CyberFacts Weekly

Archive

πŸ”“ [CyberFacts Weekly - 0x07] FBI Portal Abused to Mass Email / Breached Robinhood Data for Sale / New Rowhammer-class Vulnerability / Backdooring Rust Crates

This weekend I had two interesting experiences that got my nerd spirit boil hot: I brought my 6yo son to his first cyber-security conference (NoHat 2021 on Sat) and this morning I visited an IBM abandoned facility.

Only if you’re a father or a geek, or both, you can imagine the feelings and fully appreciate these moments. It was just amazing.

BTW, if you’re curious how to maintain a news digest like this one with only a few minutes a day, I documented my semi-automated workflow.

Oh, and I’m experimenting baking panettone (I screwed up with the timing so I’ll have to wake up at 2am to prepare the last round of dough): Winter Hols are getting closer and closer!

#8
November 21, 2021
Read more

πŸ”“ [CyberFacts Weekly - Issue 0x06] Notes from Black Hat Locknote - New Hacker-for-hire Group Discovered by Trend Micro / Vulns in Critical Network Protocol / Practical HTTP Header Smuggling / BusyBox Affected by 14 New Vulns / PS5 Unlock Keys Extracted / INTERPOL Hits Prolific Ransomware Ring / Flash Beams Reboot RPi2s / Pwn2Own Austin 2021

Greetings! πŸ‘‹

Just back from Black Hat Europe, which was great as it's been more than 2 years without an on-site conference (at least for me). Was a very nice get-together among those review-board members who could attend, who haven't been meeting for what seemed to be forever.

Unfortunately, due to capacity and travel restriction, the event felt a bit emptier than usual, but we're all looking forward to Black Hat USA 2022!

I jotted down some notes from my favorite session, the Locknote (vs Keynote), with Daniel Cuthbert, Meadow Ellis, James Kettle, Marina Krotofil, and Thomas Brandstetter. I "live" tweeted some notes in this thread, but since I'm far from being a professional tweeter, I revised them here, along with some comments.

#7
November 14, 2021
Read more

πŸ”“ [CyberFacts Weekly - Issue 0x05] It's (Almost) the Season to be Jolly πŸŽ…

Oh oh oh!

I guess I’m a little early this year, but after having spent the Halloween weekend at home with no adequate trick or treating because of the rain, I’m really looking forward to the upcoming holiday season!

I don’t know about you, but I changed my business travel plans to make sure I’m back home to watch Home Sweet Home Alone with the family. I guess it’s a little too much πŸ˜‚

#6
November 5, 2021
Read more

πŸ”“ [CyberFacts Weekly - Issue 0x04] Happy Halloween πŸŽƒ

Greetings! πŸŽƒ

Interesting week in Europe, right? It's interesting to see the parallel between (1) the social protests happening in Italy about the regulations that require all workers to possess a valid EU Digital COVID Certificate (a.k.a., "GreenPass") and (2) the incident at one (potentially more) cert-issuance sites, which have been found to be exposed on the public Internet without protection. Of course, in a matter of hours, there was an explosion of Telegram groups selling generated certificates.

At the beginning, it didn't seem like a big deal, because the EU Digital COVID Certificate system has this scenario figured out already. But, as more clearly forged but accepted passes have started to circulate (archived), more details bubbled up, revealing what seems to be a larger "compromise" of the certificate issuing infrastructure. Technically, nothing has been actively compromised: It's just some unwanted service exposure.

Just scroll down and you'll find more details.

#5
October 29, 2021
Read more

πŸ”“[CyberFacts Weekly - Issue 0x03] Twice the Content, New Workflow

Hello! πŸ‘‹

I should have never skipped last week's CyberFacts Weekly, because...guess what, now I had to process twice the load! πŸ₯΅

But last week was definitely too packed with prepping for Black Hat Europe and I had to prioritize that! By the way, consider attending Black Hat Europe, which is taking place both on site (at the London ExCeL) and virtually.

Despite being overwhelmed, I finally found the time to use Zotero to manage this digest. Here's the workflow:

#4
October 22, 2021
Read more

πŸ”“ [CyberFacts Weekly - Issue 0x02] The Week of Massive Leaks" subtitle: "Twitch leak (128GB) / Telegraph DB exposed (10TB) / Full iOS 15 decompiled source code / FB/IG/WA disappeared from the Internet / New ESP-persistent UEFI bootkit found / LeakIX 2.0 vs. exposed services / Pandora Papers is the new Panama Papers / SMS-routing service compromised for years / Phrack #70 is out / Apache CVE-2021-41773 patched / SOS.dev pilot to secure OSS / Ransomware gang arrested in Ukraine

I think this week's featured image by the @archillect AI is very appropriate, given the 3 massive leaks that happened (plus FB/IG/WA downtime, although not due to a security compromise):

  • Twitch (128GB)
  • The Telegraph (10TB)
  • Pandora Papers (11.9M documents)

Plus some leaky Apache Airflow servers exposing credentials of popular services, and iOS 15 decompiled source code dumped online.

On the bright side, The Linux Foundation and Google (which sponsored $1B worth of rewards) has launched a pilot program to reward developers who help open source projects score better (e.g., by contributing fixes, fuzzing harnesses); Apache has released a fix for CVE-2021-42773 (currently exploited in the wild); and LeakIX has announced a game-changing (although a bit controversial) transparent breach-disclosure framework to track unwanted exposed services leaking data, and "pressure" service operators to close or secure them.

#3
October 9, 2021
Read more

πŸ”“ [CyberFacts Weekly - Issue 0x01]: Malware targeting gamers / VSCode extension with command injection / OWASP turns 20 / Chrome fixes an RCE / AirTags can carry XSS payload / PoC exploit for VMware CVE-2021-22005 / More Apple bug bounty drama / Android bankers / Bitcoin ATMs vulnerable to tampering / New SolarWinds details / When ransomware hits hospitals / Bug in ApplePay Express Mode with VISA / Threat actors posing as Amnesty

Hello ☺️

The second issue of CyberFacts Weekly is out and I have to say that I'm quite happy to see a (slowly) growing interest around both this weekly digest and the live feed (available via Twitter and RSS).

It's been quite a packed week: It wasn't easy to keep track of all the interesting events. Also, I decided to open each weekly issue with the image Tweeted by the @archillect AI at the time of writing.

Towards the end of this digest, I took some room for a reflection about the current state of conferences, and what I foresee for their future.

#2
October 1, 2021
Read more

πŸ”“ [CyberFacts Weekly - Issue 0x00] AlphaBay’s founder is back / Donation sites abuse for card testing / Apple Tracking Transparency lets trackers track / AI can introduce vulnerabilities in code / Valid PEs that evade integrity checks / High-res satellite imagery as a service / BulletProofLink PAAS operation / How UAE spy program recruited an NSA hacker

Hello πŸ‘‹

And welcome to the first issue of the CyberFacts Weekly πŸ₯³

I've started to systematically keep an archive of my readings since early 2021. There are already many good cyber-security newsletters (e.g., tl;dr sec), so by no means I'm trying to compete with them.

CyberFacts Weekly is intended mostly for myself, to have a place to archive and keep public notes of what I read and deem as noteworthy.

#1
September 27, 2021
Read more
Brought to you by Buttondown, the easiest way to start and grow your newsletter.