Cyber Bites

Edwin Kwan

Your weekly dose of cyber security news by Edwin Kwan Stay sharp in the digital world! "Cyber Bites" delivers cybersecurity insights, industry trends, and personal experiences to keep you informed and protected.

edwinkwan.substack.com read less
TechnologyTechnology
NewsNews
Tech NewsTech News
Start Here
Cyber Bites - 20th December 2024
2d ago
Cyber Bites - 20th December 2024
* New Phishing Scam Uses Fake CAPTCHA Tests to Install Malware* Google Releases Open-Source Tool to Speed Up Android Security Patching* The Global Trail of Stolen Smartphones* Year-Long Attack Steals Credentials from Security Researchers and Hackers* Australia Leads the Way in Quantum-Resistant CryptographyNew Phishing Scam Uses Fake CAPTCHA Tests to Install Malwarehttps://au.pcmag.com/security/107245/this-captcha-test-can-trick-windows-users-into-installing-malwareA new phishing scam is targeting unsuspecting users with fake CAPTCHA tests. These malicious tests, disguised as legitimate security measures, are designed to trick victims into installing malware on their devices.How the Scam Works:* Fake CAPTCHA: Users encounter a fake CAPTCHA test on a malicious website.* Malicious Instructions: The CAPTCHA asks users to perform specific keystrokes, such as "Windows + R" followed by "Ctrl + V."* Malware Installation: These keystrokes execute a PowerShell script that downloads and installs the Lumma Stealer malware.* Data Theft: Once installed, the Lumma Stealer can steal sensitive information, including passwords, cookies, and cryptocurrency wallet details.The Growing Threat of Phishing Attacks:This latest phishing scam highlights the ongoing threat posed by cybercriminals who continuously evolve their tactics to target unsuspecting users. It's crucial to remain vigilant and exercise caution when encountering online requests, especially those involving unusual actions.Tips to Protect Yourself:Be Wary of Unusual CAPTCHAs, If a CAPTCHA test asks you to perform actions beyond simple image recognition, be suspicious. And avoid clicking on links in unsolicited emails or messages, even if they appear to come from a trusted source.Google Releases Open-Source Tool to Speed Up Android Security Patchinghttps://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.htmlGoogle has released Vanir, a new open-source tool designed to streamline the process of identifying and applying security patches to Android devices.The Problem:The Android ecosystem relies on a complex update process where manufacturers must incorporate security fixes from Google and deploy them to individual devices. This process is time-consuming and labor-intensive, often leaving devices vulnerable for longer periods.Vanir's Solution:Vanir uses static code analysis to directly compare a device's code against known vulnerable code patterns. This approach avoids relying on unreliable metadata like version numbers and focuses on the actual code itself.Benefits of Vanir:* Faster Patch Identification: Vanir automates the identification of missing security patches, significantly reducing the time it takes for manufacturers.* Improved Accuracy: Vanir boasts a 97% accuracy rate, minimizing false alarms and wasted effort.* Scalability: Vanir can be applied across diverse Android ecosystems and can be easily adapted to other platforms with minor modifications.* Open Source: By making Vanir open source, Google encourages collaboration and wider adoption within the security community.Impact:Vanir is expected to significantly improve the security posture of Android devices by enabling faster and more efficient deployment of critical security patches. This will ultimately benefit all Android users by reducing their exposure to vulnerabilities.Availability:Vanir is available now on GitHub under the BSD-3 license. The tool can be used as a standalone application or integrated into existing build systems.The Global Trail of Stolen Smartphoneshttps://www.dailymail.co.uk/news/article-14165053/How-stolen-phone-ends-Chinas-Silicon-Valley.htmlA Dark Journey from London Streets to Chinese MarketsThe theft of mobile phones in major cities like London has become a significant global issue, with stolen devices often ending up thousands of miles away in China.The Theft and Smuggling Process:* Street Theft: Phone snatchers, often operating in gangs, target unsuspecting victims in busy areas.* Handoff to Brokers: Stolen phones are quickly passed on to brokers, who may be involved in other criminal activities.* Securing the Device: To prevent tracking, the phones are placed in Faraday cages to block signals.* Shipping to China: The phones are shipped to China, often through intricate smuggling routes.