I hope this e-mails finds you well. Thanks for the well wishes after last week's issue, we're all doing better now :-)
Breaches and leaks
Some follow-ups on the Facebook phone numbers:
- Facebook attributes 533 million users' data leak to "scraping" not hacking: link.
- Facebook data leak now under EU data regulator investigation: link.
- The Facebook phone numbers are now searchable in HIBP: link.
- European Commission, other EU orgs recently hit by cyber-attack: link.
- Mobile carrier Q Link Wireless exposes data for millions of accounts (pretty egregious this one) : link.
- Leading cosmetics group Pierre Fabre hit with $25 million ransomware attack: link.
- Over 600,000 stolen credit cards leaked after Swarmshop hack: link.
Pwn2Own 2021 has come and gone. If you're unfamiliar with the format the article explains it nicely. It's essentially a bug bounty program with time limits, competitor teams and a big prize pool. A total of $1.2 million was awarded this year for breaching Exchange, Teams, Zoom, and more. The full list is in the post. The issues aren't patched yet, they get the standard 90 days to do so.
Google has announced Rust can now be used inside of the Android Open Source Project. As you might expect, this is to improve memory and thread management, making the resulting code more secure. Google's own blogpost goes into more detail: link.
This looks pretty awesome as a concept. You define a network, nodes and vulnerabilities. Then you let an AI attacker try to get in and move latteraly, while the AI defender tries to detect and contain. The full blogpost from Microsoft can be found here.
Uptycs have been a bit of a revelation to me. Instead of ingesting logfiles and asking you to write IDS rules in a custom query language, they leverage osquery to expose your entire infrastructure as SQL. Everything you want to know or alert on is just as straight forward as querying a database. It's fantastic. (Sponsored)
If you're responsible for defending SAP systems this feels like a good article to show to your managers if you want more resources for patching. They list some of the worst vulnerabilities that are being actively exploited, and they show that the time between finding a new vulnerability and it being actively exploited can be as little as 72 hours.
More than 500,000 Huawei users have downloaded apps from the company's official Android store that were infected with Joker malware, subscribing them to premium mobile services.
If you've been wanting to see an example of such extortion e-mails, here you go. I have no doubt that this makes for an effective tactic.
Because stating the obvious is apparently sometimes neccessary: if you fell victim to ransomware, find out how they got in and fix it. Please.
Ironically, quite a bit of the Internet might have suffered for a little while if he succeeded, we all know what cascading effects AWS issues have. But more importantly: it's insane that this has to be part of the threat model for the data center operators.
A new Wi-Fi specification, due in a couple of years, would make it possible to gather data about people and objects within their range. Detecting movement and position through walls, without being able to do anything about it. Scares the **** out of me.
I've used 1Password for Business for years and years now. It does exactly what I want it to do: keep the company's passwords secure, only share within certain groups, provide an audit trail. All with a much more pleasant user experience than anything else I've tried. (Sponsored)