News
Hi everyone!
As always, I hope this e-mail finds you well. Some interesting stories to share, and unfortunately quite a few breaches. Also it turns out that airfryers can have vulnerabilities these days, because of course.
Meanwhile I'm continuing work on scanyourstuff.app, and having a blast. It's almost ready to receive its first users, let me know if you want to be one of them.
Breaches and leaks
- Logins for 1.3 million Windows RDP servers collected from hacker market: link.
- HashiCorp is the latest victim of Codecov supply-chain attack: link.
- Six million male members may have been exposed after hack of gay dating service: link.
- Geico data breach exposed customers' driver's license numbers: link.
- Hacker leaks 20 million alleged BigBasket user records for free: link.
- Malvertisers hacked 120 ad servers to load malicious ads: link.
- Eversource Energy data breach caused by unsecured cloud storage: link.
Passwordstate password manager hacked in supply chain attack
When a password manager gets hacked, one has to pay attention. I hadn't heard of this one yet, but apparently it's an on-prem password manager used by 29,000 companies. If you're one of them, drop everything and go look in to this. Their update mechanism was hijacked to deliver malware that siphened off password and system data.
Emotet malware nukes itself today from all infected computers worldwide
Well, yesterday really, on the 25th. Good riddens.
A ransomware gang made $260,000 in 5 days using the 7zip utility
If you have a QNAP NAS you'll want to look into this. This ransomware campaign is taking advantage of recently disclosed issues to remotely use 7zip to password protect all the files. More on the vulnerabilities here.
Linux team in public bust-up over fake “patches” to introduce bugs
The Linux kernel team has banned the University of Minnesota from contributing patches after they've repeatedly offered bad ones as part of a research experiment.
Statement by US gov on handling of SolarWinds and Microsoft Exchange incidents
The post shares some lessons learned, like how vital the participation of private companies was, and says that the emergency coordination groups for both events are standing down, with further responses going through standard procedures.
Going on the ATT&CK versus FIN7 and Carbanak
The 2020 MITRE ATT&CK vendor evaluation results have been released! This is the first time the evaluation has focused on financially motivated criminal groups, in this case Carbanak and FIN7, which heavily target retail and financial services industries. Uptycs was among 30 vendor participants in this round and this blog breaks down the simulation and evaluation process. (Sponsored)
Facebook uncovers Palestinian government officials targeted with malware
The surveillanceware apparently didn't require any jailbreaks to run on standard iOS devices. Although it did install jailbreaks when possible once present on the system.
Google Alerts continues to be a hotbed of scams and malware
The article describes an SEO technique called "cloaking", which I didn't know about yet. It's when a website displays different content to human visiters than to search engine spiders.
Signal CEO gives mobile-hacking firm a taste of being hacked
This is just a great read. Signal's founder Moxie Marlinspike showed vulnerabilities in the data extraction tools from Cellebrite. For example, one can add files to Signal that screws up any past and future reporting. It sounds like Signal will start adding such files too.
Can you fight BEC popularity in Nigeria by steering youth to legitimate IT jobs?
I haven't read the whole interview yet, but this sounds like an awesome initiative all around. It's definitely worth remembering sometimes that a lot of (cyber)crime happens because some people have few alternatives.
Remote code execution vulnerabilities uncovered in smart air fryer
Sure, that might as well be a thing. Enjoy that facepalm.
1Password for infrastructure secrets
This is interesting. 1Password is opening up a feature where you can store secrets like API tokens and private certificates, and use them directly in your infrastructure through a private REST API provided by a 1Password Connect server. Worth checking out. (Sponsored)