News
Hi everyone!
I'm trying out Mondays for writing the newsletter, it seems to fit better in my current life flow.
Also, I'm happy to hear that I wasn't to only one upset with the Microsoft story last week, thanks for providing me with shared catharsis :-)
Enjoy the read folks!
Cheers,
Dieter
CrowdStrike investigated 320 North Korean IT worker cases in the past year
The North Korean IT worker problem is getting worse than I thought. Crowdstrike is up to almost one IR or investigation per day.
Related, an Arizona woman was sentenced to 8.5 years for running a North Korean laptop farm. When an IT worker was hired for a US company, she'd receive the work laptop, install it, and give the North Korean remote access. She'd also receive the paycheck and transfer that too. From the actions of just that one person, it's estimated that NK earned about $17 million.
Tea app data theft scandal worsens as stolen IDs leaked to cybercriminal forum
Whatever you think of the app itself, I'm sharing this one as an example of how much work we apparently still have to do. The company kept selfies that it said it would remove after verification, and stored data and pictures in publicly accessible databases. What is this, five years ago?
And people wonder why many in the infosec community go "nonononono" when talking about age verification requirements. But I digress.
DOJ reaches $9.8 million settlement with Illumina over cyber whistleblower claims
Interesting settle case. The company sold genome sequencing devices to the US governement with software vulnerabilities in them. Their lackluster security management was reported by a whistelblower, who gets almost $2 million out of the settlement.
Cursor’s AI coding agent morphed ‘into local shell’ with one-line prompt attack
This is an important new class of problems for developers. The flaw, disclosed a month after it was patched, provided an attacker with remote code execution privileges by poisoning the data ingested by the model. It essentially hid a prompt inside data that was fed to Cursor, allowing it to do anything it wants with developer-level privileges.
I'm not sure how much the "approve each bit of code step by step" helps to mitigate this, but I sure wouldn't enable "auto-approve all" when "vibe coding".
Kali Linux can now run in Apple containers on macOS systems
If I were still daily-driving Mac, I'd be very excited about this. Good stuff.
CISA open-sources Thorium platform for malware, forensic analysis
Glad to see that awesome CISA is still doing awesome CISA things. They've open-sourced Thorium, which seems to be something between a platform to run various IR tools in Docker form and a UI to look at results. I haven't dug into it yet but I would love to. You can find the Github repo here and the documentation here.
Quick links
- Russian airline Aeroflot deeply compromised: link.
- Proton launches free standalone cross-platform authenticator app: link.
- Pwn2own hacking contest to pay 1 million for Whatsapp exploit: link.
- Pi-hole discloses data breach via givewp wordpress plugin flaw: link.
- Minnesota governor activates National Guard after St. Paul cyber-attack: link.
Please use a password manager
If you're not using a password manager yet, please consider doing so. And if you're looking for one to try, give 1Password a shot.
I wouldn't know what to do without it, it's such a great help when navigating between devices, storing anything from passwords to tokens to passkeys and SSH keys.
And as always, thank you 1Password for supporting this humble newsletter.