[Some Interesting] Cloud ‘n Sec news: 04th Mar 22
What’s worth your reading time
Better data handling for Sentinel
What’s better than all your logs in one place? All your logs that have been normalized as required, being into sentinel. This is now possible due to ASIM normalization which is in public preview) built-into Sentinel.
The Advanced Security Information Model (ASIM) is Microsoft Sentinel’s normalization engine. Until now, you had to deploy ASIM from Microsoft Sentinel’s GitHub. Starting today, ASIM is built into Microsoft Sentinel.
Since this is not an in-depth article on ASIM, if you want to learn more, there are multiple use cases and examples to when use Sentinel with this product, you can find some, here.
It’s been a slow week for AWS.
NVIDIA data stolen, claims of it hacking threat actors back
Initial reports of this surfaced last week (circa 24th feb) with general ideas being thrown on twitter and some news outlet:
Didn’t take long for researchers and news to point out how the threat actors faced a hack back from Nvidia.
Major news outlets reported the happening too:
Finally, on the 1st of march, Nvidia confirmed they had Data stolen in a cyberattack, according to bleeping computer:
intruders access to proprietary information data and employee login data.
News of the attack came to light late last week and the actor claiming it, a data extortion group named Lapsus$, started to share details about the incident and the damage they produced.
Lapsus$ also leaked a large document archive (close to 20GB) claiming it was from the 1TB cache they stole from Nvidia.
NVIDIA said that there was no evidence of a ransomware attack but the threat actor stole employee credentials and proprietary information, giving weight to Lapsus$’s claims.
The company said that its team is currently sifting through the information to analyze it and notes that the incident is not expected to disrupt its business or the ability to serve customers.
You can read the full statement and more here.
The story is still developing with the threat actor demanding NVIDIA to release future drivers under “Free and open-source software” (FOSS) licensing.
Sanctions to Russia go beyond the physical
Some technology providers are blocking some Russian content as a response for the country’s decision to invade Ukraine.
Youtube has blocked Russia state-owned channels, read more here.
Netflix went a step ahead and (although mandated by the Russian governemnt) it wont broadcast State-run cotent, plus cancelled 4 russian productions of theirs.
Facebook implemented a few restrictions to Russia too.
Conti Ransomware group leak
The conflict between Russia and Ukraine has given a few gifts to the cybersecurity community, after Anonymous making an announcement years after being silent — Some indications suggest that multiple leaks against the Conti gang were also motivated by the conflict.
A great summary of leaks can be found in Ars technica, which states:
Read more details here.