Security Leftovers

posted by Roy Schestowitz on Sep 08, 2023

• Security Relevant DNS Records, (Wed, Sep 6th)

  DNS has a big security impact. DNS is partly responsible for your traffic reaching the correct host on the internet. But there is more to DNS than name resolution. I am going to mention a few security-relevant record types here, in no particular order:

• Password-Stealing Chrome Extension Demonstrates New Vulnerabilities

  Academic researchers design a Chrome extension to steal passwords from input fields and publish it to the Chrome webstore.

• Well-known security consultant ‘Mudge’ is once again on the move

  The former hacker known as Mudge is once again on the move. Mudge, the alias for Peiter Zatko (pictured, center), was the former head of security back when X Corp. was known as Twitter. He is now a consultant for the U.S. Cybersecurity and Infrastructure Security Agency, the Washington Post reported yesterday.

• Information disclosure through insecure design

  Introduction Insecure design can lead to many issues. The Software Development Life Cycle (SDLC) should contain steps to evaluate and consider security throughout the process.

• The Insider website hit by DDoS attack after publishing investigation into “patriotic” hacker group Killnet

  The Insider's website was hit by a 24-hour DDoS attack after the publication of an investigation into the Killnet group, which calls itself the "Russian cyber army." The attack began the day after the investigative report was released online, starting at 13:00 Moscow time and peaking at a rate of 20,000 requests per second. The Insider's website and its mirrors went offline briefly on September 6, hit by a flood of requests from close to 400,000 different IP addresses.

• Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Mistakes [Ed: It is Microsoft’s fault, not China. Microsoft kept covering up, do not paint it as a victim. Microsoft is the worst possible "supply chain".]

  Microsoft reveals how a crash dump from 2021 inadvertently exposed a key that Chinese cyberspies later leveraged to hack US government emails.

• Mystery solved? Microsoft thinks it knows how Chinese hackers stole its signing key [Ed: Deflection. Microsoft failed, stop blaming "China".]

  A "crash dump" file containing a highly sensitive signing key is believed to have been at the center of an explosive Chinese hacking campaign.

• W3LL ‘Phishing Empire’ targets Microsoft 365 accounts [Ed: Do not use Microsoft. Use software that you control and runs locally.]

  A new report from cybersecurity services company Group-IB Global Pvt. Ltd. warns of a largely unknown threat actor that is running a “phishing empire” targeting Microsoft 365 accounts.

• Researchers identify high-grade phishing kits attacking nearly 60,000 Microsoft 365 accounts [Ed: Do not outsource to Microsoft. use Free software like LibreOffice.]

  Hackers compromised roughly 8,000 of those accounts with tools that a cybercrime group known as W3LL sold through its underground marketplace.

• Cash-Strapped IronNet Faces Bankruptcy Options

  It appears to be the end of the road for IronNet, the once-promising network security play founded by former NSA director General Keith Alexander.

• Investors Betting Big on Upwind for CNAPP Tech

  Upwind raises a total of $80 million in just 10 months as investors pour cash into startups in the cloud and data security categories.

• Thousands of Popular Websites Leaking Secrets

  Truffle Security has discovered thousands of popular websites leaking their secrets, including .git directories and AWS and GitHub keys.

• Dozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio

  Dozens of vulnerabilities have been found in widely used security cameras made by defunct Chinese company Zavio.