• Explore the intriguing case of ‘NSO Group’s Pegasus Spyware Code Handover to WhatsApp’ as reported by The Hacker News. Dive into the court’s decision, its implications, and understand the spyware’s capabilities. Source article: thehackernews.com/2024/03/us-court-orders-nso-group-to-hand-over.html
• Unravel the alarming findings from Security Magazine’s ‘92% of Companies Experienced an Application-Related Breach Last Year’. Discover the challenges in application security and the importance of prioritizing vulnerabilities. Source article: securitymagazine.com/articles/100470-92-of-companies-experienced-an-application-related-breach-last-year
• Reflect on consumer trust post-data breach in the retail sector with ‘More than 60% of Consumers Would Avoid a Retailer Post-Breach’ from Security Magazine. Learn about the significant impact on consumer behavior and proactive cybersecurity measures. Source article: securitymagazine.com/articles/100466-more-than-60-of-consumers-would-avoid-a-retailer-post-breach
• Delve into Bleeping Computer’s report on the ‘Windows Kernel Bug Exploited as Zero-Day Since August.’ Understand the vulnerability, its exploitation by the Lazarus Group, and the crucial need for system updates. Source article: bleepingcomputer.com/news/security/windows-kernel-bug-fixed-last-month-exploited-as-zero-day-since-august/

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

---

Transcript:

Mar 4

[00:00:00] Announcer: Welcome to The Daily Decrypt, the go to podcast for all things cyber security. Get ready to decrypt the complexities of cyber safety and stay informed. Stand at the frontier of cyber security news, where every insight is a key to unlocking the mysteries of the digital domain. Your voyage through the cyber news vortex starts now.

[00:00:29] d0gesp4n: Welcome back to the daily decrypt. Today is March 4th. And I’m your host. Dogespan. Kicking off today’s episode, we’re talking about a real courtside drama from the hacker news us court orders, NSO group to hand over Pegasus spyware code to WhatsApp. It seems like NSO is Pegasus is flying a bit too close to the sun this time. Next up, we’re scrolling through a security magazine report.

That’s got more leaks than my old garden hose. The article 92% of companies experienced an application related breach last year. Talks about the cyber equivalent [00:01:00] of Swiss cheese application security.

Ready for a cyber shopping spree today we’re virtually window shopping through an insightful article from security magazine. Titled more than 60% of consumers would avoid a retailer. Post-breach

and for a final bite of the day, we’re patching things up with a story from bleeping computer windows, kernel bug fixed last month exploded as zero day since August now. That’s a longer running bud than my uncle’s 72 Volkswagen. We’re talking about a windows flaw that was more open than my dad’s garage door.

[00:01:34] d0gesp4n: This first article from the hacker news titled us court orders, NSO group to hand over Pegasus spyware code to WhatsApp. Let’s unpack this and understand why it’s significant. Let’s talk about who NSO group is. They’re in an Israeli tech firm known for creating Pegasus, which is a powerful piece of spyware. Now spyware for those who might not know is software that enables someone to spy on another’s computer [00:02:00] or phone activities. Pegasus is particularly notorious because it can be installed on a device without the owner’s knowledge. I imagine someone secretly watching everything you do on your phone, pretty scary.

Right?

Us judge has ordered NSO group to hand over the source code for Pegasus to Metta the parent company of WhatsApp. This is a big deal because the source code is like the secret recipe for how Pegasus works.

Source code is basically a set of instructions written by programmers that tells the software how to function. It’s like the blueprint for building a software application. In 2019 WhatsApp sued NSO group because they used what’s app to distribute Pegasus to about 1400 devices, including devices of Indian activists and journalists. They exploded a zero day flaw, which is a previously unknown vulnerability in software to install the spyware.

This flaw originally identified as CVE 20 19 35 60 gate was a critical bug in [00:03:00] what’s apps. Voice call feature. The attackers could install Pegasus just by making a call and the target didn’t even need to answer it. To make it more stealthy. They even erase the call logs. By getting the source code medical, understand how Pegasus infiltrated, WhatsApp and improve their defenses.

But the court didn’t require NSO group to reveal their client list. This has disappointed, many who hoped to learn, who use this spyware.

The NSO group previously has been accused of selling Pegasus to governments who then used it to spy on journalists, activists and others. Knowing who used it would shed light on potential human rights abuses. This case isn’t just about a single spyware. It’s part of a bigger conversation about cybersecurity and privacy.

And it’s important to understand these different core cases and how it’s playing out because well, cybersecurity is just a complex and ever evolving field. It’s not just really about protecting our devices, but also understanding the ethical implications of [00:04:00] technology.

I feel like a lot of these companies are just dabbling in that gray area until they’re called out for something or the government steps in. One way or another, we really need to understand how this impacts our lives and keep looking for ways to stay safe and just overall be aware of. How people are invading our privacy.

This next one comes from security magazine. The articles titled 92% of companies experienced an application related breach last year, and it sheds light on the widespread issue of application security breaches. This report by Checkmarx reveals that a staggering 92% of companies face breaches through vulnerabilities in applications they developed in-house last year. This is a huge number, indicating that application security is a critical concern for businesses

[00:04:50] d0gesp4n: Some of you might be wondering what in application related breach is an application related breach occurs when hackers exploit weaknesses in software applications to [00:05:00] gain unauthorized access to data. It’s like finding a back door into a secured building. This report highlights the struggle between meeting businesses, deadlines and ensuring application security.

