REvil Gang Arrested, 5G & Airplanes, Zoom Zero-Click, & Stolen Brownies – PSW #724

Paul Asadoorian

1. Use Twitter as well as CVSS to prioritize security patches
   "Prioritizing vulnerabilities with exploit code is 11 times more effective than Common Vulnerability Scoring System (CVSS) scores in minimizing exploitability," said CTO and co-founder Ed Bellis in a blog post on Wednesday. "Mentions on Twitter, surprisingly, also have a much better signal-to-noise ratio than CVSS (about 2 times better)." - Interesting...
2. Google Docs ‘comments’ used to launch phishing attacks, send malicious content
   "According to the researchers, the hackers add a comment to a Google Doc. The comment then mentions the target with an @. In doing so, an email with the bad links and text gets automatically sent to the victim’s inbox via Google. The attackers don’t show the email address, just a name, typically one that’s impersonated."
3. Zooming in on Zero-click Exploits
4. REvil ransomware gang arrested in Russia
   Pay no attention to the Ukraine thing, we arrested REvil!
5. Linux malware is on the rise. Here are three top threats right now
   "According to CrowdStrike, some XorDDoS variants are built to scan and search for Docker servers with the 2375 port open, offering an unencrypted Docker socket and remote root passwordless access to the host. This can give the attacker root access to the machine. " - Target all the Linux things, except for the desktops...
6. North Korean hackers stole nearly $400 million in crypto last year
   How accurate could this number be? How do we know who is stealing what?
7. Organizations Face a ‘Losing Battle’ Against Vulnerabilities
   “Only an approach that turns that weakness into a strength—by adopting the same tools, techniques and mindset as attackers to uncover vulnerabilities before they do—leads to success,”
8. Zoom vulnerabilities impact clients, MMR servers
   "The two vulnerabilities Silvanovich found could only be exploited for interactionless attacks when two accounts have each other in their Zoom Contacts. This means that the prime targets for these attacks would be people who are active Zoom users, either individually or through their organizations, and are used to interacting with Zoom Contacts. "
9. Researcher Discloses Unpatched Vulnerabilities In NUUO NVRmini2
10. ‘Zero-Click’ Zoom Vulnerabilities Could Have Exposed Calls
11. A German Teen Took Control of Teslas by Hacking a Third-Party App
    "Crucially, he said he cannot control the most important functions of the cars remotely, such as steering, accelerating, and braking. But he could still wreak some havoc."
12. Nine-year-old kids are launching DDoS attacks against schools
    "But it's not just a warning for those who search for "stresser" and "booter" services which provide an easy way to launch a DDoS attack against a school's network. The campaign also aims to influence young people, who might be considering engaging in cybercrime, to feel motivated to exploit their technical prowess in an ethical career in the technology, gaming, or cybersecurity industries." - Booters are not for children, or adults for that matter!
13. Microsoft warns of destructive disk wiper targeting Ukraine
14. Safari and iOS users: Your browsing activity is being leaked in real time
15. Preparing For the Next Cybersecurity Epidemic: Deepfakes
16. Oracle’s First Security Updates for 2022 Include 497 Patches
    "Oracle plans to release the next set of quarterly patches on April 19." - How do we move faster to a more DevOps-style approach where we patch and fix in smaller sprints?
17. S.D. Mom Accidentally Serves Son’s Pot Brownies at Senior Center, and He Is Charged
    My Mom stole my brownies...
18. 5G phones: How serious is the threat to US flights?

Larry Pesce

1. Destructive malware targeting Ukrainian organizations – Microsoft Security Blog
2. CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats
3. DNA tests prove milkman fathered over 800 children in California