Major News Stories

• This week, Heroku released the results of its investigation into the events surrounding its April 2022 data breach. The full blog post is available here, but if you’re hoping for a detailed discussion of the attack’s source, prepare to be disappointed as Heroku states, “[We] have been unable to definitively confirm the third-party integration that was the source of the attack.”
• This week was patch Tuesday. In addition to a number of CVEs rated “critical,” Microsoft has fixed the much-publicized Follina vulnerability (for a refresher on Follina, see the June 4, 2022 cybersecurity debrief).
• This week also saw several new CPU attacks unveiled.
  • Researchers have discovered a new CPU side-channel attack called HertzBleed. The attack leverages the frequency adjustments that CPUs make, and it looks like cryptographic operations are thought to be the most-vulnerable to this attack. The vulnerability has a dedicated website here: https://www.hertzbleed.com.
  • PACMAN is a novel hardware attack on Apple’s M1 chip. The attack, “Takes an existing software bug (memory read/write) and turns it into a more serious exploitation primitive (a pointer authentication bypass), which may lead to arbitrary code execution.”
• A quick reminder for developers - make sure you’re spelling your dependencies correctly!
  • The PyPI package requests is a legitimate library used for making HTTP requests; however, the request package (no s) contains malware.
  • This week, BleepingComputer reported on several projects that were using the misspelled, malware-infested package.
• A few interesting deep-dive reads from the week:
  • New ultra-stealthy Linux backdoor isn’t your everyday malware discovery

Other Software with Critical Patches Available

• Adobe released a large slate of updates for its products this week.

Learning – Defense In Depth: Quick Tip

We discussed some practical defense-in-depth strategies a few weeks ago, but since this week was so news-heavy, I wanted to throw out another quick tip for protecting yourself online.

It’s no secret that the majority of websites these days deploy tracking/targeting technologies of various sorts, some of which can track users across websites. Thus, it’s a good practice to try to isolate websites from each other. One of the easiest ways to do so is to use the Firefox web browser, which just launched Total Cookie Protection for all desktop users. Firefox also has several extensions that you can use to further isolate websites from each other:

• Multi-Account Containers (Firefox extension): “Lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously, as well as integrating Mozilla VPN for an extra layer of privacy.”
• Facebook Container (Firefox extension): Prevent Facebook from tracking you around the web. The Facebook Container extension for Firefox helps you take control and isolate your web activity from Facebook.

If you don’t want to step away from Google Chrome entirely but still want to improve your online privacy, some other good options include:

• Using the uBlock Origin and/or Privacy Badger extensions to limit ad tracking.
• Using a privacy-focused fork of Google Chrome like the Vivaldi or Brave web browsers.

Sources & Resources

In addition to inline citations, the following were used or referenced when preparing this debrief.

• https://isc.sans.edu/podcast.html

Thanks for reading, stay safe out there, and have a great weekend! 👩🏿‍💻 🌐 👨🏽‍💻