Back in action!
If you're wondering why you are getting this: you previously subscribed to this newsletter, and I paused it back in 2021 to gain a bit more time and focus.
Since then my two girls have grown a little older, we completed a house move, and I missed writing this newsletter too much so I want to start it up again. As before, I don't make any promises on frequency and duration, but the aim is to have one of these in your inboxes every Friday.
I'm also very honored to welcome 1Password back as a sponsor right away. As always, I am incredibly grateful for their support.
Breaches and leaks
I did not miss this section though. But here we go:
- Healthcare provider ILS had a data breach affecting 4.2 million people: link.
- A ransomware gang claims to have breached Ring, the camera company owned by Amazon. Ring themselves say that it was a third party that was breached. link.
- Essendant, a distributer of office products, fell victim to LockBit ransomware: link.
- DeFi platform Euler Finance was hacked for $197 million worth of cryptocurrency: link.
- Cloud security firm Rubrik disclosed that it was breached using the GoAnywhere zeroday vulnerability: link.
- A ransomware group claims to have hacked Marshall, the amp manufacturing company. No details are confirmed yet. link.
Wow. Project Zero, Google's zero-day bug-hunting team, discovered and reported 18 zero-day vulnerabilities in Samsung's Exynos chipsets used in mobile devices, wearables, and cars. Several of these allow for remote code execution without any user interaction. There are several Samsung, Vivo and Pixel mobile devices affected. If yours doesn't have a patch available yet, the workaround is to disable Wi-Fi calling and Voice-over-LTE (VoLTE).
It's a writeup for a critical Microsoft Outlook vulnerability that allows hackers to steal hashed passwords by simply receiving an email. Apparently because Outlook gives the sender the ability to give an arbitrary file path for the sound that the incoming message should play. What could go wrong. Microsoft released a Powershell script to help detect this behaviour.
CISA announced the launch of their Ransomware Vulnerability Warning Pilot (RVWP). They will scan networks for vulnerabilities known to be used by ransomware actors, and reach out with any findings and help to fix them. More info on this FAQ page. Kudos, sounds like a good thing to do.
Interesting but sad report from the FBI stating that 860 organisations classified as critical infrastructure suffered a ransomware attack in 2022, with the actual count probably being much higher. If you work in a critical org and need some leverage, you might want to show this report to your leadership.
In a similar vein, a very interesting overview by Kaspersky of confirmed ICS attacks in the second half of 2022. Worth a read-through, and you can download the pdf without filling in a form.
As someone living in a pretty small country, US defense numbers are always eye watering to me. Like the fact that the DoD is committing $13.5 billion to cyberspace activities, or that there will be a total of 147 Cyber Mission Force teams, cyber teams that conduct offensive, defensive and intelligence and support operations on behalf of Cybercom.
This ransomware group, with 118 victims listed so far, no longer encrypts any data but just exfiltrates it and threatens to disclose it. It's apparently not the first group to do so. It's a good reminder that not all ransomware can be caught with encryption related detection rules, or mitigated with backups.
Most of us know about the Flipper Zero (if not, check it out). It's a sort of hacker multi-tool to (pen)test systems based on radio, RFID, NFC etc. Like all hacker tools, they can be used for good or bad. The Brazilian governement is seizing incoming Flipper Zero purchases because of the bad part, with purchasers stating that the government has rejected all attempts to certify the equipment.
TIL: There is now a Kali Linux version for defensive teams. It comes packaged with a bunch of defensive tools like Elasticsearch SIEM, Suricata and Zeek IDS, a menu structure organised according to the NIST incident response framework, SOC learning material and access to community practice resources and Discord channels.
The talks of the BlueHat 2023 Conference from February are online on Youtube now, with some interesting looking stuff in there.
There's a big update over at 1Password, namely, soon you will no longer need even that single password. Passkeys are essentially the combination of a device and a biometric, like a fingerprint, and would make passwords unnecessary. Check it out to learn more. (Sponsored)