* Repairs and Resale: In China, stolen phones are either sold as second-hand devices or disassembled for parts. Valuable components like gold, silver, and lithium-ion batteries are extracted.The Impact on Victims:Beyond the financial loss, victims of phone theft may also face privacy and security risks. Stolen phones can be used to access personal information, financial accounts, and social media profiles.Combating the Problem:Law enforcement agencies, technology companies, and governments are working together to combat phone theft and the global black market. Some strategies include:* Improved Tracking Technologies: Phone manufacturers are implementing advanced tracking and security features to deter theft and facilitate recovery.* International Cooperation: Law enforcement agencies are collaborating across borders to disrupt criminal networks involved in phone theft and smuggling.* Public Awareness Campaigns: Educating the public about the risks of phone theft and how to protect themselves.While significant progress has been made, the global trade in stolen phones remains a complex issue. By understanding the methods used by criminals and the international supply chain, we can work towards more effective prevention and recovery strategies.Year-Long Attack Steals Credentials from Security Researchers and Hackershttps://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/Over 390,000 WordPress credentials and sensitive data stolen in a large-scale campaign targeting cybersecurity professionals.A sophisticated cyberespionage campaign spanning over a year has compromised hundreds of systems belonging to security researchers, penetration testers, and potentially even malicious actors. Datadog Security Labs discovered the campaign, which is believed to be carried out by a threat actor tracked as MUT-1244.Fake Exploits and Phishing Lured VictimsThe attackers used a two-pronged approach:* Trojanized Repositories: They created fake repositories on GitHub containing malicious code disguised as proof-of-concept exploits for known vulnerabilities. Security professionals searching for exploit code unknowingly downloaded and executed the malware.* Phishing Emails: Phishing emails tricked victims into installing fake kernel updates that were actually malware.Stolen Data Included SSH Keys and AWS CredentialsThe malware targeted valuable data, including:* WordPress credentials (over 390,000 stolen)* SSH private keys* AWS access keys* Command historyAttackers Exploited Trust Within Security CommunityThe use of fake repositories on trusted platforms like GitHub allowed the attackers to exploit trust within the cybersecurity community. Additionally, some of the stolen credentials likely belonged to attackers who were using a tool called "yawpp" to validate stolen credentials. This suggests the attackers were targeting both legitimate security professionals and malicious actors.Hundreds Still at Risk as Campaign ContinuesResearchers believe hundreds of systems remain compromised, and the campaign is still ongoing. Security professionals and researchers are advised to be cautious when downloading code from untrusted sources and to be wary of unsolicited emails, even those seemingly related to security updates.Australia Leads the Way in Quantum-Resistant Cryptographyhttps://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptographyAustralia's Cyber Security Agency Accelerates Transition to Post-Quantum CryptographyThe Australian Signals Directorate (ASD) has announced plans to phase out traditional cryptographic algorithms like SHA-256, RSA, ECDSA, and ECDH in high-assurance cryptographic equipment by 2030. This move aims to proactively address the potential threat posed by quantum computing advances, which could render current encryption methods obsolete.The Quantum Threat:Quantum computers, once fully realized, have the potential to break current cryptographic standards, compromising sensitive data and systems. To mitigate this risk, the US National Institute of Standards and Technology (NIST) has developed new quantum-resistant algorithms.Australia's Proactive Approach:While NIST has set a 2035 deadline for transitioning to quantum-resistant cryptography, Australia is taking a more aggressive stance, aiming to complete the transition five years earlier for high-assurance systems. This proactive approach demonstrates Australia's commitment to cybersecurity and its recognition of the potential impact of quantum computing.Challenges of the Transition:The transition to post-quantum cryptography presents significant challenges, including:* Technical Complexity: Implementing new cryptographic algorithms requires careful planning and technical expertise.* Interoperability: Ensuring compatibility with existing systems and standards is crucial.* Security Risks: A poorly executed transition could introduce new vulnerabilities.The Road Ahead:As quantum computing technology continues to advance, it is essential for organizations to stay informed about the latest developments and to plan for a smooth transition to quantum-resistant cryptography. By taking proactive steps to adopt new standards, organizations can protect their sensitive data and systems from future threats. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

