TWINN #129 What happens when security systems are insecure?
Article Contents
The 5 Top Cyber Security Stories Of The Week – June 19, 2023
1. A simple bug exposed access to thousands of smart security alarm systems
“The vulnerability is known as an insecure direct object reference, or IDOR, a class of security bug that allows unchecked access to files, data, or user accounts because of weak or lacking access controls on a server.”
2. Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away
“Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs.”
3. Mandiant says China-backed hackers exploited Barracuda zero-day to spy on governments
Further to last week’s coverage on this, “China-backed hackers are likely behind the mass-exploitation of Barracuda Networks’ email security gear, which prompted a warning to customers to rip out and replace affected devices.”
4. Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems
Significant IOC (indicator of compromise) is if your macOS has ever reached out to www.git-hub.me, not an actual GitHub-owned domain. Zero Trust connectivity for the win! We need protection before we can identify it.
5. Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks.
All week Microsoft ignored requests for responses on Outlook, Azure problems and without referencing any of those complaints and requests, offered this response.
Did you know?
In iOS17 my favourite new feature is the live voicemail transcription that allows you to pickup the call while someone leaves a message. Powerful productivity hack for those wanting to waste no time on unproductive inbound calls.
Video version to return next week when I am back from Infosec Europe.
