- San Diego School District: a successful phishing attack exposed detailed information of over 500.000 students and staff members.
- Blind: an anonymous social network to safely vent about work conditions. Had an unsecured Kibana dashboard, exposing user information.
- Nokia: an unsecured etcd instance exposed credentials and tokens of internal systems (Redis, k8s, S3, and more). Nokia says it was all from a test setup.
- Caribou Coffee, Bruegger’s Bagels: their point-of-sale system was breached in over 400 stores, compromising customer information and credit card details.
Lot's of reporting on this one, and rightfully so. Just by flying one or more drones around an airport you can effectively shut it down. This happened in Gatwick airport, stranding or delaying tens of thousands of travellers. It'll be interesting to see what kind of defences will be used to counter this.
Electrum is a sort of distributed Bitcoin wallet. An attacker launched several of his own Electrum servers, which you're allowed, but when a transaction hits his servers it returns a custom error with a link to "update your wallet". The update is malicious and siphens off bitcoins.
They seized the domains of 15 well-known DDoS-for-hire services, and charged three US citizens with running them. It was a coordinated effort between the FBI, UK and Dutch law enforcement, and several companies like Google, Cloudflare and Flashpoint.
Microsoft did release an emergency patch for this one though. It's a remote code execution exploit that affects all versions of Windows.
The US has indicted two members of the hacking group, calling out specifically how China has been attacking governments and companies all over the world. Other countries are releasing statements pointing to China as well.
The killswitch domain, now hosted by Cloudflare to protect against DDoS attacks, registers 630.000 unique IP's calling in per -week-. If the malware can reach that domain it stays dormant, but if that domain goes down or an infected machine's Internet goes down, it'll switch to active mode and start encrypting the disks. So it's definitely still a risk.
I don't usually go for "security prediction" articles, since it's basically just a long-winded way of saying "it'll get worse". But I thought this one was a nice read.
After using 1Password Teams for several years, I finally made the leap and moved my personal password vault to them as well. The UX and support are an order of magnitude better than where I came from. And I'm not just saying that because they sponsor me.