Newsletter
12.07.2021 | 7'' read
On the passing of Dark Reading’s Tim Wilson
This edition of the newsletter is presented by Process Unity and SecurityWeek.
- On December 15, I’ll be speaking at this SecurityWeek webinar on aligning internal cybersecurity practices with external third-party risk management. Register here.
Monday blues.A few thoughts on the passing of Tim Wilson, the well-respected security journalism pioneer who co-founded and nurtured Dark Reading into a cybersecurity industry fixture it is today.
I didn’t know Tim very well but I’ve always paid very close attention to his work as we competed over the years. I’ve been in constant awe of his ability to build a substantive, respected, must-read publication in an industry where “news” is mostly manufactured by marketers flush with VC cash. Believe me, this is a near-impossible task.
He was a quiet man who always seemed to be avoiding the limelight. Whenever I ran into him at security conferences, he was always far from the action, smiling and nodding through a hallway conversation, no doubt working a news angle or securing a speaker to showcase at his public events.
When I ran marketing at Bishop Fox and Tim was working on his new INsecurity Conference series, we spent time on the phone discussing speakers and presentations and one thing that stood out was his insistence — directly so — on avoiding hype while educating his audience. He cherished his credibility with the Dark Reading audience and made that known on every call we had.
His passing leaves a big hole in our industry. He was a rare breed who proved there’s success in the media business with credible, reliable, meat-and-potatoes journalism. Tim Wilson will be missed by all of us.
_ryan
On to the newsletter…
Join this SecurityWeek panel discussion on Aligning Internal Cybersecurity Practices with External Third-Party Risk Management, presented by our friends at Process Unity. You will learn now to:
- Map external third-party risk to internal cybersecurity controls
- Evaluate control effectiveness against both internal and external risks
- Identify potential fourth-party risk
- Prioritize cyber/third-party risk projects based on control gaps and domain inefficiencies
- Build a world-class cybersecurity program that protects against internal and external threats
Here’s the link to register and add to calendar.
The Iran/Israel cyberwar.
There’s something uncomfortable about the ongoing cyber-operations in Iran and Israel that are clearly affecting civilians in both countries. Here’s the latest:
- The New York Times coverage is blunt: “Millions of ordinary people in Iran and Israel recently found themselves caught in the crossfire of a cyberwar between their countries. In Tehran, a dentist drove around for hours in search of gasoline, waiting in long lines at four gas stations only to come away empty. In Tel Aviv, a well-known broadcaster panicked as the intimate details of his sex life, and those of hundreds of thousands of others stolen from an L.G.B.T.Q. dating site, were uploaded on social media.”
- The Times of Israel reports on Tehran releasing the name, photo and address of an Israeli cyber security expert who specializes in Iranian hacking efforts.
- Haaretz’s coverage discusses Israel’s superior cyber capabilities but warns that fueling a cyber-conflict with Iran is not in Israel’s best interests.
Apple’s NSO Group/Pegasus lawsuit.
Just as I was about to hit send on last week’s newsletter, Apple dropped the NSO Group lawsuit bombshell. Let’s catch up quickly:
- Here’s Apple’s official announcement of the lawsuit.
- Here’s the link to the actual filing is here (pdf). It’s full of PR prose and poetry and anti-Android messaging.
- Citizen Lab’s John Scott-Railton covers Apple’s claims in detail.
- Apple has a new web page dedicated to notifications about state-sponsored malware attacks.
- If you’re received one of Apple’s alerts on nation-state targeting, Amnesty International can provide forensic support.
- Crowdstrike’s Jaron Bradley provides a detailed rundown of real-world APTs hitting Apple’s macOS platform. The article is an extension of this presentation on Macdoored.
- Sandfly was contacted to investigate an incident involving a novel piece of Linux stealth malware. The malware deployed a full stealth rootkit to hide itself, and in so doing was able to evade a market leading Endpoint Detection and Response (EDR) product.
- In the last few years, attackers have abused COM Objects to craft fileless attacks, evade defenses, bypass whitelisting, and even move laterally inside the organization using Microsoft RPC protocol. Amr Thabet provides a deep dive on COM objects, how to utilize them in your red teaming engagement and how to detect and protect your organization from them if you are on the blue team side.
- Zoom researcher Bill Demirkapi writes about abusing the Windows implementation of fork() for stealthy memory operations.
Essays.
- Gavin Wilde warns about the fetishization of offensive cyber capabilities to combat the ransomware wealth transfer: “Left unchecked, the fetishization of offensive cyber power risks becoming a self-reinforcing fixture of U.S. cybersecurity policy and international deliberation on norms. If the gauntlet is thrown down for military cyber units to conduct offensive operations against non-state entities abroad — particularly in retaliation for damages that are primarily financial and criminal in scope — the issue becomes as much about which behaviors the United States is endorsing as those it seeks to curb.”
- In August 2020, two FBI agents showed up unannounced on the doorstep of TechCrunch security writer Zack Whittaker asking for an audience on a story he had published the year before. “Legal demands against reporters are not uncommon; some even see it as an occupational hazard of working in the media. Demands often come in the form of a threat, almost always compelling the journalist or news outlet to retract a story, or sometimes even to stop a story before it’s published. Journalists covering cybersecurity — a beat rarely known for its chipper and upbeat headlines — are especially prone to legal threats by companies or governments wanting to avoid embarrassing headlines about their poor security practices.”
- Crossbeam CISO Chris Castaldo responds to a proposed bill in the U.S. Congress to deal with ransomware: “While Rep. McHenry’s bill is a good first step to counter ransomware attacks, further legislation is required to cover all ransom requests, regardless of an organization’s size or the industry they operate in, and simultaneously dissuade ransomware operators from targeting American businesses in the first place and incentivize businesses to mature their defenses against attacks.”
- Cisco Talos finds live exploitation of a zero-day elevation of privilege vulnerability in the Microsoft Windows installer.
- So far this year, researchers have documented 82 in-the-wild zero-day attacks. There were 38 documented in 2020.
Leftovers.
- CISA has published a mobile device security checklist for consumers and businesses.
- Chipmaker Intel has a secret facility in Costa Rica that is being used to stockpile legacy technology for security research.
- ProPublica does a feature story on Operation Fox Hunt, detailing how China sends covert teams abroad to bring back people accused of financial crimes.
- Suspected North Korean hackers use Facebook to cultivate relationship with targets before sending spear phishing emails.
- This Kaspersky Q3 report is full of juicy APT tidbits.
Tangentially.
- There’s a new Humble Bundle of cybersecurity books covering IoT hacking, practical malware analysis, attacking network protocols, and more…
- Simon Bell’s CVE Trends displays useful trending vuln data from Twitter and the NIST database APIs.