I hope you all had a good weekend. I'm pretty excited for today, as I'm coming out of a long and truly amazing paternity leave to rejoin my colleagues at Articulate. I'll have a lot of catching up to do :-)
I'm happy I got to do a full issue, and I'm also very happy to welcome Snyk as a new sponsor. They are a well known and respected security provider, so I'm very excited to have them. Thank you Snyk!
Breaches and leaks
- Brazil’s Health Ministry’s website data leak exposed 243 million medical records for more than 6 months: link.
- Perl.com domain stolen, now using IP address tied to malware: link.
- Tesla sues ex-employee over alleged 'brazen' theft of confidential code and files: link.
- TikTok fixes flaws allowing theft of private user information: link.
- USCellular hit by a data breach after hackers access CRM software: link.
- UK Research and Innovation (UKRI) suffers ransomware attack: link.
- Pan-Asian retail giant Dairy Farm suffers REvil ransomware attack: link.
- 23M gamer records exposed in VIPGames leak: link.
- Citrix's $2.3 million settlement offer for employees impacted by data breach approved: link.
- Stack Overflow: Here's what happened when we were hacked back in 2019: link.
This is pretty awesome news. Emotet is probably one of the best known botnets, responsible for delivering ransomware on a global scale. The takedown is a cooperation between authorities from all across Europe, headed by Europol. They plan to mass-uninstall Emotet from infected hosts on April 25, 2021. There's even a juicy video where the Ukranian police searches a house, finding large amounts of gold bars and cash.
Law enforcement has been busy indeed. A joined effort by US and Bulgarian authorities have taken down the ransomware-as-a-service provider known as Netwalker, which was reported to generate $25 million in just five months. It's not clear yet if decryption keys were retrieved too.
Definitely worth looking in to and patching.
There are two remote code execution issues and one privilege escalation issue. Better patch quickly if you haven't already.
When Samy Kamkar presents research, I tend to pay attention :) NAT slipstreaming allows for an attack where, just by visiting a website, one can reach the victim's system even behind NAT. Now, with "v2", it also allows to access other devices on the network. For a deeper dive check out Samy's write-up. As a result of this research Chrome will now block an addiitonal 7 ports to stop this approach.
A great article by Snyk on the ExternalIP vulnerability in Kubernetes and how they handle it. The issue can't be patched, so Snyk helps to detect that an externalIP is being used so you can mitigate the impact.
A bit weird to hear about this from Google instead of Apple, but good stuff nonetheless. Apple introduced a sandbox system for iMessage in iOS 14, to prevent any impact from malicious messages.
The hacker group pretended to be security researchers, and offered to collaborate with others. When accepted they sent a Visual Studio project that contained the exploit they were working on, but which actually contained a backdoored DLL. They also seemed to use a Chrome zero day.
The company, a Spanish Certificate Authority called Camerfirma, has failed to explain a list of 26 incidents related to certificate issuing. It's quite the list too.
A nice write-up of how a security researcher got into the official GitHub repository for Visual Studio Code.
Google's BeyondCorp Enterprise is now generally available. It's a platform where access to resources is granted or prevented from anywhere, based on a variety of factors, as an alternative to the more single-point-of-failure approach of a VPN. I've been wanting to dig into this for a long time.
It seems the collective nostalgia trip has turned things around :-) Bugtraq will remain online.
If you're paying for another password manager but want to switch to 1Password, send them an e-mail. They'll credit the remaining balance on your subscription :-)