News
Hi folks,
I hope this particular newsletter finds you well :-) My last exam was a success, I made it through the gaunlet, and now I can focus on regular work again! Just in time for the holidays ^^
This week is a doozy, lot's of interesting articles to share, but I've tried to keep it as short as possible. It feels like most reporters and researchers are pushing stuff out the door before a two-week vacation :-)
Enjoy the read, and enjoy the upcoming holidays!
Cheers,
Yearlong supply-chain attack targeting security pros steals 390K credentials
The article describes an unusually long-running campaign targeting white-, grey- and blackhats alike, gathering SSH credentials, AWS keys, Wordpress credentials and even command line history through a number of avenues like backdoored open-source packages and phishing. It's unknown who is collecting all this data, so the researchers are calling them MUT-1244, for “mysterious unattributed threat.”
US considers banning TP-Link routers over cybersecurity risks
This one definitely surprised me. It also surprised me to learn that TP-Link currently has 65% of the US SOHO market, and that they are apparently selling their hardware below the manufacturing price. Will be interesting to see how this turns out.
CISA orders federal agencies to secure Microsoft 365 tenants
It's a binding directive ordering federal civilian agencies to secure their Microsoft 365 cloud environments by implementing a list of required configuration baselines, and requiring them to deploy CISA-developed config assessment tooling. Sounds like a very good thing.
Trump security advisor urges offensive cyberattacks on China
Curious to see how that will pan out. We're pretty sure that there's already a big back-and-forth between the two nations, despite a 2015 treaty pledging to not digitally attack eachother.
Easterly to step down from CISA director role on Inauguration Day
I had missed this one last month, so I'm including it this week in case you missed it too. Whomever comes next has some big shoes to fill.
Executives see another CrowdStrike-level IT outage on the horizon
So do engineers. So I guess we're all in agreement?
Breaches and leaks
- Texas Tech University System data breach impacts 1.4 million patients: link.
- ConnectOnCall breach exposes health data of over 910,000 patients: link.
- Rhode Island governor warns residents of cyberattack on state benefits system: link.
- Namibia’s state telecom provider says hackers leaked data after it refused to pay ransom: link.
- Auto parts giant LKQ says cyberattack disrupted Canadian business unit: link.
- Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers: link.
- South Carolina credit union says 240,000 impacted by recent cyberattack: link.
- Ireland fines Meta $264 million over 2018 Facebook data breach: link.
- BeyondTrust says hackers breached Remote Support SaaS instances: link.
- Chainalysis: $2.2 billion stolen from crypto platforms in 2024 cyberattacks: link.
Issues and fixes
- Fortinet warns of FortiWLM bug giving hackers admin privileges: link.
- Citrix shares mitigations for ongoing Netscaler password spray attacks: link.
- Windows kernel bug now exploited in attacks to gain SYSTEM privileges: link.
- Over 25,000 SonicWall VPN Firewalls exposed to critical flaws: link.
- New critical Apache Struts flaw exploited to find vulnerable servers: link.
- Cleo urges customers to ‘immediately’ apply new patch as researchers discover new malware: link.
1Password for developers: secrets, SSH keys, and more
I don't think most developers realise how valuable 1Password can be. It doesn't just hold passwords, it also hold your SSH keys, signs your Git commits, injects token and other secrets in CLI scripts when you want, and much more. (Sponsored)