Hi there, i feel i say this every week but this week's newsletter will be very short and of lower quality then i would’ve liked, this is due to various reasons, but the biggest ones is that i got a appointment in the citty in 30 min or so and won’t be back before late, this wouldn’t really been much a problem in itself as i would’ve had more than enough time in the morning to get stuff together.
This is where the other problem comes in, to help me go through hundreds of sources of information (which include custom lists from twitter as well) i use the service called “feedly” to go trough, save and annotate all various things i come across to put it into this newsletter, this have worked fine up to now, and every Monday morning i do a last go trough of what may be worth putting in the newsletter, this is the day i normally also find most of my content. sadly, this morning. it seems to have stopped updating its feeds and the latest feed is 19days old, due to this, i have not been able to spend as much time to find much to report on this week and due to this, it may be slim or no newsletter next week as well sadly.
Also, DefCon/Blackhat have been going on this week so most people have been over there and thus things have been slim on the news front due to that as well.
Anyway, time's up, I gotta make an appointment to reach, so see ya all hopefully next week.
~Kazu
News Of Interest:
Cisco Hacked: Ransomware Gang Claims It Has 2.8GB Of Data
Kazu: cisco seems to manage get themselves hacked by the ransomware group known as "Yanluowang", but from the writeup by the talos intelligence group, which is owned by cisco, they did not manage to have a huge impact and apparently they only manage to get away with 2.8GB worth of data, but seems no ransomware was deployed.
the ransomware group also shared a txt file which listed all the files that they managed to supposedly grap, which include NDA's, Playbooks, business requests, code, schematics and other stuff that is more about their products, general business, etc. so PPI info should be limited from what i can see.
oh, also, for fun and to make it easier for people to see at a glance what files were taken, I decided to make a wordcloud out of the file list which you can find in my tweet below.
Tags: Ransomware, Attack, InfoSec
Ransomware attack blamed for closure of all 7-Eleven stores in Denmark
Kazu: seems the 7-Eleven in Denmark got hit by a ransomware by a unknown group, apparently it seems only the ones in Denmark was affected, which suggest that 7-Eleven either have systems is segregated from other countries or every country use their own systems so the attackers need to get country by country instead being able to hit them all at once.
Tags: Ransomware, InfoSec, Attack
Nvidia GPU shipments could plummet – meaning further price falls?
https://www.techradar.com/news/nvidia-gpu-shipments-could-plummet-meaning-further-price-falls
Kazu: GPU's have been a very expensive commodity for a couple of years now due to various reasons such as supply-chain issues for the cards itself as well as crypto miners have been hoarding them all, and those few that manage to hit the self and was not snatched by the crypto bros was incredible expensives. but with the production of cards starting to get back to a normal level as well as the crypto crash. they have started to get a lot cheaper again.
But as demand for GPUs have gone down due the crypto crash as well as people just having less to spend on non-essential things such as upgrading their GPU, the sales of them have gone noticeably down. However, due to this, we will likely see a further price decrease in the cards which means even if you could afford a card now, it may be a good idea to wait a bit more and possible get it cheaper.
Tags: Tech, Nvidia
Engineering, tools and cheat-sheets:
China Creates Its Most Powerful General-Purpose GPU Which is faster then Ampere
Kazu: Rest of the world's relationship with China can in short be described as a "beneficial relationship", as long as China believes it can benefit from other countries, it will allow other countries to benefit from it. but if they start being able to make technology which wastely surpass other countries, that may change.
All that to say that while this is very noteworthy from an engineering perspective, it may also be another brick in the wall for China to reduce their independence from the outside world, which may not be a good thing overall.
Tags: Tech, GPU, News. China, EE
Web Proxy Event Analysis Cheat Sheet
Kazu: Florian created this "Web Proxy Event Analysis Cheat Sheet" a couple of years ago, then he forgot it existed until @hackinarticles reminded him about it, so decided I may as well add it to my newsletter for others who either didn't know or also forgot about it.
Tags: InfoSec, Cheat-Sheet, Analysis. Pentesting, Network, Security
BlueHound: Bloodhound for the Blue team
https://zeronetworks.com/blog/bluehound-community-driven-resilience/
Kazu: for a long time now, the red team have been enjoying the benefits of bloodhunt in their pentest and
redteam engagements. Meanwhile, the blue team have kinda been left to try to defend using multiple tools and dealing with extra pain and waste of time trying to put them all together into an understandable and actionable format. this is where bluehound comes in, the tool which will make gathering, analyzing and reporting on vulnerabilities within your infrastructure and based on a quick read about it, it appear to be something that can end up being "the facto"tool for blue teams the same way bloodhound was for redteamers/pentesters.
Tags: InfoSec, Blue team, Defense, open-source, Tool, network, bluehound