News
Hi everone,
I hope this issue finds you well :-) This week ended up less heavy on horrible news, and more about interesting articles. It's a nice change!
I want to thank everyone who participated in the scanyourstuff.app beta and/or provided feedback, it was super valuable. In the end there's not enough commercial interest to pursue it further, at least in its current form. I had a blast building it though, so no regrets at all! I'm not sure if I'll pivot it, maybe open source it, or just shelve it. We'll see :-)
Breaches and leaks
- Cyber insurance giant CNA paid out $40 million to its ransomware attackers: link.
- Conti ransomware gives HSE Ireland free decryptor, still selling data: link.
- FBI: Conti ransomware attacked 16 US healthcare, first responder orgs: link.
- Air India data breach impacts 4.5 million customers: link.
- E-commerce giant Mercari suffers major data breach in Codecov incident: link.
- Codecov hackers gained access to Monday.com source code: link.
- Student health insurance carrier Guard.me suffers a data breach: link.
Double-encrypting ransomware
I hadn't heard of this one yet, where attackers will use two strains of ransomware in order to confuse recovery operations and make it less likely that they can descrypt on their own.
Microsoft: Massive malware campaign delivers fake ransomware
Another one I hadn't heard about: malware that is actually meant to steal data, but will also act as if it's ransomware to throw you off. Good to know about.
US introduces bills to secure critical infrastructure from cyber attacks
It's sad but true, I think, that we'll only make real progress in cybersecurity as a consequence of legal requirements. So as long as the laws make sense, I'm all for it.
Firefox testing Site Isolation feature that puts each site into a separate process
Site isolation isn't new, but I thought this article did a great job of explaining what it is.
Ransomware victim shows why transparency in attacks matters
There are a number of ways to respond to a security breach as a company, and it's so rare that we see one going the full transparancy route. This article describes how Volue, a green energy tech company, handled a Ryuk ransomware strike. It's a good one to keep bookmarked for when you're writing your own playbooks.
Linux commands and utilities commonly used by attackers
Uptycs' threat research team has observed several instances of Linux malware where the attackers leverage the inbuilt commands and utilities for a wide range of malicious activities. This post takes a close look at those and how you can use Uptycs to detect them. (Sponsored)
Try this one weird trick Russian hackers hate
TL;DR: installing a Russian language pack on your machine might halt some malware. Clickbait title aside, it's a fun thought. It won't make you immune or anything, but I also don't see how it might cause harm.
CISOs struggle to cope with mounting job stress
It certainly hasn't been an easy time for anyone in the infosec industry. Take good care of yourself folks!
Microsoft releases SimuLand, a test lab for simulated cyberattacks
It's an open-source lab environment to help test and improve Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios. I haven't played with it myself, I'm not too active in the Windows/Azure world, but if you are it might be worth a closer look.
The full story of the stunning RSA hack can finally be told
A great read on one of the first nation-state supply chain attacks that I can recall. Worth a trip down memory lane.
Telegraphing the future of security
A nice bunch of snippets by the security people at Google on what the biggest challenges for security will be in the future. Fun read.
1Password releases full-featured Linux desktop application
1Password has just released the first big-name password management program for Linux desktop users. I'm sure this will be awesome news for a lot of us :-) (Sponsored)