Episodes

Cyber Bites - 20th December 2024
2d ago
Cyber Bites - 20th December 2024
* New Phishing Scam Uses Fake CAPTCHA Tests to Install Malware* Google Releases Open-Source Tool to Speed Up Android Security Patching* The Global Trail of Stolen Smartphones* Year-Long Attack Steals Credentials from Security Researchers and Hackers* Australia Leads the Way in Quantum-Resistant CryptographyNew Phishing Scam Uses Fake CAPTCHA Tests to Install Malwarehttps://au.pcmag.com/security/107245/this-captcha-test-can-trick-windows-users-into-installing-malwareA new phishing scam is targeting unsuspecting users with fake CAPTCHA tests. These malicious tests, disguised as legitimate security measures, are designed to trick victims into installing malware on their devices.How the Scam Works:* Fake CAPTCHA: Users encounter a fake CAPTCHA test on a malicious website.* Malicious Instructions: The CAPTCHA asks users to perform specific keystrokes, such as "Windows + R" followed by "Ctrl + V."* Malware Installation: These keystrokes execute a PowerShell script that downloads and installs the Lumma Stealer malware.* Data Theft: Once installed, the Lumma Stealer can steal sensitive information, including passwords, cookies, and cryptocurrency wallet details.The Growing Threat of Phishing Attacks:This latest phishing scam highlights the ongoing threat posed by cybercriminals who continuously evolve their tactics to target unsuspecting users. It's crucial to remain vigilant and exercise caution when encountering online requests, especially those involving unusual actions.Tips to Protect Yourself:Be Wary of Unusual CAPTCHAs, If a CAPTCHA test asks you to perform actions beyond simple image recognition, be suspicious. And avoid clicking on links in unsolicited emails or messages, even if they appear to come from a trusted source.Google Releases Open-Source Tool to Speed Up Android Security Patchinghttps://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.htmlGoogle has released Vanir, a new open-source tool designed to streamline the process of identifying and applying security patches to Android devices.The Problem:The Android ecosystem relies on a complex update process where manufacturers must incorporate security fixes from Google and deploy them to individual devices. This process is time-consuming and labor-intensive, often leaving devices vulnerable for longer periods.Vanir's Solution:Vanir uses static code analysis to directly compare a device's code against known vulnerable code patterns. This approach avoids relying on unreliable metadata like version numbers and focuses on the actual code itself.Benefits of Vanir:* Faster Patch Identification: Vanir automates the identification of missing security patches, significantly reducing the time it takes for manufacturers.* Improved Accuracy: Vanir boasts a 97% accuracy rate, minimizing false alarms and wasted effort.* Scalability: Vanir can be applied across diverse Android ecosystems and can be easily adapted to other platforms with minor modifications.* Open Source: By making Vanir open source, Google encourages collaboration and wider adoption within the security community.Impact:Vanir is expected to significantly improve the security posture of Android devices by enabling faster and more efficient deployment of critical security patches. This will ultimately benefit all Android users by reducing their exposure to vulnerabilities.Availability:Vanir is available now on GitHub under the BSD-3 license. The tool can be used as a standalone application or integrated into existing build systems.The Global Trail of Stolen Smartphoneshttps://www.dailymail.co.uk/news/article-14165053/How-stolen-phone-ends-Chinas-Silicon-Valley.htmlA Dark Journey from London Streets to Chinese MarketsThe theft of mobile phones in major cities like London has become a significant global issue, with stolen devices often ending up thousands of miles away in China.The Theft and Smuggling Process:* Street Theft: Phone snatchers, often operating in gangs, target unsuspecting victims in busy areas.* Handoff to Brokers: Stolen phones are quickly passed on to brokers, who may be involved in other criminal activities.* Securing the Device: To prevent tracking, the phones are placed in Faraday cages to block signals.* Shipping to China: The phones are shipped to China, often through intricate smuggling routes.* Repairs and Resale: In China, stolen phones are either sold as second-hand devices or disassembled for parts. Valuable components like gold, silver, and lithium-ion batteries are extracted.The Impact on Victims:Beyond the financial loss, victims of phone theft may also face privacy and security risks. Stolen phones can be used to access personal information, financial accounts, and social media profiles.Combating the Problem:Law enforcement agencies, technology companies, and governments are working together to combat phone theft and the global black market. Some strategies include:* Improved Tracking Technologies: Phone manufacturers are implementing advanced tracking and security features to deter theft and facilitate recovery.