Issue 135

Breaches and leaks

  • The Desjardin Group, the largest federation of credit unions in North America, had a rogue employee that shared/sold data related to 2.7 million people and 173.000 businesses: link.
  • NASA was breached. An attacker gained access through an unauthorised Raspberry Pi in the network, moving laterally to other JPL networks and exfiltrating 500MB of data: link.
  • WeTransfer had some kind of security incident where files were sent to "unintended e-mail addresses". Not much else is known right now: link.
  • Tesco's Twitter account was hacked. The attacker spent some time pitching Bitcoin scams, impersonating Bill Gates, and act as Tesco support to get personal information from customers: link.
  • The dental and vision insurer Dominion National discovered a data breach that happened in 2010: link.


Dell bloatware again vulnerable to remote code execution

Just as a few months ago, Dell's standard installed SupportAssist has been found vulnerable. The cause is a third-party application it incorporates called PC Doctor. Most machines will have gotten the fix through auto-updates, but if you run Dell you might want to check if you have the latest version.
zdnet.com


Another Firefox zero-day was used in attack against Coinbase employees

I shared an article last week on a Firefox zero-day remote code execution exploit. Turns out that there's a second zero-day, a sandbox escape exploit. Both were used in a targeted attack against a Coinbase employee. They caught the attempt and reported it to Mozilla. The sandbox escape has been fixed in Firefox 67.0.4.
zdnet.com


TripAdvisor invalidates member passwords found in data breaches

This is pretty damn awesome. They've looked at previous breaches, found users that reused a leaked password on their own service, and initiated a password reset for those affected. Nice way to proactively fight credential stuffing attacks, kudos TripAdvisor.
bleepingcomputer.com


Google announces DNS over HTTPS 'General Availability'

There's a lot of work being done to get DNS not be a cleartext protocol anymore. Both Cloudflare and Google now support DNS over HTTPS (aka 'DoH', which I advise you to say in a Homer voice), and Mozilla is working on it too.
threatpost.com


AWS brings native network traffic mirroring to EC2 instances

This sounds like a powerful new feature. It lets you mirror EC2 traffic within your VPC and forward it to security monitoring and traffic inspection tools. It takes away the need to have an agent installed on every instance to review traffic.
zdnet.com


The fake French minister in a silicone mask who stole millions

I found this an interesting story, mostly because it shows how hard it is to defend against social engineering attacks like these. It'll only worsen with upcoming deepfake technologies.
This conman impersonated the French minister of Defence, wearing a matching mask on video calls, while scamming its targets out of €80 million.
bbc.com


Germany and the Netherlands to build the first ever joint military internet

I find this really cool and hope-giving, collaboration over isolation :-) Both countries are unifying their military communications networks. It's seen as a test case for a wider merging of military networks from NATO members in the future.
zdnet.com


US launches cyber-attack aimed at Iranian rocket and missile systems

Cybersecurity and politics seem to blend together more often these days, and it probably won't lessen soon. The US cyber-attack is a retaliation against Iran shooting down a drone. The Department of Homeland Security also issued a warning to US businesses to up their defences against Iranian hackers.
zdnet.com


Nation-sponsored hackers likely carried out hostile takeover of rival group’s servers

Articles like these are usually not very actionable from a security point of view, but they are often a very cool read. This article talks about a Russian hacker group taking over a network from an Iranian hacking group and using it to target a Middle Eastern government that the Iranian hackers had access to.
arstechnica.com


How Verizon and a BGP Optimizer knocked large parts of the Internet offline

Large parts of the Internet experienced issues this week, yet again because of BGP routing problems. It wasn't really related to security this time, it doesn't seem to be malicious. But I'm including this blogpost from Cloudflare because it explains quite well how those routing problems are caused and what can be done to prevent them. Also, the author rips into Verizon quite a bit, which is just funny.
cloudflare.com


GDPR enforcement tracker

Interesting website where you can browse through a list of (public) GDPR fines and summaries.
enforcementtracker.com


Getting 2fa right in 2019

If you want to deep-dive on 2FA, this is a great post to help you.
Also great Hackernews discussion.
trailofbits.com


Sponsorships

1Password: awesome UX and support

If you're not using a password manager yet, please start using one.
And if you are, but it's not 1Password, I'd recommend taking a look at what they offer. I've moved over to them because the UX is just so much better than where I came from. Despite my fears, the entire migration took less than 10 minutes and worked flawlessly.
1password.com