Random in Security is a summary of the cybersecurity news.
Running a honeypot is always a nice and easy side project. Sofiane Hamlaoui published two articles on this topic. The setup of Cowrie as an SSH honeypot is part of the initial article. The other article provides some details on the results Sofiane observed after running the honeypot for some time. The latter article contains some cool examples of malware. Interestingly, that article was also published prior to other for the setup of Cowrie.
Kyber is a lattice-based key encapsulation mechanism (KEM). Dilithium is a lattice-based digital signature algorithm (DSA). Both have been standardized by the National Institute of Standards and Technology (NIST) as part of their post-quantum cryptography initiative.
Alfred Menezes offers a comprehensive introduction to both quantum-safe cryptographic schemes. The course is structured into several video lectures, each focusing on specific aspects of Kyber and Dilithium:
In the 2024 Q3 earnings call of META Mark Zuckerberg expressed enthusiasm for integrating AI-generated content:
I think we’re going to add a whole new category of content, which is AI generated.
This is fine. 404 Media discussed this in an article.
Sophos has unveiled a comprehensive report titled “Pacific Rim,” detailing a five-year defensive and counter-offensive operation against Chinese nation-state adversaries targeting its firewall products.
X-Ops built a specialized kernel implant to deploy to devices that Sophos had high confidence were controlled by groups conducting malicious exploit research
The cybersecurity company utilized their security product to deploy backdoors. Would this qualify as a hack back? Ahack back referrs to launching a counterattack aimed at disabling or collecting evidence against the perpetrator.
The Atlantic Council’s Digital Forensic Research Lab (DFRLab) published a report on the global spyware market. DFRLab also has an overview in the another related article. And even Google TAG had an article in early 2024 about the spyware market and commercial surveillance vendors.
Some documents for the trial of WhatsApp against NSO Group were unsealed:
Reading through the documents the following events transpired:
And some additional details about the operational security of NSO Group are also included:
Greencloud’s records indicate that the 104.223.76.220 IP address was leased in 2019 to a “Lisa Hoover,” who paid in Bitcoin and registered with a Gmail account. NSO admits to using Bitcoin “for setting up anonymized VPS,” […] and produced documents indicating it used Gmail for anonymized accounts. Because only NSO could have hardcoded the IP address intot he Malware Vectors’ messages, NSO must have leased the QuadraNet server, too.
EvilURL is a cybersecurity tool designed to safeguard against IDN Homograph Attacks