News
Happy holidays everyone!
The first normal issue in a long while, feels good! It was a pretty quiet news week though, with a lot less filtering work required than usual. I imagine most journalists are finally taking some well deserved vacation :)
Breaches and leaks
- Gaming company Koei Tecmo (DoA, Hyrule Warriors, ..) discloses data breach after hacker leaks stolen data: link.
- Trucking giant Forward Air hit by new Hades ransomware gang: link.
- NetGalley discloses data breach after website was hacked: link.
- FreePBX developer Sangoma hit with Conti ransomware attack: link.
- Hackers threaten to leak plastic surgery pictures: link.
- Russian crypto-exchange Livecoin hacked after it lost control of its servers: link.
- UK cryptocurrency exchange EXMO suffers breach, funds stolen: link.
Solarwinds continued
- SolarWinds hackers breached US Treasury officials’ email accounts: link.
- A second hacking group has targeted SolarWinds systems: link.
- UK privacy watchdog warns SolarWinds victims to report data breaches. If you think your company was affected, make sure you adhere to disclosure windows: link.
- A good Twitter thread with an overview and links to dig deeper: link.
Citrix devices are being abused as DDoS attack vectors
Attackers found a way to use Citrix ADC network equipment as a DDoS amplication vector, with an amplification factor of 35. Citrix is promising a fix after the holidays, mid-January.
Windows zero-day still circulating after faulty fix
It's about a local privilege escalation issue with a 8.3 CVSS rating. It's been exploited in the wild, and Microsoft brought out a patch in June, but Google's Project Zero discovered that it didn't properly fix the problem. After the usual 90 days waiting period it still wasn't fixed, so Google is disclosing it publically.
North Korean state hackers breach COVID-19 research entities
A nice short write-up of how the North Korean Lazarus group infiltrated an unnamed pharmaceutical company working on a COVID vaccine.
US seizes domains used for COVID-19 vaccine phishing attacks
The domains were impersonating websites of the Moderna and Regeneron biotech companies. They were being used for malware infection and phishing scams.
Microsoft and McAfee headline newly-formed 'Ransomware Task Force'
The group consists of 19 companies in total. They will assess existing solutions to ransomware, commission research on the subject, and build towards a general standardized framework for dealing with the problem.
Microsoft: Don't delete Windows 10 root certificate expiring this month
Just in case you were tempted. Microsoft warns that it could break functionality.
Dark Web pricing skyrockets for Microsoft RDP servers, payment-card data
Current prices are apparently up to $35 for RDP access, $55 for a four-hour DDoS attack of 15Gbps, $10 for a full PII package for identity theft. It always surprises me just how cheap these are. So much so that I'm not sure if it's actually true? Or are these just "lure-you-in" prices to get your started?
Many smart doorbell brands vulnerable to attack
Not a surprise to anyone reading this newsletter, but it's a good read.