Welcome back to the Kraven Security weekly newsletter, triaging the week. We round up the week’s top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!
Top 5 News Stories
Threat Actors Increasingly Target macOS
macOS is increasingly targeted by threat actors, with a notable rise in malware and infostealers.
Top 3 takeaways:
🪲 The most common macOS malware in 2023 was infostealers, which collect sensitive data like login credentials and session cookies.
🧑💻 Although less common, macOS ransomware is emerging, with some groups developing strains specifically for Apple devices.
🎯 Several high-risk vulnerabilities have been identified in macOS, making it a target for exploitation.
FBI Targets Dispossessor Ransomware Group
The FBI, in collaboration with international agencies, seized servers and websites of the Dispossessor ransomware group.
Top 4 takeaways:
🎯 Dispossessor targeted small to mid-sized businesses, exploiting vulnerabilities and weak passwords.
⚡️ The group stole data and encrypted devices, demanding ransom and threatening to leak stolen data. They used dual-extortion methods, encrypting data and threatening to release it unless a ransom was paid.
🌎 The group targeted businesses across various sectors in multiple countries, including the U.S., U.K., Germany, and more.
🪲 Dispossessor reposted data from other ransomware attacks and used the LockBit 3.0 encryptor for their attacks.
Flaw in GitHub Action Artifacts Expose Sensitive Tokens
The research highlights a security flaw in GitHub Actions artifacts, which can leak sensitive tokens, including GitHub tokens and third-party cloud service tokens.
Top 3 takeaways:
🧑💻 Vulnerable artifacts were found in major open-source projects from companies like Red Hat, Google, AWS, Canonical, Microsoft, and OWASP, potentially affecting millions of users.
⚡️ Attackers can exploit leaked tokens to push malicious code, access secrets, or execute remote code, posing significant risks to CI/CD pipelines.
🛡️ Users are advised to use tools to scan artifacts for secrets, reduce workflow permissions, and adopt a proactive security approach to protect against such vulnerabilities.
Multiple Vulnerabilities Found in AI-Powered Azure Health Bot
Two security flaws were discovered in Microsoft’s Azure Health Bot Service, potentially allowing unauthorized access to sensitive patient data. These issues have been patched by Microsoft.
Top 4 takeaways:
⚡️ Tenable Research found multiple privilege-escalation issues in the Azure Health Bot Service via server-side request forgery (SSRF), allowing access to cross-tenant resources.
🪲 The vulnerabilities involved bypassing built-in safeguards using redirect responses to obtain access tokens and list subscriptions.
🩹 Microsoft quickly acknowledged the issue, introduced fixes, and confirmed no evidence of malicious exploitation.
🧠 The vulnerabilities highlight the importance of traditional web application and cloud security mechanisms in AI-powered services.
The Latest Insights on the Attack Surface Landscape
Unit42 have released their Attack Surface Threat Report that explores the attack surface landscape of 265 global organizations worldwide.
Top 4 takeaways:
📈 Organizations add over 300 new services monthly, leading to significant new exposures.
🏭 The media and entertainment industry adds the most new services, while critical sectors like finance and healthcare add over 200 services monthly.
⚠️ Over 23% of exposures involve critical IT and security infrastructure, increasing the risk of opportunistic attacks.
🛡️ Recommendations include active attack surface management (ASM) and using tools that provide better visibility and defense.
Top Tips of the Week
Threat Intelligence
- Leverage threat intelligence in cloud security. Adapt your strategies to address the unique challenges of securing cloud environments.
- Educate leadership on the value of CTI. Secure executive support for robust threat intelligence programs.
- Incorporate CTI into security awareness programs. Educate employees on recognizing and reporting potential threats.
Threat Hunting
- Implement a threat intelligence sharing agreement with trusted partners in cyber threat hunting. External collaboration enhances overall capabilities.
- Continuous learning is key. Stay updated on the latest threat techniques, tools, and trends for effective threat hunting.
Custom Tooling
- Incorporate user feedback into the evolution of custom tools. Understand user experiences and needs to drive continuous improvement.
- Implement a robust testing framework for custom tools. Comprehensive testing ensures reliable performance in diverse scenarios.
Feature Article
Intrusion analysis is a fundamental skill that all cyber security and threat intelligence analysts must have. It requires detecting, triaging, investigating, and responding effectively to an incident – the bread and butter of cyber defense.
This guide will teach you how to do just that. You will learn what intrusion analysis is and how to perform it using a four-step process. You will also see some tools and technologies that will aid you. Also included are some cheat sheets to help you know what to look for, where to find it, and how to use it during your analysis.
Let’s jump in and start exploring intrusion analysis!
Learning Resources
Effective Time Management Strategies
Time management is hard. If you’re like me, you struggle to fit everything you want to do in a single day or week. This video provides practical advice on how to manage your time effectively while working a full-time job. It emphasizes prioritizing meaningful activities and creating a realistic schedule.
Learn to Setup Defender for Office 365
This comprehensive guide explains how to set up Microsoft Defender for Office 365. It covers the differences between Plan 1 and Plan 2, the importance of configuring the settings correctly, and detailed steps for applying preset and custom security policies.
This is a great introduction if you use Microsoft Defender to protect your organization.
The Value of a Side Hustle
Explore the value of having a side hustle. This video highlights the personal experiences and benefits a side hustle can bring, such as skill expansion, income stability, and career growth.
Although this video focuses on software developers, side hustles are valuable for anyone in technology and offer an opportunity for both personal and professional development.
Auditd Logging on Linux
Auditd is an essential logging technology you should know if you are protecting Linux machines. This excellent video covers setting up Auditd, configuring rules, and using a plugin to convert logs into a more readable format.
A must-watch for those protecting Linux machines (then check out Sysmon for Linux).
Personal Notes
🤔 This week was another one heavily focused on improving our email marketing and sales pipeline.
The easiest way to get someone to buy your product is to overwhelm them with value. In our email sales funnel, share tips, common mistakes and problems, excellent resources, career guidance, templates, personal stories, testimonials, behind-the-scenes content, frequently asked questions, and more!
We want every student (whether they buy or not) to get something of value whenever they interact with Kraven. This could be a template showcasing how to structure your Intelligence Requirements, a video demonstrating the latest CTI techniques, or a blog article offering advice. All for free!
These past few weeks have been focused on translating these free resources into email campaigns. I am really excited to get them going soon and share them with everyone!
