News
Hi everyone!
As always, I hope this e-mail finds you well, and that you had a great weekend :-) I spent two beautiful days outside with family and friends, enjoying the sun, company and cold drinks. It felt so good!
Plenty of noteworthy news this week, including some great reads linked at the end. Enjoy!
Breaches and leaks
- Audi, Volkswagen data breach affects 3.3 million customers: link.
- McDonald's discloses data breach after theft of customer and employee info: link.
- Intuit notifies customers of hacked TurboTax accounts: link.
- Baby clothes giant Carter’s leaks 410K customer records: link.
- Foodservice supplier Edward Don hit by a ransomware attack: link.
- CD Projekt: Data stolen in ransomware attack now circulating online: link.
- Meat firm JBS says it paid out $11m after ransomware attack: link.
- Spain's Ministry of Labor and Social Economy hit by cyberattack: link.
Hackers breach gaming giant Electronic Arts, steal game source code
EA was breached and had roughly 750GB of data stolen, among which the source code for the FrostBite game engine and FIFA matchmaking server code and API keys. One reason this deserves an item of its own instead of being in the usual list of breaches is how they got in: they purchased a Slack cookie for $10, then asked the EA IT team for an MFA token saying they "lost their phone in a party". No doubt plenty of expensive, high-effort defenses bypassed just like that. More on that in this article and this Hackernews discussion.
DarkSide pwned Colonial with old VPN password
That was all it took: a password for an old, no longer used VPN account that seemed to have been re-used elsewhere and leaked.
Justice dept. claws back $2.3M paid by Colonial Pipeline
They tracked the Bitcoin transactions, specifically the cut for the ransomware affiliate, to an adress for which the FBI apparently had the private key. More details aren't given, but hey, good news for Colonial no doubt.
ALPACA – the wacky TLS security vulnerability with a funky name
Not easily exploitable at all, but an interesting find and read on tricking a TLS connection between two different kind of applications.
Feds take down Slilpp, a marketplace for stolen login information
The DoJ says that over 80 million credentials were available for purchase from over 1,400 victim organizations worldwide.
Linux system service bug lets you get root on most modern distros
Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions.
Microsoft June 2021 Patch Tuesday: 50 vulnerabilities patched, six zero-days exploited in the wild
Just in case you missed it, you might want to make sure this is all patched :/
Discovery of Simps Botnet leads To ties to Keksec Group
Uptycs' threat research team has discovered a new Botnet named ‘Simps’, attributed to Keksec group and primarily focussed on DDOS activities. It even comes with its own Discord server, Youtube channel and Instagram account to showcase its capabilities. (Sponsored)
GitHub now scans for accidentally-exposed PyPI and RubyGems secrets
It's not just scanning, they also immediatly notify the registries in question to have the exposed tokens revoked. Great stuff.
Researchers create an 'un-hackable' quantum network over hundreds of kilometers using optical fiber
Nice explanation of the setup too. Sounds pretty brittle, but it'll be very interesting to see how this develops further.
Vulnerabilities in weapons systems
Good post by Schneier on how modern weapons systems are so lacking in cybersecurity standards that they're not just useless, but also dangerous to their owners.
The hard truth about ransomware: we aren’t prepared, it’s a battle with new rules, and it hasn’t near reached peak impact.
There is just a whole lot of truth in this post. It's a long read, but I highly, highly recommend it.
1Password for infrastructure secrets
1Password is opening up a feature where you can store secrets like API tokens and private certificates, and use them directly in your infrastructure through a private REST API provided by a 1Password Connect server. Worth checking out. (Sponsored)