TWINN #102 – 14 Days from Disclosure to Exploit
Article Contents
In software development culture, we have had white light thinking for decades; imagining the possibilities of how we can write code to make life better, accelerate commerce, do the heavy lifting, anything that can be monetized. We’ve historically left security concerns to afterthoughts, and all of that history is now catching up to us in ways that now force us to reconcile. When we don’t reconcile quickly, that is when nation states as well as cyber criminals take advantage of us as we now see:
The 5 Top Cyber Security Stories Of The Week
Zero-day are exploited on a massive scale in increasingly shorter timeframes. It used to take months, if not years, for a vulnerability to be exploited, but it probably isn’t a surprise that it’s down to an average of only two weeks now from public disclosure.
Hacktivist Attacks Show Ease of Hacking Industrial Control Systems. I can speak from personal experience that it is shocking how often credentials are left at factory-defaults and the lack of network segmentation makes lateral movement and access too easy.
North Korean hackers once again exploit Internet Explorer’s leftover bits. Time to again make sure that Internet Explorer is *not* the default web browser on any business systems.
Hackers earn $989,750 for 63 zero-days exploited at Pwn2Own Toronto. Interestingly no teams attempted to hack a new iPhone, but a fully-patched and updated Samsung Galaxy S22 got hacked four times!
Iranian APT Targets US With Drokbk Spyware via GitHub. This is a real-life example of a “dead-drop resolver” as a way of hiding in plain sight.
Did you know?
Google Adds Passkey Support to Chrome for Windows, macOS and Android. This is a step in the right direction to raise the difficulty level for criminals to phish their victims.