Issue 109

Breaches and leaks

  • San Diego School District: a successful phishing attack exposed detailed information of over 500.000 students and staff members.
  • Blind: an anonymous social network to safely vent about work conditions. Had an unsecured Kibana dashboard, exposing user information.
  • Nokia: an unsecured etcd instance exposed credentials and tokens of internal systems (Redis, k8s, S3, and more). Nokia says it was all from a test setup.
  • Caribou Coffee, Bruegger’s Bagels: their point-of-sale system was breached in over 400 stores, compromising customer information and credit card details.

Drones shut down major international airport

Lot's of reporting on this one, and rightfully so. Just by flying one or more drones around an airport you can effectively shut it down. This happened in Gatwick airport, stranding or delaying tens of thousands of travellers. It'll be interesting to see what kind of defences will be used to counter this.

Users losing Bitcoin in clever hack of Electrum wallets

Electrum is a sort of distributed Bitcoin wallet. An attacker launched several of his own Electrum servers, which you're allowed, but when a transaction hits his servers it returns a custom error with a link to "update your wallet". The update is malicious and siphens off bitcoins.

FBI kicks some of the worst ‘DDoS for hire’ sites off the internet

They seized the domains of 15 well-known DDoS-for-hire services, and charged three US citizens with running them. It was a coordinated effort between the FBI, UK and Dutch law enforcement, and several companies like Google, Cloudflare and Flashpoint.

Windows zero-day lets you read any file with system level access

For the third time in four months a security researcher known as SandboxEscaper has released a Windows zero-day exploit. As far as I can tell there's no fix available yet.

Microsoft patches zero-day flaw in Internet Explorer's Jscript engine

Microsoft did release an emergency patch for this one though. It's a remote code execution exploit that affects all versions of Windows.

Two members of China's APT10 hacker group indicted

The US has indicted two members of the hacking group, calling out specifically how China has been attacking governments and companies all over the world. Other countries are releasing statements pointing to China as well.

Wannacry still very much a thing

The killswitch domain, now hosted by Cloudflare to protect against DDoS attacks, registers 630.000 unique IP's calling in per -week-. If the malware can reach that domain it stays dormant, but if that domain goes down or an infected machine's Internet goes down, it'll switch to active mode and start encrypting the disks. So it's definitely still a risk.

Forbes' cybersecurity predictions for 2019

I don't usually go for "security prediction" articles, since it's basically just a long-winded way of saying "it'll get worse". But I thought this one was a nice read.


1Password: a password manager worth recommending

After using 1Password Teams for several years, I finally made the leap and moved my personal password vault to them as well. The UX and support are an order of magnitude better than where I came from. And I'm not just saying that because they sponsor me.