I hope this issue finds you well :-) This week ended up less heavy on horrible news, and more about interesting articles. It's a nice change!
I want to thank everyone who participated in the scanyourstuff.app beta and/or provided feedback, it was super valuable. In the end there's not enough commercial interest to pursue it further, at least in its current form. I had a blast building it though, so no regrets at all! I'm not sure if I'll pivot it, maybe open source it, or just shelve it. We'll see :-)
Breaches and leaks
- Cyber insurance giant CNA paid out $40 million to its ransomware attackers: link.
- Conti ransomware gives HSE Ireland free decryptor, still selling data: link.
- FBI: Conti ransomware attacked 16 US healthcare, first responder orgs: link.
- Air India data breach impacts 4.5 million customers: link.
- E-commerce giant Mercari suffers major data breach in Codecov incident: link.
- Codecov hackers gained access to Monday.com source code: link.
- Student health insurance carrier Guard.me suffers a data breach: link.
Update them things
- May Android security updates patch 4 zero-days exploited in the wild: link.
- Exploit released for wormable Windows HTTP vulnerability: link.
I hadn't heard of this one yet, where attackers will use two strains of ransomware in order to confuse recovery operations and make it less likely that they can descrypt on their own.
Another one I hadn't heard about: malware that is actually meant to steal data, but will also act as if it's ransomware to throw you off. Good to know about.
It's sad but true, I think, that we'll only make real progress in cybersecurity as a consequence of legal requirements. So as long as the laws make sense, I'm all for it.
Site isolation isn't new, but I thought this article did a great job of explaining what it is.
There are a number of ways to respond to a security breach as a company, and it's so rare that we see one going the full transparancy route. This article describes how Volue, a green energy tech company, handled a Ryuk ransomware strike. It's a good one to keep bookmarked for when you're writing your own playbooks.
Uptycs' threat research team has observed several instances of Linux malware where the attackers leverage the inbuilt commands and utilities for a wide range of malicious activities. This post takes a close look at those and how you can use Uptycs to detect them. (Sponsored)
TL;DR: installing a Russian language pack on your machine might halt some malware. Clickbait title aside, it's a fun thought. It won't make you immune or anything, but I also don't see how it might cause harm.
It certainly hasn't been an easy time for anyone in the infosec industry. Take good care of yourself folks!
It's an open-source lab environment to help test and improve Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios. I haven't played with it myself, I'm not too active in the Windows/Azure world, but if you are it might be worth a closer look.
A great read on one of the first nation-state supply chain attacks that I can recall. Worth a trip down memory lane.
A nice bunch of snippets by the security people at Google on what the biggest challenges for security will be in the future. Fun read.
1Password has just released the first big-name password management program for Linux desktop users. I'm sure this will be awesome news for a lot of us :-) (Sponsored)