News
Hi everyone,
I hope this newsletter finds you well :-) Plenty of interesting news to read this week.
I'm also sharing a little extra this week: a project I've been working on. There is a lot of work left to do, but I want to show it early to gauge interest. It's a scanning-as-a-service offering. And yes, I've continued my proud tradition of being very uninspired when naming things, so I give you: scanyourstuff.app.
Every company I've seen that wants to set up regular security scans either quickly scripts something together that gets forgotten soon after, or pays through the nose to let someone else do it. I hope to provide a middle ground :-) If you have any thoughts, feel free to let me know!
Enjoy your week!
Dieter
Breaches and leaks
- Kia Motors America suffers ransomware attack, $20 million ransom: link.
- Jamaica’s immigration website exposed thousands of travelers’ data: link.
- US cities disclose data breaches after vendor's ransomware attack: link.
- RIPE NCC Internet Registry discloses SSO credential stuffing attack: link.
- Hackers leak files from Jones Day law firm: link.
- Kroger data breach exposes pharmacy and employee data: link.
- Lakehead University shuts down campus network after cyberattack: link.
- Underwriters Laboratories (UL) certification giant hit by ransomware: link.
- DDoS attack takes down EXMO cryptocurrency exchange servers: link.
- Cyberattack on Dutch Research Council (NWO) suspends research grants: link.
CIS now offers free ransomware protection to all US hospitals
Pretty sweet. They'll do this by offering their "Malicious Domain Blocking and Reporting" (MDBR) service for free. It definitely won't stop all ransomware, but it'll help.
New malware found on 30,000 Macs has security pros stumped
Very interesting. Researchers discovered malware installed on at least 30.000 Macs. It seems rather advanced, has self-destruct capabilities, runs natively on the new M1 chip, but currently has no payload. It seems primed to jump into action, but so far it hasn't.
Security code review best practices
This is a great long read (with a nice short cheat sheet) on what to keep in mind when reviewing code for security issues. (Sponsored)
France: Russian state hackers targeted Centreon servers in years-long campaign
Quite similar to the Solarwinds issues, Centreon is an IT monitoring software package. France's cybersecurity agency says that a group of Russian hackers called Sandstorm (the same group that was responsible for NotPetya) executed attacks on several French entities using Centreon over the last three years.
US indicts North Korean hackers for stealing $1.3 billion
The DoJ indicted three North Koreans who are part of a state-sponsored hacker group, known as the Lazarus Group (among other names). They targeted banks, the entertainment industry (Sony), created malicious crypto apps, and so much more. All, presumably, to funnel financial resources to the DPRK.
Hackers abuse Google Apps Script to steal credit cards by bypassing CSP
It's a good reminder that you don't want to allow all Google subdomains in your CSP headers. Scripts created in Google's Apps Script application run on script.google.com, which is being actively used for Magecart-like attacks.
Cybercrooks rake in $304M in romance scams
Quite a lot, if not most, of cybercrime revenue is not made with fancy technology :/ What was news to me is that, apart from the usual "I love you please send money" scams, these also include money flowing -towards- the victim, to then be transfered elsewhere, making the victim part of a money laundering chain.
270 addresses are responsible for 55% of all cryptocurrency money laundering
Just an article that I found interesting. I wonder how hard it is to track stolen cryptocurrency as it is tumbled and moved around. I would love to read a deep dive on that if anyone has any recommendations.
Apple outlines 2021 security and privacy roadmap
Apple released their 2021 Platform Security guide, detailing their current agenda for all things security. Some examples are secure boot processes, password monitoring, and apparently car keys security in iOS. The article summarizes some highlights, the full (192-page) report can be found here.
Dutch police post 'friendly' warnings on hacking forums
Pretty bad-ass :D They published posts on two well known hacker forums warning anyone off who'd try to host criminal infrastructure on Dutch servers. Pretty forward, but well, that's how Dutch people do. And they do have a nice track record to back it up.
1Password for company passwords
I've used 1Password for Business for years and years now. It does exactly what I want it to do: keep the company's passwords secure, only share within certain groups, provide an audit trail. All with a much more pleasant user experience than anything else I've tried. (Sponsored)