Newsletter

10.12.2021 | 5'' read

Beware of shady VPN corporate ownership

by Ryan Naraine

This edition of the newsletter is presented by Egress SoftwareSymmetry Systems and Process Unity.

* The most clicked link from last week’s newsletter was the Aspen Cyber Summit fireside chat with NSA’s Rob Joyce on the nation-state threat landscape.

Monday blues. 

For years, security pros (myself included) have urged the use of VPNs as a data and privacy protection utility.  Today, this is slowly becoming bad advice and there are new signs that the entire cottage industry of consumer VPN software needs to be killed off as a matter of urgency.

Have a gander at this alarming report from Restore Privacy:

Kape Technologies, a former malware distributor that operates in Israel, has now acquired four different VPN services and a collection of VPN “review” websites that rank Kape’s VPN holdings at the top of their recommendations. 

The report goes into the people behind Crossrider, a company that was caught distributing malware and adware and documents how the company pivoted to purchasing VPN services, then changed its name to Kape Technologies.  Kape was then observed buying a collection of VPN “review” websites and changing the rankings.

This is slowly becoming one of those parasite industries that will cause a world of hurt in the long run. Time to kill off the VPN entirely.

_ryan

On to the newsletter…

The Patch Tuesday freight train

I’m swamped with work today, tracking a doozy of a Patch Tuesday across the computing landscape. Some highlights and reminders:

As usual, treat these patches with the highest priority and remember to randomly reboot your iPhones.

Offensive research.
  • Just hours after the release of iOS 15.0.2, security researcher Saar Amar reversed Apple’s patch to document the vulnerability and release proof-of-concept exploit code.
  • A Patchy Server: GreyNoise documents in-the-wild exploitation of CVE-2021-41773, a gaping hole in the widely deployed Apache Server.

Sponsored.

  • Egress has built the only Human Layer Security platform that defends against inbound and outbound threats. Using patented contextual machine learning, Egress detects and prevents abnormal human behavior such as targeted phishing attacks, misdirected emails, and data exfiltration. Book a demo.
  • Symmetry DataGuard helps you protect what matters most. Start with a sealed, read-only service in your cloud. Point it at your data stores and fine-grained query logs. Get a risk map with at-risk data objects and suggested interventions.. Get in touch today for a demo.
  • ProcessUnity’s Cybersecurity Program Management (CPM) is a single, comprehensive platform for centrally managing an organization’s cybersecurity program with prepackaged mapped content, automated workflows, assessments and dynamic reporting. The solution enables the CISO to inventory and assess high-value assets; map them to threats, risks, policies and control standards; automate reviews; and capture evidence of compliance — all on a predefined schedule. Request a demo.

Nation-state APT activity

 

UEFI bootkits

The Record’s Catalin Cimpanu covers past examples of UEFI bootkits found in the wild:

  • FinSpy – a UEFI bootkit component used with the government-grade FinFisher spyware, discovered by security firm Kaspersky.
  • Demodex – a UEFI bootkit used by a Chinese cyber-espionage group since July 2020, also disclosed by security firm Kaspersky.
  • LoJax – a UEFI bootkit used by Russian state hackers since 2018 in attacks across Europe.
  • Hacking Team Vector EDK – a UEFI bootkit part of the now-defunct HackingTeam’s malware arsenal.
  • DerStarke and QuarkMatter – UEFI rootkits part of the CIA’s hacking tools leaked in 2016 part of the Vault7 trove.
  • ESPecter, a UEFI bootkit that was detailed for the first time in a report published by security firm ESET.

Supply chain security things

 

Leftovers.

Tangentially.

P.S. Full podcast episodes are available on the SecurityConversations.com home page, and on all major platforms. Subscribe directly: Apple/iPhoneGoogle/AndroidSpotify and Amazon/Audible.
|

This site uses cookies and may process personal data based on our Privacy Policy