News
Hi everyone,
I hope you all had a good weekend! Nothing much to add to today's issue. I just hope you enjoy it :-)
Cheers!
Dieter
Breaches and leaks
- US soldiers expose nuclear weapons secrets via flashcard apps. I'm bookmarking this as one of those "this is why security is hard" stories. link.
- Japanese government agencies suffer data breaches after Fujitsu hack: link.
- Belgium government discovers old 2019 hack during Hafnium investigation: link.
- CrimeaApp Citizen exposed users' COVID data: link.
- Canada Post hit by data breach after supplier ransomware attack: link.
- Klarna mobile app bug let users log into other customers' accounts: link.
- Audio maker Bose discloses data breach after ransomware attack: link.
DHS releases new cybersecurity guidelines for pipelines after Colonial attack
The new rules will force pipeline operators to report any cybersecurity incidents to CISA and hire cybersecurity coordinators who can be on call 24/7.
Have I been Pwned goes open source
Troy is starting the process with open sourcing the "Has this password been in breaches before" component. Also, the FBI will now start feeding compromised passwords they find in investigations into HIBP.
Researchers find four new malware tools created to exploit Pulse Secure VPN appliances
There are now at least 16 malware families designed to compromise Pulse Secure VPN products.
Linux commands and utilities commonly used by attackers
Uptycs' threat research team has observed several instances of Linux malware where the attackers leverage the inbuilt commands and utilities for a wide range of malicious activities. This post takes a close look at those and how you can use Uptycs to detect them. (Sponsored)
Microsoft: Russian hackers used 4 new malware in USAID phishing
Microsoft states that a Russian hacking group used four new malware families in recent phishing attacks impersonating the United States Agency for International Development (USAID).
This weird memory chip vulnerability is even worse than we realised
Google reveals a new Rowhammer attack that exploits the design of ever-shrinking and more dense DRAM chips. The article describes Rowhammer pretty good too, which is nice.
Ransomware gangs' slow decryptors prompt victims to seek alternatives
Interesting to know that there are companies now who specialise in providing faster decryptors. What an interesting dynamic too between criminal economies like ransomware and legit new business models that grow around it.
The misaligned incentives for cloud security
Interesting post by Bruce Schneier where he argues that cloud providers have become part of the national infrastructure, and should be treated as such.
A peek inside the underground ransomware economy
Nothing super new but it's a nice read on the ransomware world.
How Hydra, a Russian dark net market, made more than $1 billion in 2020
If you, like me, have a soft spot for where cybersecurity meets finance and money laundering, this is a good read. It never seizes to fascinate me how illegally gained money can move through the system.
Big changes to 1Password in the browser
1Password just released a big update, providing biometric unlock, dark mode, and a new save experience. Worth checking out! (Sponsored)