Not that much general news this week, but the list of breaches makes up for it. And there's some important vulnerabilities to be aware off.
Breaches and leaks
- FatFace pays out $2 million to Conti ransomware gang. Quite bizar to read the back and forth messages between both parties: link.
- Ransomware attack halts production at IoT maker Sierra Wireless: link.
- Energy giant Shell discloses data breach after Accellion hack: link.
- CNA insurance firm hit by a cyberattack: link.
- Ransomware gang leaks data stolen from Colorado, Miami universities: link.
- Hobby Lobby exposes customer data in cloud misconfiguration: link.
- Phish leads to breach at California State Controller: link.
- BackBlaze mistakenly shared backup metadata with Facebook: link.
- High-availability server maker Stratus hit by ransomware: link.
- MangaDex manga site temporarily shut down after cyberattack: link.
- CompuCom MSP expects over $20M in losses after ransomware attack: link.
It allows attackers to perform a universal XSS attack by having the user visit a malicious website. Sounds pretty serious. Better patch up!
The DoS vulnerability can crash a server pretty easily and it affects default installs, so it's definitely worth patching.
Google announced the "Android Ready SE Alliance" to standardize the usage of Secure Element (SE) hardware. They foresee an increase in use of such chips for things like digital wallets, e-ID's and car keys. You can read Google's own announcement here.
Stackhawk is a dynamic security testing tool that's worth checking out. Their scanner is built on top of OWASP ZAP and is meant to continuously probe your app for vulnerabilities. They integrate smoothly with Jenkins, Github Actions, CircleCI and much more. Check out the docs for more info. (Sponsored)
It's worth checking if you use the netmask npm library for this one. The library in question is used to validate and compare IP addresses, and it can be tricked into not doing this properly. By itself it's not that horrible, but many applications might depend on this to allow or deny certain connections.
After being fired the contractor infiltrated the company's network and deleted 1,300 out of 1,500 Microsoft Office 365 accounts, bringing the whole company to a halt. He has to serve two years in jail and pay a fine of $567,000. It doesn't say exactly how he got in, but it seems fair to say that this is a good cautionary tail of how important offboarding procedures can be. Change those passwords after an employee leaves my friends.
This was interesting to read. In an interview with someone from the REvil ransomware gang the interviewee claimed that they explicitly target companies that have cybersecurity insurance, since they will be more likely to pay up. And to do this, they'll hack insurance providers to know who their employees are. It makes sense. I'm not a big fan of cyber insurance if I'm honest, but if you are then at least it's good to be aware off.
Actually, after writing this summary I read the full interview too: it is absolutely worth checking out. Too many nuggets to even summarize. link.
Great post that really resonated with me. If you're in infosec sales, please print this out and hang it on your office wall.
If you run an open source project and need to store and share passwords, certificates, ssh keys etc: 1Password offers a free account for you and your core contributors. It also applies for the organisers of community meetups and events. (Sponsored)