Sudo issue also affects MacOS. Plex servers used is DDoS amplification. Solarwinds also exploited by China.  

News

Hi everyone,

It's been a pretty intense week for me, and next week will probably be too, so I'm a bit more succint in my summaries than usual and sending it out a bit earlier to get a head start :) Enjoy!

Dieter

Dieter Van der Stock

Breaches and leaks

  • SitePoint discloses data breach after stolen info used in attacks: link.
  • Eletrobras and Copel energy companies hit by ransomware attacks: link.
  • Security firm Stormshield discloses data breach, theft of source code: link.
  • Oxfam Australia investigates data breach after database sold online: link.
  • Trucking company Forward Air said its ransomware incident cost it $7.5 million: link.
  • Female escort review site data breach affects 470,000 members: link.
  • Data breach exposes 1.6 million Washington unemployment claims: link.
  • Hacked road sign talks back after driver complains to council: link. (I know it's irresponsible but I admit to having a soft spot for road sign pranks.)
Dieter Van der Stock

Solarwinds continued

  • Next to Russia it seems that China was already exploiting Solarwinds: link.
  • More critical vulnerabilities have been found in Solarwinds Orion: link.
Dieter Van der Stock

Latest macOS Big Sur also has SUDO root privilege escalation flaw

Exploit code is available, and unfortunately there is no patch yet.

bleepingcomputer.com

Plex Media servers actively abused to amplify DDoS attacks

bleepingcomputer.com

Google patches an actively exploited Chrome zero-day

It seems likely that this is the issue used against security researchers last week.

zdnet.com

Libgcrypt developers release urgent update to tackle severe vulnerability

If you use this library anywhere you'll definitely want to patch.

zdnet.com

Google funds project to secure Apache web server with new Rust component

zdnet.com

Google: Here's how we're toughening up Android security

More good news for the Rust ecosystem (among other things).

zdnet.com

Typosquatting attacks (Sponsored)

Great blogpost by Liran Tal on typosquatting attacks, highlighting the case where an attacker tricked people into downloading the malicious package crossenv instead of the popular and benign cross-env package. When installed it proceeded to upload your environment variables to a third party server.

snyk.io

US govt: Number of identity theft reports doubled last year

Reaching 1.4 million reports in a single year, mostly aimed at COVID related unemployment benefits.

bleepingcomputer.com

Microsoft Defender now detects macOS system and app vulnerabilities

bleepingcomputer.com

Google Vulnerability Reward Program: 2020 year in review

A total of $6.7 million, rewarded across 662 researchers.

googleblog.com

Open source: Google wants new rules for developers working on 'critical' projects

  • The full Google blogpost refered to in the article: link.
  • Related: Launching OSV - Better vulnerability triage for open source: link.
zdnet.com

Create reports in 1Password Business (Sponsored)

One of the more awesome features of 1Password Business is the ability to get reports on things like: who has access to which vaults, which devices are authorised, who in your team has 2fa enabled, and even who accessed which item when. Super powerful for forensics and audits.

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.