Weekly cybersecurity news July 26, 2023 with Dr. Chase Cunningham

News By Daniel Michan Published on July 26, 2023

Hey, it's Chase Cunningham, Dr. Zero Trust. I'm going to give you the top 10 things you need to know in cyber this week. I'm here for Cybersecurity HQ, so let's get into this.

Number one, SSH Vulnerability on Linux. Yes, folks, Linux gets hacked too. This article's on the hackernews.com. There's a massive open SSH vulnerability with Linux. Go out there and check. And as always, don't suck at patching. Looking on Showdown this morning, there was somewhere in the neighborhood of 3 million worth of these poking around on the internet. Does that mean all of them are compromised? No. Does it mean that it possibly could be a percentage? Absolutely. So make sure you go take care of that.

Along the lines of not sucking at patching, there's an issue in the Hacker News published on Citrix and NetScaler with their gateway. Their gateway did have vulnerability published this week. It's a pretty substantial one. If you're running Citrix or NetScaler, go patch your stuff. It's that simple.

There is an article about using ChatGPT to create ransomware. This didn't take long. It was a matter of time. It's actually already becoming a thing. You don't have to be a coder anymore to build malicious programs. You don't have to have a degree in computer science. We have commoditized the avenue of exploitation, and we are going to continue to see an increase in these types of attacks. So if you were hoping that things were going to get better, they're not. It's not that it's time to be afraid and doom and gloom, but it's time to be aware that this is continuing the commoditization of malicious activity across the internet.

The Washington Post has an article about a pro-China influence campaign has infiltrated US news websites. This leads to disinformation, misinformation, et cetera. You have to pay attention to what's going on with the news. Make sure that you validate and vet all your sources and be aware that there are active campaigns by enemy and adversary nation states to compromise the truth, if you will, within the news and media cycle. Why are they doing this? Because you can manipulate what people think. You can manipulate perception. And ultimately, you can affect global outcomes depending on what things you can get to. So know this, it's a real thing. This is on the Washington Post. Check it out.

If you want to sell more cybersecurity, what's the number one thing that you can do to actually close those deals? Enable compliance. People buy by compliance all day long. This is number five on my newsletter this week, and it basically is saying that if you're going to sell security and you're trying to have a competitive advantage as a vendor, enable compliance. People buy compliance. Why? Because it keeps you out of jail. It says that you've done the minimum, et cetera, et cetera. But again, compliance is always the floor is not the ceiling.

There's 200 million taxpayer dollars tied to the FCC that's putting a program in place to help school districts combat cyber attacks. This is 200 million of our taxpayer dollars going into stuff along with the FCC when there's already projects and programs in place. To me, this seems excessively redundant. It's another nearly quarter of a billion dollars that's going towards something that should be taken care of by the districts. And as a parent with kids in school, during COVID I can tell you that personally, I saw school districts ignore cybersecurity requirements and legislation. And yes, there was some requirement to get stuff up so that kids could work remote, but this is not necessarily needed. There's better ways to use $200 million in my opinion.

Right. So Microsoft has said that now they're going to offer free logging with their stuff that's online after a breach, which is interesting and cool, but the question would really be, why should you have to pay for this service in the first place? They say it's $75, but again, it just seems like this is an additive sort of tying stuff on and making more money for the sake of making money. And yes, there's internal logs and whatever else. This is a service sort of thing that they tie into this, but it just begs the question of why is this even something that anyone should have to pay for? If you've got data and you've got a way that people can leverage it, shouldn't it be part of the service you're already paying for?

There's an article 10 Tips for SMBs that Aren't Stupid. It's actually about essential small business cybersecurity. I said that aren't stupid. This is the basics of what we talk about all the time, multi-factor authentication, using the cloud if you can, microsegmentation, isolation, all of the best practices that everyone's been talking about for years and lots of people ignore, they're in this article. If you're a small and mid-size business and you're looking for 10 basic things to think about, go check this one out. It's on hackery.com.

Dell has launched a Fort Zero something or another. Not exactly sure what Fort Zero is, but it has something to do with Dell's investment and growth in Zero Trust. They're doing a lot of work in Zero Trust. They're running a lot of stuff for the federal government. It's interesting to see that there is a large company like this that is dedicating such an effort to this particular project and program. I would say that this is worth folks time to look at and kind of see where things are trending.

And then there's an article about open source supply chain attacks. This begs the question in my mind of like, how do we do SBOM? Everyone talks about SBOM and shift left and dev, whatever else. We don't build software the way that we used to 10 years ago. We don't build software the way that we used to five years ago. How are you going to put a program like SBOM in place when we're getting so much software that's cobbled together from the many pieces of things that are out there on the open internet, open source especially? Tie on top of that APIs and the way that developers do developing, and I don't think developers should be security people, for the record.

I don't want to be a developer person. I want to do security. We have technology that should eliminate the need for that cross pollination. But this is going to be more programmatic or it needs to be more programmatic. This is going to be more problematic right now because of the fact that this is not an easily controlled thing. And anyone telling you that they can put this genie back in the box, they're probably lying to you. We don't have the capability to do this at speed and scale.

So that's it for this week. Top 10 things under six minutes, six and a half, reporting for Cybersecurity HQ. This is Dr. Chase Cunningham.