News
Personal note
Bringing cveapi.com online last week went great. It got lot's of positive feedback, requests for more features, and I even got to meet the great people at Polyverse who wanted to know how they could help to keep it alive.
Having a newsletter audience really helps in letting the world know about a thing you made, so thank you all for reading and sharing, you beautiful people <3.
Breaches and leaks
- Aerogrow: US-based seller of indoor gardening systems. Had its checkout page infected with creditcard stealing malware for several months.
- Hoya: a Japanese manufacturing company had a factory in Thailand shut down for several days because of a malware infection.
- Ticketmaster: not a new breach, but they are being sued for £5 million for having been infected with credit-card stealing malware.
- Yahoo: made another settlement offer, this time for $117 million, to try and make the case on its massive data breaches go away.
Vulnerabilities disclosed in WiFi WPA3 standard
Collectively dubbed "Dragonblood", the researchers discovered a set of vulnerabilities in the fresh WPA3 standard. These are the same researchers who discovered the KRACK attack in WPA2, so I tend to pay attention :-) Fortunately it seems that all issues are being patched. Better now than after a world-wide adoption of WPA3.
Router problems
There seems to be an uptick in router-related security news this week. It can be tl;dr'd as "please update your router frequently". But you'll want to pay specific attention if you run these D-Link, TP-Link, another TP-Link or Verizon routers.
Sextortion scams now using password protected evidence files
They include a password-protected zip archive where you can see the files in them, but not open them until you purchase the password. I'm including this here because I assume that lot's of you, like me, get questions from friends and family on these scams.
We found a massive spam operation — and sunk its server
Very interesting look into the workings of a spam operation. Sending out the spam through an array of phones, tracking everything in a well organised Kibana dashboard. They run this stuff more seriously than I thought.
Credential stuffing: attacks and economics (pdf)
Nice report from Akamai on the prevalence of credential stuffing. They see hundreds of millions of attacks each day, for a total of nearly 30 billion in 2018. That's individual credential attempts, I presume.
SamSam ransomware: gathered $6m so far by encrypting data and backups
This article gives some insight in how successful the SamSam ransomware has been to date, earning about $300.000 per month for its creators. It has even forced the FBI to make organisational changes to fight it more effectively.
10 Docker image security best practices
We've seen a few of these, but this is a well explained overview and I learned a few new items in this one.
Hacker Eva Galperin has a plan to eradicate stalkerware
Director of Cybersecurity at the EFF, Eva Galperin, has embarked on an awesome quest to have stalkerware (the spy-on-your-spouse apps) die. She wants anti-virus vendors to flag it as the malicious crap that it is, and she's even trying to get prosecutors interested in charging the executives of these stalkerware companies. Such good stuff.
Newsletter highlight: Deeptracelabs
Newsletter on battling misinformation, deep fakes, and more of that horrible stuff. I have no doubt that this will be an important science in the years or decades to come, so I've started reading up on it :-)
Sponsorships
1Password for Teams and Business
We use 1Password to share passwords and secure notes at my current job, same as at my last job. I've tried many alternatives, but always ended up with them. By far the best UX and support I've seen.