Breaches and leaks
- Zillow: a real-estate website, had an attacker manipulate the estimated price on a giant mansion in Bel-Air, dropping its price by $60mil and announcing an open house. The owners aren't too pleased.
- Elsevier: the generally quite disliked paywall-for-science-papers company had a Kibana server where passwords would stream by in plain text.
- A new batch of user credentials of six companies has been put on sale, by the same hacker who previously sold over 840 million user records: link.
- Someone hacked into the tornado sirens of two Texan towns and set them off in the middle of the night: link.
This made enough headlines to warrant a separate item. Norwegian aluminum giant Norsk Hydro was infected with the LockerGoga ransomware. Their world-wide network is down, plants are operating on manual mode, and their 35.000 employees are told not to turn on their computers or connect to the Wi-fi. The attackers told them to e-mail them if they wanted to know the ransom amount, but Norsk Hydro says they are going to rebuild from backups.
If you're an Enterprise customer, and you pay an extra fee, you can start managing your own keys through the AWS' Key Management Service. They dive deeper into how it was designed here.
I often remember this news story, and it's worth bringing up again now that the court case is happening. The attacker registered a company with the same name as a hardware supplier for Facebook and Google, and then faked invoices and contracts to trick them into wiring $122 million to him.
Remember that Winrar remote-code execution bug from a few weeks back? Well it turns out it's being exploited on a pretty large scale. So if you use Winrar, make sure you update to the latest version.
A lot of additional management options on teams, sharing and security. Might be worth checking out if you use Trello extensively.
It's currently only available on Windows Insider builds, but I can imagine it being useful to some in the future. It allows certain whitelisted sites in Chrome and Firefox to be used, but when you visit a non-whitelisted site it opens that site in Edge, sandboxed in its own container.
It's not actionable security news, but hey, it's fun. Turns out that this presidential candidate was part of Cult of the Dead Cow, one of the most well-known hacker groups of old.
An interesting overview into what vulnerabilities are being most preyed upon. All of them from Microsoft, since they have the largest attack surface, say one from Adobe. All can be fixed by applying patches, but we all know there's plenty of work to do on that.
If you're into Elixir, as I see more and more people are, you might want to check this out. Another clean, minimal weekly digest by Jakub.