News
Hi everyone!
I hope you all had a great week. This is a pretty packed issue, again. Honestly, when I started the newsletter years ago I feared that I wouldn't have enough content to fill out an issue each week. Now it's all about finding a balance between keeping things somewhat brief but not miss anything interesting. Please let me know if I'm not striking that balance properly. In the meanwhile, I hope you get value out of this one.
Cheers!
Dieter
Breaches and leaks
- Far-right website Gab hacked, 70GB of data leaked: link.
- Cybersecurity firm Qualys is the latest victim of Accellion hacks: link.
- Oxfam Australia supporters embroiled in new data breach: link.
- European e-ticketing platform Ticketcounter extorted in data breach: link.
- Universal Health Services lost $67 million due to Ryuk ransomware attack: link.
- SITA data breach affects millions of travelers from major airlines: link.
- Cyberattack shuts down online learning at 15 UK schools: link.
- Three top Russian cybercrime forums hacked: link.
Microsoft Exchange servers under massive attack
This is a big one, but I'll try to summarize. A previously unknown Chinese hacker group has been attacking Microsoft Exchange servers with zero-days. They get inside, steal e-mails and open up web shells to compromise the networks further.
Since Microsoft has gone public this week the hacker group has massively ramped up their attack, compromising thousands of servers per hour, globally. The total count of compromised networks seems to be in the hundreds of thousands.
If you run Exchange servers you are told to assume compromise, even going back as far as September 2020. There are patches, indicators of compromise, tools to find the installed webshells, and a lot more info to dig in to.
The linked article breaks the initial news and links to the four zero-day CVE's. Some more info:
Working Windows and Linux Spectre exploits found on VirusTotal
This definitely raised my eyebrows, since it's been over three years since those issues were made public. Using the exploits, unprivileged users can dump LM/NT hashes on Windows systems and the Linux /etc/shadow file from the targeted devices' kernel memory. It sounds like it's still difficult to execute, but interesting nonetheless.
Malicious NPM packages target Amazon, Slack with new dependency attacks
The "dependency confusion" attacks are making their way into criminal use, with what seem to be attempts at targeting applications related to Amazon, Lyft and Slack.
ZAPCon this week, first user conference for ZAP
ZAPCon, the first user conference for ZAP, is happening this Tuesday, March 9. Over 1,500 attendees are joining to understand how their peers are using ZAP and to learn about the project's roadmap. Get your free ticket and see you Tuesday! (Sponsored)
Ransomware gang plans to call victim's business partners about attacks
Yet another method of adding pressure to the extortion. The REvil ransomware group announced that they'll be offering the ability to make voice-scrambled VOIP calls to the media and victim's business partners when a target becomes infected.
Investors are the next target of large-scale cyberattacks
Your regular reminder that one of the biggest security threats doesn't require any technical know-how. BEC scammers are now specifically targetting investors with fake capital call notices (a new slice of investment being due), with an average payout of $809.000.
Microsoft announces Windows Server 2022 with new security features
This article gives a nice overview of new security features included in Windows Server 2022.
Microsoft account hijack vulnerability earns bug bounty hunter $50,000
Interesting read on how a researcher was able to send thousands of "forgotten password" reset codes without being blocked. Kudos to the researcher. Also see their own blogpost for a great writeup.
With its acquisition of Auth0, Okta goes all in on CIAM
Nice analysis of Okta's acquisition of Auth0 that was announced this week.
GAO report finds DOD's weapons programs lack clear cybersecurity guidelines
It's been previously reported that the DoD hasn't prioritised cybersecurity in their weapon systems. A new report seems to indicate that not that much has changed, because three out of five contracts for weapon programs has no guidelines as to what is expected in terms of cybersecurity. And if it's not in the contract, it probably won't get done.
Scientists have built this ultrafast laser-powered random number generator
This is just a cool read. I had no idea that lasers were used for random number generation. New developments are increasing the output of those systems with several orders of magnitude, currently up to 250.000 gigabits of random data per second.
Funky things in the HTTP standard
Great post explaining all kinds of quirks in our usage of HTTP. For example 'no-cache' meaning "do cache", the possibility to send headers after the HTTP body, the usage of HTTP 1xx codes, websockets ignoring CORS completely, and more. I learned a lot :D Great thread on Hackernews too with plenty more examples thrown in.
Create reports in 1Password Business
One of the more awesome features of 1Password Business is the ability to get reports on things like: who has access to which vaults, which devices are authorised, who in your team has 2fa enabled, and even who accessed which item when. Super powerful for forensics and audits. (Sponsored)