I hope you're all doing well, keeping healthy and sane.
We're going into our fifth week of school lockdown, being at home full time with a baby and a four-year old. I'm not sure if that means I'm really busy and happy with the family time, or truly desperate to spend some time alone in front of a computer. I think they even out, so here's a regular issue ;-)
Breaches and leaks
- Researcher scraped and archived public Parler posts before take down by AWS: link.
- Ubiquiti warns to change password and enable 2fa: link.
- Mimecast discloses Microsoft 365 SSL certificate compromise: link.
- Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine: link.
- Leaked location data shows another Muslim prayer app tracking users: link.
- Scotland environmental regulator hit by ‘ongoing’ ransomware attack: link.
- Impact of data breach at CapCom widens: link.
- Internet-connected chastity belts hacked for ransom. Because facepalming is fun. link.
Let's not forget that this is still a thing, although reporting on it is teetering off.
- Third malware strain discovered in SolarWinds supply chain attack: link.
- Russia-linked postcard was “sent to FireEye’s CEO after cybersecurity firm uncovered hack”: link.
- SolarWinds: What hit us could hit others: link.
- SolarLeaks site claims to sell data stolen in SolarWinds attacks: link.
DarkMarket served as a marketplace to buy and sell drugs, counterfeit money, stolen or counterfeit credit card data, anonymous SIM cards and malware. At the time of take down they had almost 500,000 users and more than 2,400 sellers.
This is an interesting use of the GDPR, which I imagine might have some consequences (good ones, in my mind). The employer installed a video monitoring system across its warehouses, salesrooms, and workspaces to prevent theft, but it was judged to be far too invasive.
If you use the Java-based templating engine Apache Velocity it's probably worth a look. The article also dives into concerns with more and more vendors getting the power to assign (or ignore) CVE numbers.
This was reported on which much concern a while back, where some of Apple's biggest apps like the App Store, Maps and iCloud, were on a special exclusion list that caused them to not be affected by firewalls or traffic inspectors. Apple said this was the result of a series of bugs, not a malicious act, and has now fixed the issue.
If you want to learn more about risk management, this is a great place to go. You can find a (free) copy of the book, Security Risk Management Aide-Mémoire, written by Julian Talbot, under 'Where can I get a copy'. You'll also find risk management related templates and graphics under the 'Resources' tab. And you can get access to the Security Risk Management SaaS platform SECTARA with a free tier.
Another crime group/individual retires. I'm not sure how accurate it is, but the research quoted suggests that Joker's Stash made more than $1 billion (with a B) from selling stolen credit card data.
An interesting read on how classified ads scammers operate and what their revenue looks like.
There's a whole lot of explaining and buzzword bingo going on, but I think I can summarize it as "certain software can now use low-level CPU metrics to detect funky things happening". I'm curious to find out what the real-world impact will be.
It "allows admins and security teams to spot attacks targeting or involving Linux servers in their environments with the help of alerts automatically aggregated as incidents based on attacker techniques and attribution". Or "intrusion detection" for short.
Using Microsoft to monitor Linux, it still blows my mind. I haven't tried it yet but I want to.
Sysmon 13 has a new feature that detects process hollowing, where malware replaces the code of a legit process, and process herpaderping (is that the technical term? Makes me want to invent words too) where malware modifies its image on the disk to look like legit software after it's already been loaded.
Some people use fuzzers, other people just let their kids go nuts :D They were able to bypass the screensaver twice by just slamming random keys. It turns out that pressing the "ē" key on the on-screen keyboard caused a crash.
To those who are old enough for it, here's some nostalgia :-)
I've used 1Password for Business for years and years now. It does exactly what I want it to do: keep the company's passwords secure, only share within certain groups, provide an audit trail. All with a much more pleasant user experience than anything else I've tried.