I hope this newsletter finds you well :-) Plenty of interesting news to read this week.
I'm also sharing a little extra this week: a project I've been working on. There is a lot of work left to do, but I want to show it early to gauge interest. It's a scanning-as-a-service offering. And yes, I've continued my proud tradition of being very uninspired when naming things, so I give you: scanyourstuff.app.
Every company I've seen that wants to set up regular security scans either quickly scripts something together that gets forgotten soon after, or pays through the nose to let someone else do it. I hope to provide a middle ground :-) If you have any thoughts, feel free to let me know!
Enjoy your week!
Breaches and leaks
- Kia Motors America suffers ransomware attack, $20 million ransom: link.
- Jamaica’s immigration website exposed thousands of travelers’ data: link.
- US cities disclose data breaches after vendor's ransomware attack: link.
- RIPE NCC Internet Registry discloses SSO credential stuffing attack: link.
- Hackers leak files from Jones Day law firm: link.
- Kroger data breach exposes pharmacy and employee data: link.
- Lakehead University shuts down campus network after cyberattack: link.
- Underwriters Laboratories (UL) certification giant hit by ransomware: link.
- DDoS attack takes down EXMO cryptocurrency exchange servers: link.
- Cyberattack on Dutch Research Council (NWO) suspends research grants: link.
- Microsoft says SolarWinds hackers downloaded some Azure, Exchange, and Intune source code: link.
- SolarWinds attack hit 100 companies and took months of planning, says White House: link.
- Microsoft: SolarWinds attack took more than 1,000 engineers to create: link.
Pretty sweet. They'll do this by offering their "Malicious Domain Blocking and Reporting" (MDBR) service for free. It definitely won't stop all ransomware, but it'll help.
Very interesting. Researchers discovered malware installed on at least 30.000 Macs. It seems rather advanced, has self-destruct capabilities, runs natively on the new M1 chip, but currently has no payload. It seems primed to jump into action, but so far it hasn't.
This is a great long read (with a nice short cheat sheet) on what to keep in mind when reviewing code for security issues. (Sponsored)
Quite similar to the Solarwinds issues, Centreon is an IT monitoring software package. France's cybersecurity agency says that a group of Russian hackers called Sandstorm (the same group that was responsible for NotPetya) executed attacks on several French entities using Centreon over the last three years.
The DoJ indicted three North Koreans who are part of a state-sponsored hacker group, known as the Lazarus Group (among other names). They targeted banks, the entertainment industry (Sony), created malicious crypto apps, and so much more. All, presumably, to funnel financial resources to the DPRK.
It's a good reminder that you don't want to allow all Google subdomains in your CSP headers. Scripts created in Google's Apps Script application run on script.google.com, which is being actively used for Magecart-like attacks.
Quite a lot, if not most, of cybercrime revenue is not made with fancy technology :/ What was news to me is that, apart from the usual "I love you please send money" scams, these also include money flowing -towards- the victim, to then be transfered elsewhere, making the victim part of a money laundering chain.
Just an article that I found interesting. I wonder how hard it is to track stolen cryptocurrency as it is tumbled and moved around. I would love to read a deep dive on that if anyone has any recommendations.
Apple released their 2021 Platform Security guide, detailing their current agenda for all things security. Some examples are secure boot processes, password monitoring, and apparently car keys security in iOS. The article summarizes some highlights, the full (192-page) report can be found here.
Pretty bad-ass :D They published posts on two well known hacker forums warning anyone off who'd try to host criminal infrastructure on Dutch servers. Pretty forward, but well, that's how Dutch people do. And they do have a nice track record to back it up.
I've used 1Password for Business for years and years now. It does exactly what I want it to do: keep the company's passwords secure, only share within certain groups, provide an audit trail. All with a much more pleasant user experience than anything else I've tried. (Sponsored)