Newsletter

11.09.2021 | 5'' read

US sanctions hit ‘friendly’ zero-day exploit shops

by Ryan Naraine

~~ Newsletter presented by Symmetry SystemsProcess Unity and SecurityWeek ~~

* The most clicked link from the last newsletter was Patrick Gray’s podcast interview with zero-day exploit supplier Mark Dowd.  The NTIA’s how-to guide for generating SBOMs also got a lot of attention.

Note.

  • Today is Patch Tuesday. Expect all your favorite software makers to slap band-aids on major security defects.  Update all the things and don’t forget to randomly reboot your iPhones.
Monday blues.The news that the U.S. government is sanctioning a handful of zero-day exploit shops is both refreshing and surprising.  I’m on record with my discomfort around these exploit suppliers, some of them operating openly here in the United States, and I’m fully on board with adding major friction to their operations.

At the same time, it’s surprising to see companies from two “friendly” countries — Israel and Singapore — on the list of entities deemed “to be acting contrary to the foreign policy and national security interests of the United States”.

Israeli zero-day shops Candiru and NSO Group have been caught up in exploit-delivery scandals but because of the dual-use nature of these high-end surveillance tools — sources tell me Candiru works closely on counter-terrorism ops — it’s been a touchy political issue to slap them with full sanctions.  Look, Israeli officials are already pushing back against the NSO blacklist.

The addition of Singapore-based COSEINC to the entity list caused my eyebrows to raise even more. The man behind the company — Thomas Lim — has been an active member of the security research community for at least two decades, keynoting major conferences, and operating from a U.S. “ally” with close cybersecurity collaboration.

The fact that the U.S. has decided to flick sand in the eyes of companies in friendly allied countries is confirmation that, just maybe, there needs to be official pushback.  This disturbance in the 0day exploit market will be fascinating to watch.

_ryan

On to the newsletter…


Sponsored.
  • Symmetry DataGuard helps you protect what matters most. Start with a sealed, read-only service in your cloud. Point it at your data stores and fine-grained query logs. Get a risk map with at-risk data objects and suggested interventions.. Get in touch today for a demo.
  • ProcessUnity’s Cybersecurity Program Management (CPM) is a single, comprehensive platform for centrally managing an organization’s cybersecurity program with prepackaged mapped content, automated workflows, assessments and dynamic reporting. The solution enables the CISO to inventory and assess high-value assets; map them to threats, risks, policies and control standards; automate reviews; and capture evidence of compliance — all on a predefined schedule. Request a demo.

Ransomware hacking-back.

A flurry of U.S. government and law enforcement crackdown on the ransomware wealth-transfer epidemic:


Some pretty big stories.

Hacker history.

 

Inside the cyber arms market.

 

Leftovers.

Tangentially.

P.S. Full podcast episodes are available on the SecurityConversations.com home page, and on all major platforms. Subscribe directly: Apple/iPhoneGoogle/AndroidSpotify and Amazon/Audible.
|

This site uses cookies and may process personal data based on our Privacy Policy