News
Hi everyone,
I hope this e-mails finds you well. Thanks for the well wishes after last week's issue, we're all doing better now :-)
Enjoy!
Breaches and leaks
Some follow-ups on the Facebook phone numbers:
- Facebook attributes 533 million users' data leak to "scraping" not hacking: link.
- Facebook data leak now under EU data regulator investigation: link.
- The Facebook phone numbers are now searchable in HIBP: link.
Other breaches:
- European Commission, other EU orgs recently hit by cyber-attack: link.
- Mobile carrier Q Link Wireless exposes data for millions of accounts (pretty egregious this one) : link.
- Leading cosmetics group Pierre Fabre hit with $25 million ransomware attack: link.
- Over 600,000 stolen credit cards leaked after Swarmshop hack: link.
Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge fully owned
Pwn2Own 2021 has come and gone. If you're unfamiliar with the format the article explains it nicely. It's essentially a bug bounty program with time limits, competitor teams and a big prize pool. A total of $1.2 million was awarded this year for breaching Exchange, Teams, Zoom, and more. The full list is in the post. The issues aren't patched yet, they get the standard 90 days to do so.
Rust support moves into Android underpinnings
Google has announced Rust can now be used inside of the Android Open Source Project. As you might expect, this is to improve memory and thread management, making the resulting code more secure. Google's own blogpost goes into more detail: link.
Microsoft releases a cyberattack simulator - Shall we play a game?
This looks pretty awesome as a concept. You define a network, nodes and vulnerabilities. Then you let an AI attacker try to get in and move latteraly, while the AI defender tries to detect and contain. The full blogpost from Microsoft can be found here.
Uptycs - intrusion detection using SQL
Uptycs have been a bit of a revelation to me. Instead of ingesting logfiles and asking you to write IDS rules in a custom query language, they leverage osquery to expose your entire infrastructure as SQL. Everything you want to know or alert on is just as straight forward as querying a database. It's fantastic. (Sponsored)
SAP issues advisory on the exploit of old vulnerabilities to target enterprise applications
If you're responsible for defending SAP systems this feels like a good article to show to your managers if you want more resources for patching. They list some of the worst vulnerabilities that are being actively exploited, and they show that the time between finding a new vulnerability and it being actively exploited can be as little as 72 hours.
Joker malware infects over 500,000 Huawei Android devices
More than 500,000 Huawei users have downloaded apps from the company's official Android store that were infected with Joker malware, subscribing them to premium mobile services.
Ransom gangs emailing victim customers for leverage
If you've been wanting to see an example of such extortion e-mails, here you go. I have no doubt that this makes for an effective tactic.
A company paid millions to get their data back, but forgot to do one thing. So the hackers came back.
Because stating the obvious is apparently sometimes neccessary: if you fell victim to ransomware, find out how they got in and fix it. Please.
FBI arrests man for plan to kill “70% of Internet” in AWS bomb attack
Ironically, quite a bit of the Internet might have suffered for a little while if he succeeded, we all know what cascading effects AWS issues have. But more importantly: it's insane that this has to be part of the threat model for the data center operators.
Wi-Fi devices as physical object sensors
A new Wi-Fi specification, due in a couple of years, would make it possible to gather data about people and objects within their range. Detecting movement and position through walls, without being able to do anything about it. Scares the **** out of me.
1Password for company passwords
I've used 1Password for Business for years and years now. It does exactly what I want it to do: keep the company's passwords secure, only share within certain groups, provide an audit trail. All with a much more pleasant user experience than anything else I've tried. (Sponsored)