Hello again friends!
Thank you for the warm welcome back, it means a lot :-)
In case you didn't see last week's issue, you're getting this e-mail because you previously subscribed to this newsletter, and I restarted it after pausing it back in 2021.
I hope you enjoy this one!
Breaches and leaks
- Ferrari was breached and held for ransom: link.
- Hitachi Energy fell victim to ransomware through the GoAnywhere zero-day vulnerability: link.
- Another victim of the GoAnywhere zero day, the city of Toronto: link.
- And yet another one in the same ransomware-by-GoAnywhere category, retailer Saks Fifth Avenue, fortunately it seems that only mock data was stolen: link.
- The NBA warned fans that their names and emails addresses were leaked by a compromise of a third party newsletter vendor: link.
- General Bytes Bitcoin ATM's were breached, with $1.5M stolen. Nice writeup: link.
- Food company Dole was infected with ransomware back in February, leaking employee data and forcing it to return to manual processes: link.
- Cryptocurrency platform Fiatusdt had an exposed database with customer ID's and passports: link.
Images that were cropped actually kept some information that was trimmed away. So if you tried to remove sensitive data before sharing a picture, the sensitive data might still be there. The Windows 11 Snipping tool and the Snip & Sketch tool on Windows 10 are also affected. Just for reference, the vulnerability is dubbed "aCropalypse".
Now that macros in Word and Excel are blocked by default for downloaded files, attackers have shifted to malicious OneNote attachments. These also have the ability to embed files and scripts for some reason. It is recommended that you disable that ability, or at least block certain file types from being embedded, both of which you can do through a group policy.
BreachForums was one of the main English speaking marketplaces for stolen data, and a reincarnation of RaidForums which were taken down in 2022. Another administrator took over the forum, but has announced that it will be shut down, at least temporarily.
If you have one of these and you have a publicly accessible admin console then you're vulnerable to remote code execution, make sure to patch.
Interesting additions to the new Windows 11 build, especially an anti-phishing addition that will warn against password re-use and against pasting passwords into unsafe websites and apps. Not sure yet how it will turn out but interesting progress nonetheless.
It's a high level overview of things like single sign-on, multi-factor authentication, and IAM auditing and monitoring. You can find the report in PDF form here.
Some more CISA related news, they sure are on a roll lately. This time they released a Python-based tool dubbed the "Untitled Goose Tool" that helps with threat hunting and incident response in Microsoft Azure and 365 environments. You can find the Github repo here.
Interesting read on what zero-days Mandiant is seeing in the wild. They tracked 55 of them that were being exploited in 2022. Most of them by Chinese state-sponsored hackers, but also a few by financially motivated groups.
Always great to read up on Pwn2Own results. Offensive security company Synacktiv is worth highlighting for their Tesla hacks, they won $100.000 and a Tesla Model 3 on day one, and $250.000 on day two, among other prices. The article links to the day one write-up, day two can be found here.
Remembering one strong password isn't all that difficult, but there is still the risk that it might be phished or keylogged. Passkeys on the other hand remove that risk entirely, and 1Password will soon allow you to use a passkey to unlock your vault. Very exciting stuff. (Sponsored)