Random in Security 202446

Covering the recent security news

3 min read - 589 words

Introduction

Random in Security is a summary of the cybersecurity news.

Interesting Reads

Hack the Hacker - How to Setup an SSH Honeypot

Running a honeypot is always a nice and easy side project. Sofiane Hamlaoui published two articles on this topic. The setup of Cowrie as an SSH honeypot is part of the initial article. The other article provides some details on the results Sofiane observed after running the honeypot for some time. The latter article contains some cool examples of malware. Interestingly, that article was also published prior to other for the setup of Cowrie.

Kyber and Dilithium – Cryptography 101 with Alfred Menezes

Kyber is a lattice-based key encapsulation mechanism (KEM). Dilithium is a lattice-based digital signature algorithm (DSA). Both have been standardized by the National Institute of Standards and Technology (NIST) as part of their post-quantum cryptography initiative.

Alfred Menezes offers a comprehensive introduction to both quantum-safe cryptographic schemes. The course is structured into several video lectures, each focusing on specific aspects of Kyber and Dilithium:

Zuckerberg: The AI Slop Will Continue Until Morale Improves

In the 2024 Q3 earnings call of META Mark Zuckerberg expressed enthusiasm for integrating AI-generated content:

I think we’re going to add a whole new category of content, which is AI generated.

This is fine. 404 Media discussed this in an article.

Sophos Defending Forward

Sophos has unveiled a comprehensive report titled “Pacific Rim,” detailing a five-year defensive and counter-offensive operation against Chinese nation-state adversaries targeting its firewall products.

X-Ops built a specialized kernel implant to deploy to devices that Sophos had high confidence were controlled by groups conducting malicious exploit research

The cybersecurity company utilized their security product to deploy backdoors. Would this qualify as a hack back? Ahack back referrs to launching a counterattack aimed at disabling or collecting evidence against the perpetrator.

Mapping the Global Spyware Market

The Atlantic Council’s Digital Forensic Research Lab (DFRLab) published a report on the global spyware market. DFRLab also has an overview in the another related article. And even Google TAG had an article in early 2024 about the spyware market and commercial surveillance vendors.

Unsealed court documents for WhatsApp versus NSO Group

Some documents for the trial of WhatsApp against NSO Group were unsealed:

Reading through the documents the following events transpired:

  1. NSO intentionally accessed WhatsApp’s servers and the target devices
  2. NSO accessed WhatsApp Servers and the Official Client on Target Devices without authorization or exceeded any purported authorized access.
  3. NSO bypassed the restrictions built into the official client.
  4. NSO circumvented plaintiffs’ 2018 security updates.
  5. NSO developed, tested, and used a WhatsApp malware vector after plaintiffs filed this action and revoked NSO’s access.
  6. NSO exceeded any purported authorization to access WhatsApp’s server.
  7. NSO acessed target devices without authorization.

And some additional details about the operational security of NSO Group are also included:

Greencloud’s records indicate that the 104.223.76.220 IP address was leased in 2019 to a “Lisa Hoover,” who paid in Bitcoin and registered with a Gmail account. NSO admits to using Bitcoin “for setting up anonymized VPS,” […] and produced documents indicating it used Gmail for anonymized accounts. Because only NSO could have hardcoded the IP address intot he Malware Vectors’ messages, NSO must have leased the QuadraNet server, too.

Tools

evilurl

EvilURL is a cybersecurity tool designed to safeguard against IDN Homograph Attacks