* International Cooperation: Law enforcement agencies are collaborating across borders to disrupt criminal networks involved in phone theft and smuggling.* Public Awareness Campaigns: Educating the public about the risks of phone theft and how to protect themselves.While significant progress has been made, the global trade in stolen phones remains a complex issue. By understanding the methods used by criminals and the international supply chain, we can work towards more effective prevention and recovery strategies.Year-Long Attack Steals Credentials from Security Researchers and Hackershttps://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/Over 390,000 WordPress credentials and sensitive data stolen in a large-scale campaign targeting cybersecurity professionals.A sophisticated cyberespionage campaign spanning over a year has compromised hundreds of systems belonging to security researchers, penetration testers, and potentially even malicious actors. Datadog Security Labs discovered the campaign, which is believed to be carried out by a threat actor tracked as MUT-1244.Fake Exploits and Phishing Lured VictimsThe attackers used a two-pronged approach:* Trojanized Repositories: They created fake repositories on GitHub containing malicious code disguised as proof-of-concept exploits for known vulnerabilities. Security professionals searching for exploit code unknowingly downloaded and executed the malware.* Phishing Emails: Phishing emails tricked victims into installing fake kernel updates that were actually malware.Stolen Data Included SSH Keys and AWS CredentialsThe malware targeted valuable data, including:* WordPress credentials (over 390,000 stolen)* SSH private keys* AWS access keys* Command historyAttackers Exploited Trust Within Security CommunityThe use of fake repositories on trusted platforms like GitHub allowed the attackers to exploit trust within the cybersecurity community. Additionally, some of the stolen credentials likely belonged to attackers who were using a tool called "yawpp" to validate stolen credentials. This suggests the attackers were targeting both legitimate security professionals and malicious actors.Hundreds Still at Risk as Campaign ContinuesResearchers believe hundreds of systems remain compromised, and the campaign is still ongoing. Security professionals and researchers are advised to be cautious when downloading code from untrusted sources and to be wary of unsolicited emails, even those seemingly related to security updates.Australia Leads the Way in Quantum-Resistant Cryptographyhttps://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptographyAustralia's Cyber Security Agency Accelerates Transition to Post-Quantum CryptographyThe Australian Signals Directorate (ASD) has announced plans to phase out traditional cryptographic algorithms like SHA-256, RSA, ECDSA, and ECDH in high-assurance cryptographic equipment by 2030. This move aims to proactively address the potential threat posed by quantum computing advances, which could render current encryption methods obsolete.The Quantum Threat:Quantum computers, once fully realized, have the potential to break current cryptographic standards, compromising sensitive data and systems. To mitigate this risk, the US National Institute of Standards and Technology (NIST) has developed new quantum-resistant algorithms.Australia's Proactive Approach:While NIST has set a 2035 deadline for transitioning to quantum-resistant cryptography, Australia is taking a more aggressive stance, aiming to complete the transition five years earlier for high-assurance systems. This proactive approach demonstrates Australia's commitment to cybersecurity and its recognition of the potential impact of quantum computing.Challenges of the Transition:The transition to post-quantum cryptography presents significant challenges, including:* Technical Complexity: Implementing new cryptographic algorithms requires careful planning and technical expertise.* Interoperability: Ensuring compatibility with existing systems and standards is crucial.* Security Risks: A poorly executed transition could introduce new vulnerabilities.The Road Ahead:As quantum computing technology continues to advance, it is essential for organizations to stay informed about the latest developments and to plan for a smooth transition to quantum-resistant cryptography. By taking proactive steps to adopt new standards, organizations can protect their sensitive data and systems from future threats. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 13th December 2024
12-12-2024
Cyber Bites - 13th December 2024
