A quick Saturday digest of cybersecurity news articles from other sources.
I created this as a more feature-rich and modern version of a tool I found years ago and absolutely love by davidc. Early on when I was having to actually DO subnetting for work this tool was a real life saver and it just helped the concepts “click” for me.
from Reddit
A home-lab is a good way to gain hands-on experience on Network+ and Security+ concepts. I have put together a video on how to configure Pfsense (an open source firewall & router) as a virtual machine on your PC. You can check it out here: https://youtu.be/OAOSzd_2p2k
It has several features you can experiment with such as QoS, certificate management, IPsec, Captive portal, high availability(CARP), GRE, VLANs,DHCP, etc.
Will Google be replaced by AI? (The Scary Truth)
In this article, we cover the threat of AI towards Google, how Google uses AI itself, and how Google’s next move will impact the SEO industry.
As Google scrambles to respond to the meteoric rise of ChatGPT, an alarming question has arisen in the digital world, “will Google be replaced by AI?”.
It was rumoured that the search giant has had to issue a “code red notice”, stepping up their efforts to develop competing resources at a faster pace. Could this spell the end for the Californian behemoth? After all, some already claim “Google is done”.
From KumoSpace
Online meetings: collaboration made simple
Boost your team’s productivity with our intuitive online meeting software.
From Bruce Schneier
Typing Incriminating Evidence in the Memo Field
[2023.06.27] Don’t do it:
Recently, the manager of the Harvard Med School morgue was accused of stealing and selling human body parts. Cedric Lodge and his wife Denise were among a half-dozen people arrested for some pretty grotesque crimes. This part is also at least a little bit funny though:
Over a three-year period, Taylor appeared to pay Denise Lodge more than $37,000 for human remains. One payment, for $1,000 included the memo “head number 7.” Another, for $200, read “braiiiiiins.”
It’s so easy to think that you won’t get caught.
The US Is Spying on the UN Secretary General
[2023.06.30] The Washington Post is reporting that the US is spying on the UN Secretary General.
The reports on Guterres appear to contain the secretary general’s personal conversations with aides regarding diplomatic encounters. They indicate that the United States relied on spying powers granted under the Foreign Intelligence Surveillance Act (FISA) to gather the intercepts.
Lots of details about different conversations in the article, which are based on classified documents leaked on Discord by Jack Teixeira.
There will probably a lot of faux outrage at this, but spying on foreign leaders is a perfectly legitimate use of the NSA’s capabilities and authorities. (If the NSA didn’t spy on the UN Secretary General, we should fire it and replace it with a more competent NSA.) It’s the bulk surveillance of whole populations that should outrage us.
Self-Driving Cars Are Surveillance Cameras on Wheels
[2023.07.03] Police are already using self-driving car footage as video evidence:
While security cameras are commonplace in American cities, self-driving cars represent a new level of access for law enforcement and a new method for encroachment on privacy, advocates say. Crisscrossing the city on their routes, self-driving cars capture a wider swath of footage. And it’s easier for law enforcement to turn to one company with a large repository of videos and a dedicated response team than to reach out to all the businesses in a neighborhood with security systems.
“We’ve known for a long time that they are essentially surveillance cameras on wheels,” said Chris Gilliard, a fellow at the Social Science Research Council. “We’re supposed to be able to go about our business in our day-to-day lives without being surveilled unless we are suspected of a crime, and each little bit of this technology strips away that ability.”
[…]
While self-driving services like Waymo and Cruise have yet to achieve the same level of market penetration as Ring, the wide range of video they capture while completing their routes presents other opportunities. In addition to the San Francisco homicide, Bloomberg’s review of court documents shows police have sought footage from Waymo and Cruise to help solve hit-and-runs, burglaries, aggravated assaults, a fatal collision and an attempted kidnapping.
In all cases reviewed by Bloomberg, court records show that police collected footage from Cruise and Waymo shortly after obtaining a warrant. In several cases, Bloomberg could not determine whether the recordings had been used in the resulting prosecutions; in a few of the cases, law enforcement and attorneys said the footage had not played a part, or was only a formality. However, video evidence has become a lynchpin of criminal cases, meaning it’s likely only a matter of time.
From Bleeping Computer
Linux malware AVrecon infects 70K devices, builds botnet
Threat actors have used Linux malware called AVrecon to infect more than 70,000 devices with the goal of building a botnet out of small-office/home-office routers. The campaign has been active for two years and spans 20 countries.
From Naked Security
Google Virus Total leaks list of spooky email addresses
Careful with that file, Eugene!
Early disclaimer: this isn’t quite the mother of all data breaches, nor even perhaps a younger cousin, so you can stand down from Blue Alert right away.
As far as we can tell, only names, email addresses and employers were leaked in the wrongly shared document.
But what names they were!
The leaked list apparently made up a handy email Who’s Who list of global cybersecurity experts from intelligence agencies, law enforcement groups, and serving military staff.
Threat intelligence company Recorded Future and German news site Der Spiegel have listed a wide range of victims, including the NSA, FBI and the US Cyber Command in America, the German BSI (Federal Office for Information Security), the UK’s National Cybersecurity Centre…
…and we could go on.
Other countries with affected government ministries apparently include, in no particular order: Taiwan, Lithuania, Israel, the Netherlands, Poland, Saudi Arabia, Qatar, France, the United Arab Emirates, Japan, Estonia, Turkey, Czechia, Egypt, Colombia, Ukraine, and Slovakia.
Der Spiegel suggests that numerous big German companies were affected, too, including BMW, Allianz, Mercedes-Benz, and Deutsche Telekom.
A total of about 5600 names, emails and organisational affiliations were leaked in all.
JUL
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com