Oftentimes your high-ego, “I’m smart enough not to get hacked” techies are more dangerous than Randall over in Sales. They see a shiny new “PoC exploit” for a spicy CVE on GitHub and think, “I got this. I’ll just test it real quick on my machine.
Well, thatâs exactly how the WebRAT malware is spreading right now. Threat actors are spinning up convincing GitHub repos that mimic proof-of-concept exploits for recently disclosed vulnerabilities (high CVSS stuff like Windows RasMan flaws). The repos look legit: AI-generated descriptions, mitigation details, code snippets, etc.
đ§ A must-listen to episode of the Down the Security Rabbithole Podcast that nails the identity crisis we’ve been facing for years. Rafal Los and his guests unpack the risks of the many idp problem, weak observability, and fragmented controls across identity providers. As usual, a great blend of technical and administrative insights.
https://dtsr.buzzsprout.com/2153215/episodes/17018052-dtsr-episode-650-executing-a-human-focused-security-approach*
62 malicious Chrome extensions have found ways around Google’s ban on remote code execution. They’re linked to Phoenix Invicta, Technosense Media, and notably, Sweet VPN. These extensions inject ads and could compromise user data.
Phoenix Invicta, once known as Funteq Inc., has a convoluted corporate setup, with ties to the US, Hong Kong, and operations in Ukraine. They use techniques like manipulating the declarativeNetRequest API to execute remote code, despite Google’s restrictions.
Why would an unused domain even need any resources records? # It’s common for domains to go unused. Sometimes they’re purchased for a potential idea or project. Other times, it’s to protect a name or trademark, or maybe they’re meant for use internally on a protected and private network. But the internet does weird stuff and sometimes there are steps that should be taken even if these domains aren’t being used.
This was the event to attend if you’re in or around Arkansas and looking for motivated professionals coming into IT and cyber. We definitely needed more small and medium enterprises from our community represented. I was honored to help and to represent Central States Manufacturing, Inc. And while I don’t have an open role right now, I have a great pool of folks to stay in contact with, follow their journey, assist along the way, and hopefully hire when I do.
Excited to be giving my first talk here in Northwest Arkansas. Going over some simple wins when securing legacy tech in the small and medium enterprise (SME) space with the local ArkanSec group https://www.linkedin.com/groups/12068915/
The NSA and CISA have released hardening guidance for Kubernetes. The guidance describes the security challenges associated with setting up and securing a Kubernetes cluster. It includes hardening strategies to avoid common misconfigurations and guide system administrators and developers of National Security Systems on how to deploy Kubernetes with example configurations for the recommended hardening measures and mitigations. This guidance details the following mitigations:
Scan containers and Pods for vulnerabilities or misconfigurations. Run containers and Pods with the least privileges possible. Use network separation to control the amount of damage a compromise can cause. Use firewalls to limit unneeded network connectivity and encryption to protect confidentiality. Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface. Use log auditing so that administrators can monitor activity and be alerted to potential malicious activity. Periodically review all Kubernetes settings and use vulnerability scans to help ensure risks are appropriately accounted for and security patches are applied.
The Biden administration is making a Software Bill of Materials (SBOM), an electronically readable format designed to provide an inventory of third-party components in devices, a requirement amid efforts to improve cybersecurity across the federal government and private sector.
https://www.medtechdive.com/news/biden-orders-software-bill-of-materials-to-boost-cybersecurity-advamed-wan/600594/
Security by obscurity is not enough by itself. You should always enforce the best practices. However, if you can reduce the risk with zero cost, you should do that. Obscurity is a good layer of security.
https://utkusen.com/blog/security-by-obscurity-is-underrated
This afternoon, I’m attending the funeral for a coworker we lost last weekend. Over the course of the next week or two, we’ll be assisting his family gain access to the many online services he had managed. Each time I’ve experienced a tragedy like this, I’ve seen the families struggle with the digital footprint and account access of their lost loved one. Like life insurance, emergency access to online services is too often an item on our to-do list, rarely ever getting completed. Password managers help families in these situations. They act as a consolidated list of the accounts making up one’s digital footprint. However, if emergency access has not been set up, they provide no help and access becomes a major hurdle to overcome for a grieving family.