* Cybercriminals Exploit Misconfigured AWS Environments to Steal Sensitive Data* New Phishing Scam Uses Fake Video Conferencing Apps to Steal Data* Millions of WordPress Sites Vulnerable to Payment Fraud via WPForms Plugin* Hackers Find New Way to Bypass Browser Isolation with QR Codes* The Evolving Threat to Software Supply ChainsCybercriminals Exploit Misconfigured AWS Environments to Steal Sensitive Datahttps://www.vpnmentor.com/news/shiny-nemesis-report/A recent cyberattack, believed to be linked to the ShinyHunters group, has exposed the vulnerabilities of misconfigured AWS environments. The attackers exploited exposed AWS credentials to gain unauthorized access to a vast amount of sensitive data, including source code, database credentials, and API keys.Key Findings:* Massive Data Breach: The attackers stole over 2TB of data from numerous AWS customers.* Misconfigured S3 Buckets: The stolen data was stored in an exposed S3 bucket, highlighting the risks of improper cloud configuration.* Targeted Attacks: The attackers used a combination of automated scanning and targeted attacks to identify vulnerable systems.* Sophisticated Techniques: The attackers employed advanced techniques, including exploiting known vulnerabilities and using custom tools to gain access to systems.Recommendations for Protection:* Secure Credentials: Never store sensitive credentials in plain text or in easily accessible locations.* Implement Strong Access Controls: Enforce strong access controls and regularly review and update permissions.* Monitor Cloud Environments: Regularly monitor cloud environments for misconfigurations and unauthorized access.* Stay Updated: Keep software and systems up-to-date with the latest security patches.* Use Security Best Practices: Follow best practices for secure coding, data protection, and incident response.By following these best practices, organizations can significantly reduce their risk of falling victim to similar attacks.New Phishing Scam Uses Fake Video Conferencing Apps to Steal Datahttps://www.cadosecurity.com/blog/meeten-malware-threatA new phishing campaign is targeting individuals working in the Web3 industry, using fake video conferencing apps to deliver malicious software.How the Scam Works:* Fake Company Outreach: Threat actors create fake companies and use AI-generated content to make them appear legitimate.* Luring Victims: They contact potential victims on platforms like Telegram, offering investment opportunities and scheduling video calls.* Malicious App Download: Victims are directed to download a fake video conferencing app from a malicious website.* Data Theft: The downloaded app, disguised as a legitimate video conferencing tool, is actually a sophisticated information stealer.* Stealing Sensitive Data: The malware can steal a wide range of sensitive information, including cryptocurrency wallet credentials, banking information, and personal data.The Growing Threat of Phishing Attacks:This incident highlights the increasing sophistication of cyberattacks and the importance of staying vigilant. Cybercriminals are constantly evolving their tactics to exploit vulnerabilities and steal sensitive information.To protect yourself from such attacks, it's crucial to:* Be Wary of Unverified Apps: Avoid downloading apps from untrusted sources, even if they appear legitimate.* Verify Sender Identity: Always verify the sender's identity before clicking on links or downloading attachments.* Use Strong, Unique Passwords: Create strong, unique passwords for all your online accounts.* Enable Two-Factor Authentication: Use two-factor authentication to add an extra layer of security.* Keep Software Updated: Keep your operating system and security software up-to-date with the latest patches.By following these best practices, you can significantly reduce your risk of falling victim to phishing attacks.Millions of WordPress Sites Vulnerable to Payment Fraud via WPForms Pluginhttps://www.bleepingcomputer.com/news/security/wpforms-bug-allows-stripe-refunds-on-millions-of-wordpress-sites/A critical security vulnerability has been discovered in WPForms, a popular form builder plugin used by over 6 million WordPress websites. The flaw, identified as CVE-2024-11205, allows attackers with subscriber-level access (the lowest user role) to issue unauthorized refunds and cancel Stripe subscriptions.Exploiting the Vulnerability:The vulnerability stems from a coding error in the plugin's permission checks. While the plugin verifies if a request originates from the admin panel, it fails to ensure the user has the necessary permissions to perform actions like issuing refunds. This allows any authenticated user, including subscribers, to exploit specific functions within the plugin and manipulate Stripe transactions.The consequences of this vulnerability can be severe for website owners. Attackers could potentially:* Steal Revenue: By issuing fraudulent refunds through the compromised plugin, attackers can steal money from legitimate transactions.* Disrupt Business: Canceling subscriptions can disrupt customer service and harm a business's cash flow.