Notices by boB Rudis 🇺🇦 (hrbrmstr@mastodon.social)

Great info from Censys on the state of exposure of the systems in the BeyondTrust debacle. https://censys.com/cve-2024-12356/

Bluesky is turning out to be a more useful CVE chatter monitoring tool than I expected it would be. https://cvesky.labs.greynoise.io/

Built some internal views (via Observable Framework) of the social CVE trending mentions (CVE Watch for 🐘 & CVESky for 🦋) that we (GreyNoise) have activity for.

If this ends up not being a candidate for the product, I'll figure out some way to get these published for folks.

Hrm… https://arstechnica.com/security/2024/10/fortinet-stays-mum-on-critical-0-day-reportedly-under-active-exploitation/
https://infosec.exchange/@ntkramer/113330483104135617

I know nobody cares about this, but the real "scandal" is that Patreon DISBANDED THEIR INFOSEC DEPARTMENT.

There is nobody — NOBODY — running cybersecurity there.

Yet, all y'all care about is “Apple wants rent”.

Yep. 100%. Ask any of us who want to buy comics or audiobooks from someone besides Apple and we’ll gladly commiserate.

But, why on $DEITY’S own earth are you willing to put your $$$$ into an org who doesn’t care at all about the safety of your FINANCIAL SERVICES' data?

Parametrix did some number crunching and estimates the Fortune 500 took a collective $5.4 billion (USD) hit thanks to CrowdStrike’s apocalyptic Falcon update and the combined failures of CS & impacted F500 orgs to design & run actual resilient IT infrastructure.

https://cdn.prod.website-files.com/64b69422439318309c9f1e44/66a24d5478783782964c1f6f_CrowdStrikes%20Impact%20on%20the%20Fortune%20500_%202024%20_Parametrix%20Analysis.pdf [report PDF]

https://www.parametrixinsurance.com/in-the-news/crowdstrike-to-cost-fortune-500-5-4-billion (PR)

SO

Not for nuthin’.

BUT

Now that I've seen what was likely the thing everyone who used Snowflake remotely (API/CLI) was doing, ima go out on a limb and say we're barely at the tip of the iceberg when it comes to the # of orgs who have been breached.

Beyond not mandating MFA, Snowflake actually encouraged folks to store creds in plaintext files (the WARNING thing was from the central one).

This is *not* going to end well unless it gets covered up.

The attached is via Crowdstrike on X.

If Crowdstrike's agent is on end-user systems in orgs, this will be a nightmare. It's pretty straightforward to do this to servers in datacenters (provided you've got the right automation). It is still gonna take a while.

Um… Someone shld prbly tell ZDNet that their writers may want to not have ChatGPT write their articles and that their editors might not want ChatGPT to edit their articles to avoid naming the wrong company in the headline and body text and linking to the wrong company's report (and then mix up annual comparisons by using the wrongly named company's previous year’s report).

#DoNotTrustTechMediaWithoutVerifying

https://www.zdnet.com/article/cloudflare-reports-almost-7-percent-of-internet-traffic-is-malicious/

Saved for posterity: https://web.archive.org/web/20240717124204/https://www.zdnet.com/article/cloudflare-reports-almost-7-percent-of-internet-traffic-is-malicious/

Um… CVE-2024-29510 (Ghostscript format string vuln that lets RCE escape the sandbox) sounds…bad? Especially since GS is in many automagic document processing pipelines in thousands of orgs (who likely don't know it’s powering their pipelines).

https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/

Hey Fortinet users: After Fortinet dunked on D-Link this week, attackers decided to toss a ton of creds at their internet-facing kit. The hack is apparently on. Better forti-fori-fori-forti-secure your kit.

O_O

Mapbox visualized cell phone concentration during the recent eclipse. https://www.mapbox.com/blog/see-where-americans-went-during-the-eclipse-with-mapbox-movement-data

W00t! The job posting for our new Deception Engineer position is up!

https://boards.greenhouse.io/greynoiseintelligence/jobs/4383231005?gh_jid=4383231005

This is *your* opportunity to design systems and networks to bait, trap, and dissect (again, BYOScalpel) our adversaries, plus make the internet a bit safer for everyone.

Hit me up with any q’s!

Apologies, in advance, for you having to work with @Glenn.

@mttaggart And China doesn't really use CVE, and there are vuln houses that don't use CVE, and we let vendors be their own CNA, and cloud has no CVEs.

We're rly broken.

Threw together a small Observable Framework dashboard example that has a basic shell CISA KEV JSON data loader and 2 pages.

Code: https://rud.is/kev-dashboard/kev-overview.html

Preview: https://rud.is/kev-dashboard/kev-overview.html

Last year, lots of folks were encouraging academic institutions, newsrooms, and other groups to run their own Mastodon instances to help bolster authenticity of the posters.

The Mastodon vulnerability that was patched today is a big reason to NOT run your own Mastodon instance if you cannot keep up with security things.

It was super horrible and I fear many orgs are going to be left vulnerable for a while.

📢 We ( @greynoise ) are *hiring* a Sr. Software Engineer (remote or local in Arlington) to help expand our epic sensor fleet and level-up our persona hosting & management platform.

Hit me up if you have q's abt the job or the GreyNoise team/org.

Link: https://boards.greenhouse.io/greynoiseintelligence/jobs/4364219005?gh_jid=4364219005

Given that Substack refuses to remove *legit* Nazis from the platform and is eager to pay them, the Daily Drop is migrating in January.

More news next week as I work on the migration.