Lot's of breaches and leaks. Windows XP source code allegedly leaked. Please patch ZeroLogon flaw.  

News

Breaches and leaks

More breaches and leaks this week than actual news. Here we go:

  • Tyler Technologies, a governement services supplier, was hit with ransomware: link.
  • As was Luxottica, the owner of Ray-Ban: link.
  • ArbiterSports, a company that builds match scheduling and training software, detected and stopped a ransomware attack, but not before personal data on 540.000 referees was exfiltrated: link.
  • An unknown federal agency was breached. Not much detail is known, but it's a nice write-up of how the attack happened: link.
  • Not really a leak, but an educational read anyway: Louis Vitton fixed a vulnerability that allowed for account enumeration and takeover: link.
  • The KuCoin crypto exchange had $150mil stolen: link.
  • Not as bad as the headlines looked: Twitter warns that API keys might have leaked. Only in the browser cache though, so really only a concern on shared machines: link
  • Shopify caught two employees accessing customer transaction information: link.
  • Town Sports, a fitness chain, exposed a database with personal data of 600.000 people in it: link.
  • It even happens to the big ones: Microsoft had an unsecured Elasticsearch server exposing Bing search queries: link.
Dieter Van der Stock

Attackers are actively exploiting the ZeroLogon issue

It's important enough to repeat, in case you missed it last week. Please patch your Windows network.

krebsonsecurity.com

Windows XP source code allegedly leaked online

Other, older Windows versions are also included. It's not clear if it's legit or not, or if it's a complete source code dump or only partial.

bleepingcomputer.com

Hackers sell access to your network via remote management apps

Since a lot of what we do in the day-to-day feels pretty abstract, I like articles like these that give a real-world view of things. This one shows how someone is selling access to several large company networks. The buyers will presumably move in and start a ransomware infection, hoping to get a nice return on investment.

bleepingcomputer.com

Russia wants to ban the use of TLS 1.3, DNS over HTTPS/TLS, ESNI

Not much extra explanation needed I suppose.

zdnet.com

Member of 'The Dark Overlord' hacking group sentenced to five years in prison

The TDO group is linked to hacks of Netflix, ABC, selling millions of healthcare records, and quite a lot more.

zdnet.com

Next-generation police dogs now sniff out your electronics

It did not know that this was possible. Apparently they are trained to smell a particular chemical that is used in the coating of electronics.

zdnet.com

No spam, ever. We'll never share your email address and you can opt out at any time.