* Damage Trust: Unauthorized manipulation of payment systems can erode customer trust and damage a company's reputation.The good news is that a patch has already been released. WPForms version 1.9.2.2 addresses the vulnerability by implementing proper authorization mechanisms. Website owners using WPForms, especially the free Lite version, are urged to update to the latest version immediately.While an update exists, security researchers estimate that at least 3 million websites remain vulnerable as they are not running the latest version of the plugin. It is crucial for website owners to prioritize updating WPForms or disabling the plugin until the patch is applied.This incident highlights the importance of maintaining updated plugins and software. Regularly review security reports and implement recommended patches promptly to minimize your website's vulnerability to attacks.Hackers Find New Way to Bypass Browser Isolation with QR Codeshttps://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/A new technique discovered by Mandiant demonstrates how cybercriminals are finding innovative ways to circumvent security measures.The technique involves using QR codes to bypass browser isolation, a security technology that protects users from malicious code by executing web content in a separate, isolated environment.How the Attack Works:* Malicious Website: A victim is lured to a malicious website.* QR Code Display: The website displays a QR code containing malicious instructions.* QR Code Scanning: The victim's compromised device, controlled by malware, scans the QR code.* Command Execution: The decoded instructions are executed on the victim's device, allowing the attacker to gain control.The Limitations and Implications:While this technique is feasible, it has limitations, including:* Limited Data Transfer: The QR code format limits the amount of data that can be transmitted in each request.* Latency: The process of generating and scanning QR codes can introduce latency, slowing down communication.Despite these limitations, this attack demonstrates the evolving nature of cyber threats and the need for continuous vigilance. Organizations should implement robust security measures, such as network segmentation, endpoint protection, and user awareness training, to mitigate the risks associated with such attacks.The Evolving Threat to Software Supply Chainshttps://www.darkreading.com/vulnerabilities-threats/lessons-largest-software-supply-chain-incidentsThe rapid pace of software development has led to an increased risk of software supply chain attacks. These attacks target vulnerabilities in the development, distribution, and deployment of software, potentially compromising sensitive data and disrupting critical systems.Key Factors Driving the Rise of Software Supply Chain Attacks:* Increased Complexity: Modern software development relies on a complex network of third-party components, open-source libraries, and cloud services, creating numerous potential attack vectors.* Rapid Pace of Development: The pressure to release software quickly can lead to shortcuts in the development process, compromising security.* Advanced Attack Techniques: Cybercriminals are constantly evolving their tactics, using sophisticated techniques like supply chain poisoning and software tampering.Mitigating Risks in the Software Supply Chain:To protect against software supply chain attacks, organizations should adopt a comprehensive approach:* Vendor Vetting: Thoroughly vet third-party vendors and regularly assess their security practices.* Open Source Security: Carefully evaluate open-source components for vulnerabilities and license compliance.* Secure Development Practices: Implement secure coding practices, code reviews, and automated testing to identify and fix vulnerabilities early in the development process.* Software Composition Analysis (SCA): Use SCA tools to identify and remediate vulnerabilities in open-source components.* Supply Chain Security Tools: Employ specialized tools to monitor and protect the software supply chain.* Employee Training: Train employees on security best practices, including recognizing phishing attacks and avoiding malicious software.* Incident Response Plan: Develop a robust incident response plan to quickly detect and respond to security breaches.By prioritizing software supply chain security, organizations can mitigate risks and protect their sensitive data and systems. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 6th December 2024
05-12-2024
Cyber Bites - 6th December 2024
* Finsure Confirms Data Breach Affecting Broker and Customer Information* Cloudflare Suffers Major Log Loss Incident* Over 8 Million Android Users Hit by Predatory Loan Apps Disguised as Legitimate Tools* Cybercriminals Exploit Job Fears with New Phishing Scam* New Phishing-as-a-Service Platform, Rockstar 2FA, Leverages AiTM Attacks This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Help! There’s too many Vulnerabilities!
