Issue 117

Breaches and leaks

As I wrote last week, I'm starting to filter this section a bit more strictly, to prevent it from overwhelming the newsletter.
Please don't let that stop you from securing all your Elasticsearch databases, s3 buckets and MongoDB instances. Thank you.

  • Swedish Healthcare Guide service: exposed recordings of 2.7 million phone calls on an open webserver since 2013. Slow, bitter clap.
  • Indian LPG gas company: Leaked personal data, including the Adhaar biometric ID numbers, of 6.7 million people.
  • 137 US restaurants had their point-of-sale systems (= the payment terminals) compromised with malware, which had access to credit cards used in January: link.
  • Speaking of point-of-sale systems: Wendy's has to pay $50 million in settlements for a POS breach in 2015: link.


Password managers show passwords in memory

Lot's of news on this one. It's very interesting research, and it's awesome that it's being done. But don't panic: this is only a threat when someone completely owns your machine. At which point they can get almost everything anyway. So for the love of <insert divine presence>, don't let it stop you from using a password manager. Or 2fa, which is a great extra layer of defence for this. Hackernews has a good thread, and 1Password as well. (Disclaimer: 1Password is a sponsor of mine).
sophos.com


Drupal patches critical remote code execution vulnerability

If you have Drupal 8 and the REST module enabled, you definitely want to update.
threatpost.com


WinRAR patches severe remote code execution vulnerability

That's right, WinRAR is still a thing. The flaw has existed for 19 years, and allows for a malicious archive to execute code on your machine. If you use WinRAR, make sure you patch.
threatpost.com


Windows Servers vulnerable to IIS DoS attacks

A specially crafted HTTP/2 request can cause the CPU to spike to 100%. Microsoft has released patches. I haven't seen anything about it being used in the wild, but I imagine you'll want to patch it before that happens.
bleepingcomputer.com


You have around 20 minutes to contain a Russian APT attack

Clickbait-y title aside, it shows an interesting bit of research to find out how long it takes state actors (and other hacker collectives) to spread out laterally across the network once one machine is compromised. They call this metric the "breakout time".
zdnet.com


Microsoft: Russia's Fancy Bear working to influence EU elections

It seems it's hard these days to not mention Russia several times. I can only hope that my EU government is defending itself properly against these attacks.
threatpost.com


Estonia has volunteer cybersecurity reservists

Very interesting. They train to handle IT attacks on critical infrastructure and combat Russian propaganda.
bloomberg.com


Sloth: Mac app that shows all open files and sockets in use by all running processes.

Open source and very cool.
github.com


10 npm security best practices

Solid overview of NPM related security tips.
snyk.io


Newsletter highlight: C# digest

Jakub sends a weekly newsletter with 5 links to C# related news. Very nice and clean way to stay up to date in the C# world.
csharpdigest.net


Sponsorships

1Password for Teams and Business

As always I'm extremely grateful to 1Password for supporting the newsletter. If you have passwords or secure notes to share with your colleagues, I highly recommend you give them a try.
1password.com