News
Did you miss me? :-)
Hello again!
In case you don't remember: you used to be subscribed to this newsletter that sent you infosec news every week. I shut it down about 10 months ago, but have decided to start it up again.
While it was nice not having the pressure of curating for almost a year, I learned a simple truth: I don't keep up with security news very well if I don't have to summerise it for thousands of people. Go figure :D
I'm not going to be too hard on myself though, last time I got a bit burned out. The current plan is to write when I feel comfortable, maybe have a minimal edition a bit more often (the ones where I just share links, not summerize). And I'll send on Monday or Tuesday now, which works better for me than Friday's.
No promises on how it all works out, but I'm eager to get going. I hope you'll enjoy each issue!
Cheers,
Dieter
Breaches and leaks
That's one thing that's different from my last issue: the sheer number of ransomware infections, goodness. There's too many to list all of them, so here's a sample of infected organisations this week:
- The Argentinian governement
- Pakistan's largest private power utility
- Newcastle University
- Development Bank of Seychelles
- Equinix, a large data center provider
- Artech, an IT staffing firm.
Quite a few of these had their data leaked too, as part of the ransom extortion.
Some other breaches or leaks:
Microsoft warns of cyberattacks on Trump and Biden election campaigns
They are seeing increased attacks from Russia, China and Iran. No real surprise there of course. Still gives me the creeps though that this is an almost normal thing now.
BLURtooth: Bluetooth issue that enables MitM attack
The exact technical details or exploitation steps weren't made available yet. From what I understand it's about weakening certain encryption keys used when two Bluetooth devices pair. There seem to be mitigations for this in the latest Bluetooth specs, vendors are recommended to implement those.
France, Japan, New Zealand warn of sudden spike in Emotet attacks
Several countries have issued warnings about increasing Emotet ransomware activity. Their method is always the same: infect one victim, revive old e-mail threads and attach a malicious attachment, like an infected Word doc or zip file, and spread out that way.
Raccoon attack: breaking TLS under certain conditions
This isn't something to be worried about. The researchers themselves admit it's a very hard to execute timing attack. But it's good to know about nonetheless.
ProLock ransomware - everything you need to know
A great overview of the ProLock ransomware, which seems to be directed specifically at large, juice targets, with an average ransom between $400.000 and $1mil.
Money from bank hacks rarely gets laundered through cryptocurrencies
I got a bit of a soft spot for finance, so this was a real interesting read for me. It surprised me too, I figured a large percentage of money laundering these days would happen through crypto, using tumblers and what not. Turns out that the good ol' traditional laundering ways are still favored, for now.
CEO's could be held personally liable for cyberattacks that kill
This isn't the case yet, it's just a Gartner prediction. But it's an interesting thought excercise to think about how this might change things, should it ever become law.
Deep analysis of TeamTNT using container images to attack
I liked this technical write-up of a recent attack using malicious Docker containers by a group called TeamTNT.
Top ten phishing tricks
This is a fun list to read: Sophos sharing their most succesful phishing templates, including such innocious gems as "Scheduled server maintenance" and "Car lights on".