As always, I hope this e-mail finds you well, and that you had a great weekend :-) I spent two beautiful days outside with family and friends, enjoying the sun, company and cold drinks. It felt so good!
Plenty of noteworthy news this week, including some great reads linked at the end. Enjoy!
Breaches and leaks
- Audi, Volkswagen data breach affects 3.3 million customers: link.
- McDonald's discloses data breach after theft of customer and employee info: link.
- Intuit notifies customers of hacked TurboTax accounts: link.
- Baby clothes giant Carter’s leaks 410K customer records: link.
- Foodservice supplier Edward Don hit by a ransomware attack: link.
- CD Projekt: Data stolen in ransomware attack now circulating online: link.
- Meat firm JBS says it paid out $11m after ransomware attack: link.
- Spain's Ministry of Labor and Social Economy hit by cyberattack: link.
EA was breached and had roughly 750GB of data stolen, among which the source code for the FrostBite game engine and FIFA matchmaking server code and API keys. One reason this deserves an item of its own instead of being in the usual list of breaches is how they got in: they purchased a Slack cookie for $10, then asked the EA IT team for an MFA token saying they "lost their phone in a party". No doubt plenty of expensive, high-effort defenses bypassed just like that. More on that in this article and this Hackernews discussion.
That was all it took: a password for an old, no longer used VPN account that seemed to have been re-used elsewhere and leaked.
They tracked the Bitcoin transactions, specifically the cut for the ransomware affiliate, to an adress for which the FBI apparently had the private key. More details aren't given, but hey, good news for Colonial no doubt.
Not easily exploitable at all, but an interesting find and read on tricking a TLS connection between two different kind of applications.
The DoJ says that over 80 million credentials were available for purchase from over 1,400 victim organizations worldwide.
Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions.
Just in case you missed it, you might want to make sure this is all patched :/
Uptycs' threat research team has discovered a new Botnet named ‘Simps’, attributed to Keksec group and primarily focussed on DDOS activities. It even comes with its own Discord server, Youtube channel and Instagram account to showcase its capabilities. (Sponsored)
It's not just scanning, they also immediatly notify the registries in question to have the exposed tokens revoked. Great stuff.
Nice explanation of the setup too. Sounds pretty brittle, but it'll be very interesting to see how this develops further.
Good post by Schneier on how modern weapons systems are so lacking in cybersecurity standards that they're not just useless, but also dangerous to their owners.
There is just a whole lot of truth in this post. It's a long read, but I highly, highly recommend it.
1Password is opening up a feature where you can store secrets like API tokens and private certificates, and use them directly in your infrastructure through a private REST API provided by a 1Password Connect server. Worth checking out. (Sponsored)