News
Hi everyone!
I hope you're all doing well, keeping healthy and sane.
We're going into our fifth week of school lockdown, being at home full time with a baby and a four-year old. I'm not sure if that means I'm really busy and happy with the family time, or truly desperate to spend some time alone in front of a computer. I think they even out, so here's a regular issue ;-)
Breaches and leaks
- Researcher scraped and archived public Parler posts before take down by AWS: link.
- Ubiquiti warns to change password and enable 2fa: link.
- Mimecast discloses Microsoft 365 SSL certificate compromise: link.
- Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine: link.
- Leaked location data shows another Muslim prayer app tracking users: link.
- Scotland environmental regulator hit by ‘ongoing’ ransomware attack: link.
- Impact of data breach at CapCom widens: link.
- Internet-connected chastity belts hacked for ransom. Because facepalming is fun. link.
Solarwinds continued
Let's not forget that this is still a thing, although reporting on it is teetering off.
Europol takes down DarkMarket, largest underground marketplace
DarkMarket served as a marketplace to buy and sell drugs, counterfeit money, stolen or counterfeit credit card data, anonymous SIM cards and malware. At the time of take down they had almost 500,000 users and more than 2,400 sellers.
German laptop retailer fined €10.4m under GDPR for video-monitoring employees
This is an interesting use of the GDPR, which I imagine might have some consequences (good ones, in my mind). The employer installed a video monitoring system across its warehouses, salesrooms, and workspaces to prevent theft, but it was judged to be far too invasive.
Undisclosed Apache Velocity XSS vulnerability impacts GOV sites
If you use the Java-based templating engine Apache Velocity it's probably worth a look. The article also dives into concerns with more and more vendors getting the power to assign (or ignore) CVE numbers.
Apple removes feature that allowed its apps to bypass macOS firewalls and VPNs
This was reported on which much concern a while back, where some of Apple's biggest apps like the App Store, Maps and iCloud, were on a special exclusion list that caused them to not be affected by firewalls or traffic inspectors. Apple said this was the result of a series of bugs, not a malicious act, and has now fixed the issue.
(Sponsored) Security Risk Management Aide-Mémoire goes online
If you want to learn more about risk management, this is a great place to go. You can find a (free) copy of the book, Security Risk Management Aide-Mémoire, written by Julian Talbot, under 'Where can I get a copy'. You'll also find risk management related templates and graphics under the 'Resources' tab. And you can get access to the Security Risk Management SaaS platform SECTARA with a free tier.
Stolen credit card shop Joker's Stash closes after making a fortune
Another crime group/individual retires. I'm not sure how accurate it is, but the research quoted suggests that Joker's Stash made more than $1 billion (with a B) from selling stolen credit card data.
Scam-as-a-Service operation made more than $6.5 million in 2020
An interesting read on how classified ads scammers operate and what their revenue looks like.
Intel adds ransomware detection capabilities at the silicon level
There's a whole lot of explaining and buzzword bingo going on, but I think I can summarize it as "certain software can now use low-level CPU metrics to detect funky things happening". I'm curious to find out what the real-world impact will be.
Microsoft releases Linux endpoint detection and response features
It "allows admins and security teams to spot attacks targeting or involving Linux servers in their environments with the help of alerts automatically aggregated as incidents based on attacker techniques and attribution". Or "intrusion detection" for short.
Using Microsoft to monitor Linux, it still blows my mind. I haven't tried it yet but I want to.
Microsoft Sysmon now detects malware process tampering attempts
Sysmon 13 has a new feature that detects process hollowing, where malware replaces the code of a legit process, and process herpaderping (is that the technical term? Makes me want to invent words too) where malware modifies its image on the disk to look like legit software after it's already been loaded.
Linux Mint fixes screensaver bypass discovered by two kids
Some people use fuzzers, other people just let their kids go nuts :D They were able to bypass the screensaver twice by just slamming random keys. It turns out that pressing the "ē" key on the on-screen keyboard caused a crash.
Iconic BugTraq security mailing list shuts down after 27 years
To those who are old enough for it, here's some nostalgia :-)
(Sponsored) 1Password for company passwords
I've used 1Password for Business for years and years now. It does exactly what I want it to do: keep the company's passwords secure, only share within certain groups, provide an audit trail. All with a much more pleasant user experience than anything else I've tried.