Hello there, here is the new newsletter, this one also two weeks after the last one, in the beginning when i started this all, i managed to keep it to a weekly basis, but as other projects and things i had to do keep popping up, it kinda slided into a bi-weekly one, hopefully i can manage slide it back into a weekly one at some point in the future:)
For a good while now, i have been annoyed by the various limitations of current solutions i use for file storage and sharing, and long time ago, i looked into self-hosting everything myself using owncloud/nextcloud, but never actually managed get around to do so, then i decided to change my VPS provider couple weeks ago and noticed they have had a easy way to deploy a nextcloud VPS and i thought about it again..
So after some thinking, and calculations, i decided i may as well just do it since it didn’t appear to be that expensive for a reasonable amount of resources for it, so i did. what i soon discovered however(shouldn't really be surprised) was that while setting up a NextCloud in a “functioning” state is easy and able to be used right away, making it look and perform correctly and optimally was another matter entirely.
Not so much that everything is super complicated(couple commands here and there and done), but more there’s a lot of options and so forth, which naturally mean a lot of documentation to go through to make sure everything is done correctly and optimally, all this however takes time to do naturally.
I also found out there was an APP store where I could add extra functionality such as Dark mode, calendar, 2FA, and a lot of other apps, so naturally, i decided to install a bunch of them of course.
I figured that since i still are setting everything up and don’t actually have any files uploaded yet, i may as well try a bunch of various stuff and see what breaks or demand way too much resources and so forth, this however means a lot of extra things i need to go trough in terms of documentations, so this also adds time to everything.
I know, a lot of words to say “i decided to set up a nextcloud server and it was a lot more work then planned which did take up most of my last week or so and properly will the next couple as well”
~Kazu
NEWS:
Elon Musk probably won’t buy Twitter
https://www.reuters.com/article/us-twitter-m-a-tesla-breakingviews-idDEKCN2MJ1MR
Kazu:for the last couple weeks, there's been quite a stir regarding the possibilities of elon musk buying twitter and what it would mean for the place, but lately it seems elon may decide to back out of a possible deal, likely due to possible expected economic outfall from it all with his tesla shares falling quite a bit and the fact they are produced in a country which don't like twitter which could cause additional unwanted side affects.
You Need to Update iOS, Android, and Chrome Right Now
https://www.wired.com/story/ios-android-chrome-updates-april-2022/
Kazu: these last couple of months have seen hundreds of security related updates released for products such as for apple, microsoft, android, chrome, oracle and so forth with some being highly critical, if you have avoided updating for a while, then now may be as good as time as any to make sure everything is as updated as possible, before something does happen.
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
kazu: Microsoft seems to have discovered a exploitable vulnerability in systemd's "networkd-dispatcher" such as directory traversal, symlink race and "time-of-check-time-of- use" race condition which can be abused in a attack chain to do malicious activity such as deploying payloads, root level backdoor and so forth.
Apple’s Private Relay can cause the system to ignore firewall rules
Kazu: The VPN provider known as "Mullvad VPN" has apparently discovered that Apple's Private Relay feature can cause the system to ignore firewall rules, which if true may be somewhat of a concern.
Meta says its metaverse biz lost another $3B… but the 2030s will be ‘exciting’
https://techcrunch.com/2022/04/27/meta-facebook-q1-2022-earnings/
Kazu: according to the reports, Facebook's "Reality Labs" have(unsurprisingly) been a huge money sink for them operating at a loss and lost them more then 10 billion last year and just in this Q1 lost almost 3 billions, but they promise that 2030s will be "exciting", whatever that means, which can't be anything good for majority of people i am sure.
OTHER INTERESTING THINGS WORTH A LOOK:
Emotet Tests New Delivery Techniques
https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques
Kazu: We once thought we managed to get rid of the people behind emotet some while back, but like a virus, they keep popping up again if you don't eradicate them all, and sure enough, less then a year after, they appeared again doing large scale attacks like before they were disrupted.
But it seems they have been possible testing out new TTP's during their "Spring Break" doing low volume attacks which differ from their normal ones, these attacks contained OneDrive URL's leading to a zip archive with a XLL file hiding Emotet.
They have since resumed their typical activity before their "Spring Break" so it's still uncertain if these low-volume attacks will be observed further in the future and if so, if they will replace current activity or be used in parallel with their current ones.
Trello From the Other Side: Tracking APT29 Phishing Campaigns
https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns
Kazu: a look into the TTP's of the Russia state backed APT29([previously also tracked as UNC2652/UNC2542 but since been merged) who have been tracked since 2014 by mandiant and targets diplomatic organizations and governmental entities around the world with phishing attacks.
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
Kazu; A new APT targeting gambling sites which have been named "Earth Berberoka" have been discovered, this group appears to have some connection with China based upon the multiple of tools this ATP make use of which are attributed to that country, although this may not be the case.
In this article the groups TTP's are looked into more closely and how it works(and don't work) which are certainly a interesting read in my opinion.
MITRE ATT&CK v11 - a small update that can help (not just) with detection engineering
Kazu: last couple of years, "MITRE ATT&CK" have seen a increased usage, especially within SOC environment and such for mapping, detections, SIEM correlation rules and so forth, and now MITRE have released a new version of the framework which aims to make such use cases easier and better than before
Special Report: An overview of Russia’s cyberattack activity in Ukraine[PDF]
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd [DIRECT DOWNLOAD]
Kazu: microsoft out with a new lengthy special report on russia's cyberattacks against Ukraine which contains a lot of things nicely summarized and condensed of things that have happened up to this point.
Researchers develop a paper-thin loudspeaker
https://news.mit.edu/2022/low-power-thin-loudspeaker-0426
Kazu: it appears some researchers have managed to produce a speaker which is almost as as thin as a thick paper, while this is still in the early development phase, this may in the future allow for speakers in places where before it was not possible which in turn can possible help in making everything else smaller due to less space needed compared to a traditional speaker, although this is yet to been seen if actually possible or not.
Businesses are adopting Windows 11 more quickly than past versions, says Microsoft
Kazu: according to recent reports, it seems businesses in a surprise twist are adopting to Windows 11 faster then in the past while normal consumers are not moving to it as quickly as they did for win10, which is a surprise indeed consider how most businesses have been very careful about adopting new OS's with some still running win7.