It’s a tough balance for AppSec managers, CSOs and developers. One of the biggest challenges is prioritizing which vulnerabilities to fix first. Not all weaknesses are equal and some pose, a higher risk than others. One of the things that I had to do a lot with clients previously was tried to prioritize those things.

So we would take it, take a step back and look at. How. What would happen if this vulnerability got exploited? We wouldn’t really always focus on how severe the score was, but it was more what. I was holding what data, for instance, if a customer dealt with payment card information and stuff, we wanted to make sure that those were locked down as much as possible before moving into other areas of the business. But it overall, it is a difficult [00:06:00] balance to achieve because on one hand you have all these vulnerable systems in your network.

And on the other hand, you have. Users are. Inherently vulnerable. We are all susceptible to falling for phishing attacks. And that is a lot of times the ways in which you could. Poke at all sorts of external websites. And we might be able to get a breach that way, but. Why would we spend all that time when we could get directly into a network and start bouncing from one workstation to another?

Who knows how it’s locked down internally? We tend to think about it a lot differently on the inside.

And proving application security involves integrating developer friendly security tools into the development process. This means making security a part of the entire application development life cycle.

Really the key here is the need for proactive approach to application security. We need to prioritize the security and protect the data, [00:07:00] especially. If we want to maintain customers trust and it is very difficult, but I think. We’re moving in the right direction from what. From what I’ve seen across the board. Is that security is getting more involved in these public companies.

And there. They’re actual executive board and so on up and we’re security teams are able to vocalize this now and we’re able to start. Putting a dollar sign behind it. There’s all these fines that are going to be put in place. More and more privacy concerns.

Overall we’re heading in the right direction, but we still have a long road ahead of us.

Thanks for watching!

[00:07:43] d0gesp4n: Tying into that last piece. We have another one from security magazine. This one titled more than 60% of consumers would avoid a retailer post breach. It’s a deep dive into consumer behavior. Post-breach in the retail sector. The article reveals a startling fact [00:08:00] over 60% of customers would likely avoid shopping at a retailer that has recently experienced a data breach.

This figure even jumps to 74% among high income consumers. This is really interesting to me because I was under the impression that a lot of times when a data breach went public, there would be. A little time that people would shy away from it, but ultimately going right back to it. I might be just a little ignorant to it. That’s one of the things that I personally would hone in on, but if 60% of consumers that’s a huge number. And that kind of makes me feel a lot better knowing that the general public. Is looking at it the same way. When a breach happens, it’s not just about stolen data. It’s about broken trust. Customers are entrusting their personal and financial information to retailers and a breach is a violation of that trust. The article also highlights that in the finance sector, the situation is even more critical around 83% of [00:09:00] consumers would think twice about using a finance app.

If their data was compromised.

This brings us to an important point. Businesses need to not only protect data, but also their reputation and customer trust.

This is really interesting. I think just because we’re.

Positioning companies to think about, not just, yeah, there’s a, there’s going to be a little bit of a financial loss, especially if customer’s data is gone, there’s sometimes fines imposed

but we’re looking at it as far as reputation. Yeah. There might be a fine, however, We’re now scarred. We have that. Mark on our chest that and trying to do business, but yet we have that breach sitting there. There’s a couple of companies that I’ve used previously that have had cybersecurity breaches, and I have shifted and I haven’t looked back.

How do you feel when one of the products or services that you subscribe to or utilize notifies you that there’s a breach? Let us know.

[00:10:00] And to wrap things up, I wanted to get into the bug land. So we’re going to be looking at the article from bleeping computer. Windows kernel bug fixed last month exploded as zero day since August.

[00:10:12] d0gesp4n: Microsoft patched, a serious vulnerability in the window is curdle known as CVE 20 24, 2 1 3 3 8. Discovered by an Avast researcher. This flaw was actively exploited by attackers before Microsoft could fix it. Zero day or also known as an O day. Vulnerability means it was exploited by hackers before Microsoft was aware of it and could patch it. Think of it as a secret passage that hackers found and used before the homeowner could seal it.

Another term that we’ve been throwing around often is CVE 20, 24 or 2023, whatever, followed by some more numbers. That is. Common vulnerabilities and exposures, and then they’re dated. And then given a number based on when they came out within that year.

This one, for [00:11:00] example, it’s CVE 20 24, 2 1 3 3 8. It means that it’s the 21338th vulnerability discovered this year.

This flaw was dangerous because it gave attackers like the north Korean Lazarus group, deep access to the system known as Colonel level access. This allows them to disable security software and perform more sinister actions undetected. Lazarus exploded this bug to turn off security tools, using a technique called B Y O V D.

Bring your own vulnerable driver. This could manipulate the system at its core affecting processes, files, and network activities.

Now for an average user. It means that you could have been compromised without knowing. Risking the data and system integrity. That’s like having an intruder in your house that you can’t even see.

The main thing that we can do with this is of course always making sure your systems are up to date. So anytime you [00:12:00] get that, it doesn’t matter if you’re on a windows system, Mac, if you’re one of the Linux users out there. Any chance of yet. Make sure it’s up to date. Windows we’ll notify you. Yeah, you got to restart it. That’s probably the most annoying aspect of it is it’ll pop up and you got to restart your system. It’s worth it. Step away.

Go grab a coffee go take a quick walk. If you can. You’ll be helping yourself out and. The organization that you work for.

That’s all I got for you. Thanks for tuning in Monday morning or Monday evening afternoon. Whenever you’re getting a chance to listen to this. We appreciate. All of our listeners out there

[00:12:35] d0gesp4n: and we’ll see you tomorrow.