02-12-2024
Help! There’s too many Vulnerabilities!
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 29th November 2024
28-11-2024
Cyber Bites - 29th November 2024
* Russian Hackers Leverage Wi-Fi to Bypass Security and Breach Networks* Australia Passes Landmark Cyber Security Legislation* Malicious Python Packages Exploit AI Enthusiasm* Ransomware Attack on Supply Chain Software Disrupts Major Retailers During Holidays* New CWE Methodology Shake up has Cross Site Scripting as 2024's Most Dangerous Software Weakness* Special Thanks to Justin Butterfield for contributing some of the interesting stories for this week’s cyber bites. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 22nd November 2024
21-11-2024
Cyber Bites - 22nd November 2024
* Australia Faces Escalating Cyber Threats Amid Complex Strategic Environment* Sextortion Scams Abuse Microsoft 365 Admin Portal to Bypass Email Filters* Cybercriminals Exploit Black Friday Shopping Season with Phishing Attacks* The Dark World of Online Scams: A Deep Dive* Google Prepares to Launch Shielded Email for Enhanced Privacy This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
A FAIR Approach to Vulnerability Patch Prioritization
18-11-2024
A FAIR Approach to Vulnerability Patch Prioritization
This is a rebroadcast of Season 1, Episode 10 of AppSec Unlocked.In this episode of AppSec Unlocked, we dive into the fascinating topic of using a FAIR approach to Vulnerability Patch prioritization, where we explore how organizations can better prioritize vulnerabilities in their open-source software using the FAIR model and EPSS. And we have Denny Wan, an expert on FAIR analysis sharing his insights on this innovative approach. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 15th November 2024
14-11-2024
Cyber Bites - 15th November 2024
* Google Pixel AI-powered Features To Combat Scam Calls* Apple's New Security Feature: Automatic Reboots to Protect Data* Massive Data Leak Exposes Employee Information from Over 25 Companies* Bitdefender Releases Free Decryptor for ShrinkLocker Ransomware* New Phishing Campaign Uses Fake Copyright Claims to Spread Malware This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 8th November 2024
07-11-2024
Cyber Bites - 8th November 2024
* Cloud Security Concerns Surge in APAC as Data Breaches Remain High* AI-Powered Scams: A Growing Threat* Western Sydney University Suffers Major Data Breach* New FakeCall Malware Targets Android Users for Financial Fraud* UK Regulator Warns Financial Firms After CrowdStrike Outage* OWASP Releases GenAI Security Guidelines This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Open-Source Vulnerability Management Policy: A Balanced Approach
04-11-2024
Open-Source Vulnerability Management Policy: A Balanced Approach
This episode is a replay from our sister podcast AppSec UnlockedIn today's rapidly evolving cybersecurity landscape, managing vulnerabilities in open-source components has become increasingly complex. While traditional approaches relying solely on CVSS scores have their merits, they may not be sufficient to address the exponential growth in discovered vulnerabilities. A more nuanced and scalable approach is needed, one that considers not only severity but also exploitability and potential impact. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Your Site Was Hacked, and You Never Knew About It: My Real-Life Encounter with a Supply Chain Attack
31-10-2024
Your Site Was Hacked, and You Never Knew About It: My Real-Life Encounter with a Supply Chain Attack
An out of band update on my real life encounter with a supply chain attack This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 1st November 2024
31-10-2024
Cyber Bites - 1st November 2024
* AI Transcription Tool "Whisper" Creates Fabricated Text, Raising Concerns in Healthcare and Beyond* Massive UN Data Leak Exposes Personal Information of Violence Against Women Victims* Mandiant Report: Exploited Vulnerabilities Reach Record Lows in Time to Patch, But Zero-Days on the Rise* Fake Browser Update Malware Targets WordPress Sites via Malicious Plugins* Large-Scale Operation Steals Cloud Credentials from Exposed Git Repositories This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 25th October 2024
