It’s Monday again, for better or worse, which means it’s newsletter time!
Knowledge decay is a scary thing, you learn how things work, then write them up as something you know, then months pass without making much use of the knowledge and before you know it, you barely know anything more.
Naturally, more experience you have with something, less slowly knowledge decays, but it all decays nonetheless, so it’s important that you keep practicing the skills you want to keep and not spend forever doing other things and then when you get back to it, your realise you forgot half of the things you once did and look/feel like a idiot.
Anyhow. In this release, people are getting mad at facebook(as usual), new VR headset release, YouTube throwing more ads in your face(ofc they do), LockBit3.0 builder was leaked and Reverse Engineering tool going open source.
~Kazu
News of Interests:
Facebook users sue Meta for bypassing beefy Apple security to spy on millions
Kazu: Facebook is at it again and now has been found to try to circumvent Apple users decision to opt out of tracking as the company have most of its earnings through harvesting and selling user data to others. When the company could no longer gather their information the normal way, they decided to make an in-app browser where they could inject their own code to spy on everything a user does.
This however is something some users are not too happy to find out and is now suing Facebook on the behalf of everyone who have been affected by this. where it will end up is still yet to see, lawyers are expensive and Facebook have a lot to burn on legals compared to others.
Tags: Facebook, Apple, iPhone, Privacy, law, lawsuit, News
YouTube Targets TikTok With Revenue Sharing For Shorts
Kazu: Just Greeeeat, not enough to force ads down people's heads all the time with regular videos, but now they are also going to force ads on you just to watch a few seconds of their shorts. Which I have a certain disdain for already, and this isn't exactly helping.
Tags: Google, YouTube, Ads, Shorts, partner program, technology, News
TeamTNT Hits Docker Containers via 150K Malicious Cloud Image Pulls
https://www.darkreading.com/cloud/teamtnt-docker-containers-malicious-cloud-images
Kazu: Someone decided to set up a docker honeypot with exposed REST API to understand how actors are exploiting it and ended up trapping the crypto mining group known as TeamTNT where they attempted to exploit the exposed Docker daemon not only once, but 3 times.
This also lead to some interesting findings where the researchers manage to discover multiple credentials for DockerHUB accounts under TeamTNT's control leading to discovery of docker containers with multiple malicious tools which have been pulled over 150k which translate to alot of infected docker servers.
Tags: Docker, Malware, TeamTNT, InfoSec, DFIR, News
Google’s new Chromecast is ultra-cheap but cuts out support for 4K resolution
Kazu: Google are releasing a new Chromecast, this however is a return to basics with them making it cheaper by cutting stuff like 4k resolution as well as Dolby vision (which are supposed to make things look better). but should still work just fine unless you are extremely picky, it also has 500mb less memory, but since it now is on 1080p again instead of 4k, it likely doesn't need it.
The device will also likely have a lot better performance then the one they sold many years back since it's a newer version and technologies improves with time and all that.
Why is Google doing this? Well, Google have recently had a new interest for their google TV which they said will be improved and already have a wide selection of apps and there's a likelihood they will add more live channels in the close further as well.
Tags: Technology, Google, Chromecast, Google TV, News
ByteDance's Pico reveals its latest VR headset Pico 4
https://www.engadget.com/pico-4-vr-headset-bytedance-150028514.html
KazuL Bytedance, which also own TikTok, have released their new VR headset, Pico 4, which is to compete with Meta Quest 2 which will have a Qualcomm XR2 processor, Adreno 650 GPU and 8GB with up to 3 hours battery usage and higher than 4k resolution. Naturally, it can also be used on it’s own, but to get the best out of it, you still need a computer..
It also has 4 external cameras and full-color passthrough, naturally, since it’s owned by the company who owns TIkTok, you can both view and post to it from the device. The device currently has 165 games with more added weekly and they also work to bring Live sports and Concert features to it as well.
Normally i couldn’t possibly care less about VR and all that stuff, but anything that competes with facebook i am all for.
Tags: Technology, News, VR, Release, Pico 4
Look who's fallen foul of Europe's data retention rules. France and Germany
https://www.theregister.com/2022/09/21/eu_data_retention/
Kazu: Turns out that ECJ don’t like when countries are retaining and collecting more information on citizens than needed without justified reasons and have been told off for it, which is definitely a win for privacy people.
Tags: Privacy, ECJ, EU, European Court of Justice, France, Germany, Law, News
Other things of interests:
Quick Overview of Leaked LockBit 3.0 (Black) builder program
https://medium.com/s2wblog/quick-overview-of-leaked-lockbit-3-0-black-builder-program-880ae511d085
Kazu: LockBit 3.0's builder program has been leaked recently by someone from inside the group it seems and many analysts quickly threw themselves on it to figure out how it works.
While there's likely many other articles which go into how it works and possibly in much better detail than this one since it's just a quick overview, it is what I have at hand already but should be informative enough about the workings of the builder.
Tags: Malware, LockBit, InfoSec, CTI, Reversing, DFIR, APT
Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
https://decoded.avast.io/janvojtesek/raspberry-robins-roshtyak-a-little-lesson-in-trickery
Kazu: Malware authors try to avoid getting discovered, but when they do, they try to avoid others from finding out how their malware works by obfuscating as much of their code as they can as well as adding traps and ways to confuse anyone who tries to analyse them. Some are very basic and easy to deal with while others require some more work. Then there's stuff like 'Roshtyak' who decided to turn everything up to 11 with traps and fakes like it's the damn series finale of yu-gi-oh.
Tags: DFIR, RE, InfoSec, Malware, CTI, Analysing, Writeup
Don’t Miss the Dragos Capture the Flag (CTF) Event at DISC 2022
https://www.dragos.com/blog/dragos-capture-the-flag-event-at-disc-2022/
Kazu: While this is in november which is a while to, i decided to mention it now since i got it here and people usually like being aware of things a decent time ahead of time anyway, so may as well.
In november Dragos will hold their annual 'Dragos Industrial Security Conference' which focuses on ICS/OT cyber security which is something worth attending if you work within ICS/OT. however, the days before on nov 2-4 there will also be a free CTF you can attend.
This one will naturally be ICS/OT focused and lean heavily on the defensive/forensic aspect of things and is open for all skill levels. so if this sounds interesting, it may be worth looking into registering for it.
Tags: CTF, ICS, OT, InfoSec, DFIR, Forensic, Defence, Dragos, DISC
The Ungodly Surveillance of Anti-Porn ‘Shameware’ Apps
https://www.wired.com/story/covenant-eyes-anti-porn-accountability-monitoring-apps/
Kazu: the religious fanatics can call it what they want, regardless if it's installed by consent or not. if it looks like a spyware, looks like a spyware and quacks like a spyware, then it is a spyware. I was considering just skipping over this article as less I have to do with religious stuff thus better, but I decided against it as I decided it was important enough for people who may come across the apps or names to know what they are and what they do so they are aware of it.
Tags: Spyware, religion, Surveillance, privacy, Technology, InfoSec
PEbear Now open-source
PEbear, the GUI based Portable Executable Reversing tool is not open-source, which means that for all the people who have stuff that you want to improve or add, now you can finally do it yourself if you want!