him steal software and services from big phone and tech companies made him the most celebrated U.S. hacker, has died at age 59.
• Amazon agrees to $25 million fine for Alexa children privacy violations – The U.S. Justice Department and the Federal Trade Commission (FTC) announced that Amazon has agreed to pay a $25 million fine to settle alleged children’s privacy laws violations related to the company’s Alexa voice assistant service.

Podcasts

• Smashing Security 331: Boris Johnson’s WhatsApps, and sextorting party girls

Projects

• TryHackMe – SOC Level 1 (48% Complete)
  • Intro to Enpoint Security – Complete
  • Core Windows Processes – Complete