I'm afraid it's another minimal issue today. I've been home alone for a few days with our little girl of five months. Available time: near zero. Appreciation for my wife/world-class mom: x100.
There's a lot of important news though. The ransomware'd fuel pipeline in the US has clearly hit a nerve. Who knew the US was sensitive when it came to oil. In all seriousness though, definitely read up on it if you can, it's important.
As usual in minimal issues I just gathered the articles that I liked, but didn't summerise them. However, this time I'm trying out pre-generated summaries. They might not capture all that I found important in each article but they seem reasonably good, hopefully they'll be more useful to you than just the headlines.
Colonial Pipeline continued
- US declares state of emergency after ransomware hits largest pipeline: link.
- Colonial Pipeline restores operations, $5 million ransom demanded: link.
- A closer look at the DarkSide ransomware gang: link.
- The DarkSide ransomware gang must be shitting itself right now: link.
- DarkSide gang quits after servers and Bitcoin stash seized: link.
Other breaches and leaks
- Chemical distributor pays $4.4 million to DarkSide ransomware: link.
- Insurer AXA hit by ransomware after dropping support for ransom payments: link.
- Rapid7 source code, alert data accessed in Codecov supply chain attack: link.
- Insurance giant CNA fully restores systems after ransomware attack: link.
- Herff Jones credit card breach impacts college students across the US: link.
- Ireland’s Health Services hit with $20 million ransomware demand: link.
President Biden signed an executive order Wednesday to modernize the country's defenses against cyberattacks and give more timely access to information necessary for law enforcement to conduct investigations.
A dozen flaws discovered, with at least one hitting anything that uses Wi-Fi. Thankfully, Microsoft patches are out, and Linux kernel patches are coming.
Massive ransomware attacks to the left of us, supply chain attacks to the right of us, but the Linux Foundation is answering the president's call for greater software security.
More phun with Apple AirTags! Free internet, no data plan required… but it’s s-l-o-o-o-w.
Uptycs' threat research team has observed several instances of Linux malware where the attackers leverage the inbuilt commands and utilities for a wide range of malicious activities. This post takes a close look at those and how you can use Uptycs to detect them. (Sponsored)
For more than 16 months, a threat actor has been seen adding malicious servers to the Tor network in order to intercept traffic and perform SSL stripping attacks on users accessing cryptocurrency-related sites.
The iPhone maker has sang its own praises for preventing problematic apps from entering its app store, despite emails submitted into court last week alleging it failed to disclose to millions of its users that they installed malware.
GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts.
In Linux circles, eBPF has evolved into a powerful tool for running sandboxed userspace programs inside the kernel. Now, Microsoft is working on porting eBPF to Windows as well.
Experts from Intel, GitHub and KnowBe4 weigh in on what you need to succeed at security bug-hunting.
1Password Business has some very solid protection mechanisms that are worth highlighting. You can allow, report or deny access to vaults based on location or IP address, enforce 1Password updates, monitor sign-in attempts, a lot of good stuff. Check out the link to learn more. (Sponsored)