News
Hi folks,
Here I am again with a newsletter full of news. I came across surprisingly few breaches this week, which was a nice change. I suppose I could make an effort by diving deeper to find some more, but honestly, I'm just going to take this as a win, even if that means closing my ears and going "lalala".
Enjoy!
Breaches and leaks
- Evide, a company that provides IT services to charities and non-profits in the UK, was breached with ransomware : link.
- NCR, a point-of-sale company with thousands of customers, was ransomwared: link.
- Commscope, a network infrastructure company, was hacked and has data being published by the attackers: link.
Receive vulnerability alerts specific to your software stack by e-mail
SecAlerts matches vulnerabilities to your software. Choose the frequency and severity of the vulnerability alerts you wish to receive - even get news matched to your software - and it's all sent in one easy-to-understand email. (Sponsored)
Supply chain attack inside of a supply chain attack
Mandiant found that, in the 3CX supply chain compromise, 3CX wasn't the original target. Instead, an employee downloaded a backdoored but legitimately signed financial trading app, which was the starting point of the compromise.
Researchers discover first ever major ransomware targeting macOS
Sharing it here mostly because it made the news in several places, but as the article says, Mac users aren't quite a ransomware target yet. The discovered malware seems to be the result of a cross-platform compilation step, not an actual targeted deployment.
ChatGPT accounts being stolen and sold
There's apparently a market now for compromised ChatGPT premium accounts, to enable malicious users to circumvent OpenAI’s geofencing restrictions.
Private vulnerability reporting now available on Github
Very noteworthy improvement where researchers can disclose vulnerabilities to a repository in a private manner instead of in a public issue.
Mullvad VPN was subject to a search warrant.
Police officers came to their Swedish office with a search warrant. According to their short blogpost, Mullvad somehow proved to the officers that no customer data was available anywhere and they left. HN thread: link.
Pegasus spyware returns in 2022 with a trio of zero-click exploit chains
Excellent report from The Citizen Lab, as always. They go over observed activities and exploits of the NSO group through 2022 and the beginning of 2023. Proper evil stuff, like spying on Mexican human rights activists representing victims of military abuses. They used zero-days in Apple's Homekit, FindMy and iMessage. Apple's new Lockdown Mode seems to stop some of these, which is nice.
EU launches Cyber Solidarity Act to respond to large-scale attacks
It's only in draft, but interesting so far. The proposal would form a cooperation between European SOC's for intel sharing, and create a "cybersecurity reserve" of trusted private companies to react quickly in case of major incidents. There is some criticism though, for example on using private parties instead of governement agencies. But all in all, it sounds like a welcome move forward.
Microsoft switching to weather-based naming scheme for hacker groups
Just so you know what to expect in future news stories. Microsoft is now going with a more consistent theme where hacker groups are references by weather patterns. Russia will be "Blizzard", Iran will be "Sandstorm". North Korea will be "Sleet", whatever that is. Financially motivated actors will be "Temptest". I'm entertained, but I'm not sure if it's an improvement.
Old routers reveal corporate secrets
A good reminder that hardware like routers should receive just as much care in being offboarded as servers and workstations.
AI, NIL, and Zero Trust Authenticity
Bit out of place maybe, but I found this to be an interesting read. It's about AI generated music that duplicates the voice of a famous artist. The last part of the article piqued my interest, where the author states (quite rightfully I think) that content will need a zero-trust model of some sort in the future. We'll have the essentially consider all content fake, except for the pieces that are properly authenticated.
Using 1Password for CI/CD secrets
When configuring a CI/CD pipeline you'll usually have to copy over secrets to make it work. It always feels a bit icky, but necessary. That is until now, because now you can connect 1Password directly to your workflow instead. There's already a guide for CircleCI, Github Actions and Jenkins. (Sponsored)