Happy holidays everyone!
The first normal issue in a long while, feels good! It was a pretty quiet news week though, with a lot less filtering work required than usual. I imagine most journalists are finally taking some well deserved vacation :)
Breaches and leaks
- Gaming company Koei Tecmo (DoA, Hyrule Warriors, ..) discloses data breach after hacker leaks stolen data: link.
- Trucking giant Forward Air hit by new Hades ransomware gang: link.
- NetGalley discloses data breach after website was hacked: link.
- FreePBX developer Sangoma hit with Conti ransomware attack: link.
- Hackers threaten to leak plastic surgery pictures: link.
- Russian crypto-exchange Livecoin hacked after it lost control of its servers: link.
- UK cryptocurrency exchange EXMO suffers breach, funds stolen: link.
- SolarWinds hackers breached US Treasury officials’ email accounts: link.
- A second hacking group has targeted SolarWinds systems: link.
- UK privacy watchdog warns SolarWinds victims to report data breaches. If you think your company was affected, make sure you adhere to disclosure windows: link.
- A good Twitter thread with an overview and links to dig deeper: link.
Attackers found a way to use Citrix ADC network equipment as a DDoS amplication vector, with an amplification factor of 35. Citrix is promising a fix after the holidays, mid-January.
It's about a local privilege escalation issue with a 8.3 CVSS rating. It's been exploited in the wild, and Microsoft brought out a patch in June, but Google's Project Zero discovered that it didn't properly fix the problem. After the usual 90 days waiting period it still wasn't fixed, so Google is disclosing it publically.
A nice short write-up of how the North Korean Lazarus group infiltrated an unnamed pharmaceutical company working on a COVID vaccine.
The domains were impersonating websites of the Moderna and Regeneron biotech companies. They were being used for malware infection and phishing scams.
The group consists of 19 companies in total. They will assess existing solutions to ransomware, commission research on the subject, and build towards a general standardized framework for dealing with the problem.
Just in case you were tempted. Microsoft warns that it could break functionality.
Current prices are apparently up to $35 for RDP access, $55 for a four-hour DDoS attack of 15Gbps, $10 for a full PII package for identity theft. It always surprises me just how cheap these are. So much so that I'm not sure if it's actually true? Or are these just "lure-you-in" prices to get your started?
Not a surprise to anyone reading this newsletter, but it's a good read.
That must be nice :-) Kudos!