News
Hi folks,
I hope you're all having a great Friday!
I myself am a bit tired but very satisfied after two weeks into a new job, combining dev/ops, security and management, and it's been wonderful. After this I'll be diving back in :-)
Have fun reading everyone, and have a relaxing weekend!
Microsoft Excel to let you run Python scripts as formulas
And the entire security industry went "You did what now?". However, they do appear to have thought this through. The code will execute in an isolated container on Azure, and as such won't have access to any local resources. Time will tell if that is enough of a mitigation or not.
New Whiffy Recon malware uses WiFi to triangulate your location
Most might already know this is possible, but it's still creepy to read that it actually happens :-) Presumably the attackers use it to focus their attacks on specific areas, or more likely to intimidate their victims even more.
Google Workspace will require two admins to sign off on critical changes
That's an awesome feature. They'll start applying it to org-wide 2fa changes, and roll it out further as feedback comes in. They also announced an upcoming change that makes 2fa mandatory for (some) enterprise administrators, improvements in GMail AI-based defenses and improved integration with Chronicle, GCP's security operations suite.
Update your WinRAR now
I have a hard time believing many people still use Winrar, but who knows. Either way, this made the news in many places so it seems prudent to share: there's a vulnerability that let's you get infected by just unpacking a malicious rar file. So update that beautiful piece of (totally paid for) shareware asap!
Kali Linux 2023.3 release: internal infrastructure & Kali Autopilot
The new release offers a lot of under-the-hood improvements, nine new tools, and further development of Kali Autopilot. The latter is an attack automation framework that looks pretty awesome to automate testing of things like IDS rules and alert thresholds.
FBI urges US space industry to safeguard technologies
While private space and satellite companies are jumping up everywhere the FBI and US Air Force made a joint statement warning them that they are being targeted by foreign powers. I'm tempted to add a "duh" to that statement. But also I'm pretty sure that most of those (smaller) companies don't have proper secops teams :/
GlitchSecure: real-time and continuous security testing
If you feel like doing a quick pentest every few quarters isn't enough, you are correct. Take a look at the combination of continuous vulnerability assessments and real-time pentesting that GlitchSecure offers. Every finding is verified by highly skilled (and wonderful) humans. (Sponsored)
Ransomware hackers dwell time drops to 5 days, RDP still widely used
Always interesting to see breach statistics, this time from Sophos. Some interesting snippets: ransomware accounted for 68% of all breaches, data exfiltration occurred in 43% of all cases, and most attacks happen late in the workday or at night, local time, to catch defenders off guard.
Short session expiration does not help security
Interesting and thought provoking blogpost on session expiration times (i.e. the time before you have to log in again). Is it more secure? Or does it for example tempt users into making unsafe choices like easy passwords or unlocked vaults. Also makes for an interesting HN thread.
The secret weapon hackers can use to dox nearly anyone in America for $15
Long but interesting read on underground tools used to gather highly personal information based on US credit bureaus. HN thread here with some advice on credit freezing.
Ransomware Diaries volume 3: LockBit's secrets
I haven't read the whole thing (yet), but it looks like a wonderful and very deep dive into LockBit operations. The first and second volumes can be found here.
1Password now integrates directly with Datadog
1Password provides an Events API that lets you stream 1Password events to your SIEM, like group changes, sharing actions, user invites, and more. That's great by itself, but now they even directly integrate with Datadog to feed all of that information directly to you. (Sponsored)