Breaches and leaks
- The Desjardin Group, the largest federation of credit unions in North America, had a rogue employee that shared/sold data related to 2.7 million people and 173.000 businesses: link.
- NASA was breached. An attacker gained access through an unauthorised Raspberry Pi in the network, moving laterally to other JPL networks and exfiltrating 500MB of data: link.
- WeTransfer had some kind of security incident where files were sent to "unintended e-mail addresses". Not much else is known right now: link.
- Tesco's Twitter account was hacked. The attacker spent some time pitching Bitcoin scams, impersonating Bill Gates, and act as Tesco support to get personal information from customers: link.
- The dental and vision insurer Dominion National discovered a data breach that happened in 2010: link.
Just as a few months ago, Dell's standard installed SupportAssist has been found vulnerable. The cause is a third-party application it incorporates called PC Doctor. Most machines will have gotten the fix through auto-updates, but if you run Dell you might want to check if you have the latest version.
I shared an article last week on a Firefox zero-day remote code execution exploit. Turns out that there's a second zero-day, a sandbox escape exploit. Both were used in a targeted attack against a Coinbase employee. They caught the attempt and reported it to Mozilla. The sandbox escape has been fixed in Firefox 67.0.4.
This is pretty damn awesome. They've looked at previous breaches, found users that reused a leaked password on their own service, and initiated a password reset for those affected. Nice way to proactively fight credential stuffing attacks, kudos TripAdvisor.
There's a lot of work being done to get DNS not be a cleartext protocol anymore. Both Cloudflare and Google now support DNS over HTTPS (aka 'DoH', which I advise you to say in a Homer voice), and Mozilla is working on it too.
This sounds like a powerful new feature. It lets you mirror EC2 traffic within your VPC and forward it to security monitoring and traffic inspection tools. It takes away the need to have an agent installed on every instance to review traffic.
I found this an interesting story, mostly because it shows how hard it is to defend against social engineering attacks like these. It'll only worsen with upcoming deepfake technologies.
This conman impersonated the French minister of Defence, wearing a matching mask on video calls, while scamming its targets out of €80 million.
I find this really cool and hope-giving, collaboration over isolation :-) Both countries are unifying their military communications networks. It's seen as a test case for a wider merging of military networks from NATO members in the future.
Cybersecurity and politics seem to blend together more often these days, and it probably won't lessen soon. The US cyber-attack is a retaliation against Iran shooting down a drone. The Department of Homeland Security also issued a warning to US businesses to up their defences against Iranian hackers.
Articles like these are usually not very actionable from a security point of view, but they are often a very cool read. This article talks about a Russian hacker group taking over a network from an Iranian hacking group and using it to target a Middle Eastern government that the Iranian hackers had access to.
Large parts of the Internet experienced issues this week, yet again because of BGP routing problems. It wasn't really related to security this time, it doesn't seem to be malicious. But I'm including this blogpost from Cloudflare because it explains quite well how those routing problems are caused and what can be done to prevent them. Also, the author rips into Verizon quite a bit, which is just funny.
Interesting website where you can browse through a list of (public) GDPR fines and summaries.