Security Brew #8: GitHub Warns of North Korean Hackers, Microsoft Bolsters Cloud Security, OpenSSH Vulnerability Found, and More!

In this week's Security Brew, we dive into a range of topics:

🛑 GitHub warns of Lazarus hackers, a North Korean state-sponsored group targeting developers in blockchain, cryptocurrency, online gambling, and cybersecurity industries.

🔒 Microsoft empowers cloud security, extending logging capabilities to non-premium customers after a significant breach of Exchange Online and Azure Ad services.

⚠️ New OpenSSH vulnerability exposes Linux systems to remote command injection.

🔍 BushidoToken's blog showcases an example of an SMS phishing scam and offers OSINT analysis tips for combating phishing campaigns.

💡 Greg Ake emphasizes the importance of formulating hypotheses in security program evaluation.

👀 Learn where you can find Panther at #BHUSA!

Featured Story: GitHub Issues Warning: Lazarus Hackers Targeting Developers with Malicious Projects

GitHub warns of Lazarus hackers, a North Korean state-sponsored hacking group, conducting a social engineering campaign targeting developers in blockchain, cryptocurrency, online gambling, and cybersecurity industries. The hackers use legitimate accounts or fake personas on GitHub and social media to contact developers and employees, leading to conversations on platforms like WhatsApp. They invite targets to collaborate on projects hosted on GitHub repositories, but these projects contain malicious NPM dependencies that download malware to the victims' devices. The campaign resembles previous Lazarus attacks on security researchers and cryptocurrency users, and GitHub has taken action to suspend accounts and publish indicators related to the campaign

CyberSec Research Digest:

Microsoft Empowers Cloud Security: Logging Capabilities Now Free for All Customers

Microsoft has taken a significant step in reinforcing the shared responsibility model for cloud security by extending logging capabilities to non-premium customers. Following a significant breach of their Exchange Online and Azure Ad services, Microsoft collaborated with CISA to provide critical log data to all its cloud customers for free. This move, effective from September 2023, grants equal access to valuable security insights, leveling the playing field for organizations of all sizes. The enhanced logging capabilities offer improved visibility, threat intelligence, streamlined compliance, and foster collaboration between providers and customers. Microsoft's dedication to promoting collaboration, transparency, and continuous improvement in data security sets a precedent for other cloud providers to follow suit in making logs free and easily accessible, making the cloud more secure and resilient for all users.

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

A new vulnerability in OpenSSH has been discovered, allowing potential remote command injection on Linux systems. The flaw affects all versions of OpenSSH before 9.3p2 and could be exploited by a remote attacker who has access to the victim's forwarded ssh-agent and certain libraries on the system. The vulnerability was identified by cybersecurity firm Qualys, which successfully created a proof-of-concept against default installations of Ubuntu Desktop 22.04 and 21.10. Other Linux distributions may also be vulnerable. Users of OpenSSH are strongly advised to update to the latest version to protect against potential cyber threats. This is the second significant security issue found in OpenSSH this year, following a medium-severity flaw in February and an out-of-bounds read issue in March.

Community Spotlight:

🔍 This blog by BushidoToken showcases an example of an SMS phishing scam and dives into the OSINT analysis of the adversary's infrastructure, offering useful tips for tracking and combating phishing campaigns.

🔬 Greg A. explores the importance of formulating hypotheses in security program evaluation, emphasizing continual discovery, awareness of biases, and valuing both positive and negative results in the pursuit of truth.

🛡️ Delivering Security at Scale: From Artisanal to Industrial. Phil Venables shares insights on transforming security programs from artisanal to industrial, focusing on scale, predictability, and reliability, achieved through metrics, continuous controls monitoring, and an end-to-end business service assurance mindset.

Catch up with Panther:

Who else is crazy enough to join us in the desert heat Aug. 9-10? We hope to see new and old friends in the security space at #BlackHat in Vegas! Here's where you can find us:

😍 Come stop by our booth #667 to meet the team, learn more about Panther, and grab some Panther swag!

🎉 Join Panther, ZeroFox, Snyk, and other sponsors for an evening of fun, food, cocktails, and games.

🔍 Pre-book your booth demo (results in awesome Mando swag!)

🔥 Join Ken Westin, Panther's Field CISO, to explore SIEM evolution and leveraging Panther to secure your software supply chain.

Meme of the Week

:

Helpful Resources:

💙 Join the Panther Community

😎 Panther Customer Stories

🌟 Panther's Free Trial

We hope you found our insights and updates informative and useful! Be sure to subscribe to our biweekly updates!