24-10-2024
Cyber Bites - 25th October 2024
* Anthropic's New AI Can Interact with Computers, Raising Safety Concerns* Internet Archive Hit Again: Exposed Tokens Lead to Zendesk Email Breach* Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor* Half of Businesses Underestimate SaaS Security Risks, Culture Blamed* Cyber Skills Gap Widens, Nearly 90% of Businesses Link Breaches to Lack of Expertise This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 18th October 2024
17-10-2024
Cyber Bites - 18th October 2024
* North Korean Hackers Target Tech Job Seekers with Fake Interviews and Malware* Internet Archive Hack Exposes Data of 31 Million Users* Australian Government Introduces Sweeping Cybersecurity Bill* Smart TVs: A Privacy Nightmare Fueled by Data Harvesting and Invasive Ads* iPhone Mirroring at Work Exposes Private App Data to Employers This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 11th October 2024
10-10-2024
Cyber Bites - 11th October 2024
* Ecovacs Robot Vacuums Collect Home Images for AI Training, Raising Privacy Concerns* Deepfakes on the Rise: Threatening Trust and Security* Meta Ray-Ban Glasses Hacked into Real-Time Facial Recognition Tool* Apple Patches Privacy Bugs in iOS 18: Passwords Read Aloud and Early Voice Message Recording* Cloudflare Mitigates Record-Breaking 3.8 Tbps DDoS Attack This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 4th October 2024
03-10-2024
Cyber Bites - 4th October 2024
* CISA Boss Calls for More Secure Software Development* NIST Proposes Sweeping Changes to Password Policies: Mandatory Resets and Character Rules Out* Critical Vulnerability Found in Nvidia Container Toolkit* Remote Code Execution Flaw Found in CUPS Printing System (Limited Impact)* Privacy Group Claims Mozilla's "Privacy-Preserving" Feature Tracks Users* ServiceNow Outage Caused by Expired Root CertificateSpecial Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 27th September 2024
26-09-2024
Cyber Bites - 27th September 2024
* CISA and FBI Urge Software Makers to Eliminate Cross-Site Scripting Vulnerabilities* Paying Ransomware Doesn't Guarantee File Recovery, Even With Decryptor* US Dismantles Chinese Government-Linked Botnet Targeting Hundreds of Thousands of Devices* Clever 'GitHub Scanner' Campaign Abusing Repos to Push Malware* Australian Government Suffers Surge in Cyber Attacks, Social Engineering Most Common TacticSpecial Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 20th September 2024
19-09-2024
Cyber Bites - 20th September 2024
* Millions of Devices at Risk as Microsoft and Google Disable Insecure Email Login Method* Cybersecurity Giant Fortinet Confirms Data Breach, Downplays Impact* New Laws Target Banks, Telcos and Tech Giants in Fight Against Scams* Online Voucher Scam Targets Sydney Restaurants Using Square POS* TfL Staff Face In-Person Password Resets After CyberattackSpecial Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 13th September 2024
12-09-2024
Cyber Bites - 13th September 2024
* AI-Powered Voice Cloning Scams on the Rise* Cyberattack Disrupts Transport for London Services* Typosquatting Threatens Developers: Malicious Code in GitHub Actions* New Supply Chain Attack Hijacks Removed PyPI Packages* White House Aims to Strengthen Internet Routing Security This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
Cyber Bites - 6th September 2024
05-09-2024
Cyber Bites - 6th September 2024
* Singapore's Consumer Watchdog Fined for Data Breaches, Failed to Secure Consumer Information* Research Study: What's The Worst Place to Leave Your Secrets* Critical Infrastructure Under Threat: Zero-Day Vulnerability Exploited to Spread Mirai Botnet* Banks Under Fire for Inadequate Scam Protection as Victims Suffer* FIDO Security Token YubiKey 5 Vulnerable to Cloning Attacks* Critical Vulnerability Found in Airport Security SystemSpecial Thanks to Justin Butterfield for contributing some of the interesting stories for this week’s cyber bites. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com