I'm a day late on this one, sorry about that.
Plenty of reading material this week. I had to trim down the breaches section to a "mere" 11 items to keep it somewhat manageable.
Also plenty of news on Solarwinds. If you're into intrusion detection, indicators of compromise (IOC), that sort of jam, definitely check out the articles on the tactics used.
I hope you all have a lovely week!
Breaches and leaks
- Intel: Hackers stole unpublished earnings info from corporate site: link.
- OpenWRT Forum user data stolen in weekend data breach: link.
- Hacker leaks data of millions of Teespring users: link.
- Dutch COVID-19 patient data sold on the criminal underground: link.
- MyFreeCams site hacked to steal info of 2 million paying users: link.
- Hacker leaks data of 2.28 million MeetMindful dating site users: link.
- Bonobos clothing store suffers a data breach, hacker leaks 70GB database: link.
- IObit forums hacked to spread ransomware to its members: link.
- Hacker posts 1.9 million Pixlr user records for free on forum: link.
- Hacker leaks full database of 77 million Nitro PDF user records: link.
- Australian securities regulator discloses security breach: link.
- Malwarebytes said it was hacked by the same group who breached SolarWinds: link.
- Fourth malware strain, dubbed Raindrop, discovered in SolarWinds incident: link.
- Microsoft shares how SolarWinds hackers evaded detection: link.
- FireEye shares tactics used in breaching 365 cloud: link.
- Sunspot malware technical analysis: link.
- FSB warns of US cyberattacks after Biden administration comments: link.
As if RDP wasn't enough of a headache, it is now being used for DDoS amplification attacks, with an amplification factor of 85.9. They can only be used for this purpouse if they also listen on UDP, next to the standard TCP. Still, apparently there are about 33.000 of such servers to be found online.
A security firm has disclosed seven vulnerabilities in Dnsmasq, ranging from DoS to cache poisoning and remote code execution. If you run Dnsmasq, you know what to do.
For the longest time I had the though that "the best mitigation against ransomware impact is functional backups". This article drives home that that is no longer the case, neccesarily (although backups are still important :)). Plenty of victims that do have backups, still pay up to prevent data leakage. On top of that, some ransomware actors are adding additonal pressure by performing DDoS attacks on their victims to force payout.
If you want to learn more about risk management, this is a great place to go. You can find a (free) copy of the book, Security Risk Management Aide-Mémoire, written by Julian Talbot, under 'Where can I get a copy'. You'll also find risk management related templates and graphics under the 'Resources' tab. And you can get access to the Security Risk Management SaaS platform SECTARA with a free tier.
If you use their Secure Mobile Access (SMA) VPN device or their NetExtender VPN client, you better look in to this.
I don't know much about SAP, but if you run this you should definitely check it out.
We all know and probably love VLC. There were a bunch of issues fixed that could allow for RCE when opening a malicious file, so patch up if you need to.
Microsoft Edge will generate alerts if a user password is found in an online leak. Chrome can already do this, but they are making it easier to let the user perform a check for breached or weak passwords.
They are specifically out to get Passenger Name Records (PNR), presumably in order to track persons of interest.
Singapore has a labelling scheme that shows how much security hardening a product has gone through. A system like this, mandatory and deployed in all major markets, is my personal best hope of actually improving our security posture in this area, so every bit of progress is good news in my book.
This is something you don't see every day: a vulnerability tracker specifically for malware. There's plenty of debate though whether or not this is a good thing to have. It can be used to "hack back", which by itself is controversial, but of course it also tips off the malware authors. You can visit the site itself here.
First of all: please use a password manager. Since you're a subscriber here I'm pretty sure you already do, but just in case. Second: if you're not using 1Password yet, give them a try. I've been using them for many years professionally and migrated my personal Vault over two years ago. The experience was super smooth, and I haven't looked back ever since.