Here I am again with a newsletter full of news. I came across surprisingly few breaches this week, which was a nice change. I suppose I could make an effort by diving deeper to find some more, but honestly, I'm just going to take this as a win, even if that means closing my ears and going "lalala".
Breaches and leaks
- Evide, a company that provides IT services to charities and non-profits in the UK, was breached with ransomware : link.
- NCR, a point-of-sale company with thousands of customers, was ransomwared: link.
- Commscope, a network infrastructure company, was hacked and has data being published by the attackers: link.
SecAlerts matches vulnerabilities to your software. Choose the frequency and severity of the vulnerability alerts you wish to receive - even get news matched to your software - and it's all sent in one easy-to-understand email. (Sponsored)
Mandiant found that, in the 3CX supply chain compromise, 3CX wasn't the original target. Instead, an employee downloaded a backdoored but legitimately signed financial trading app, which was the starting point of the compromise.
Sharing it here mostly because it made the news in several places, but as the article says, Mac users aren't quite a ransomware target yet. The discovered malware seems to be the result of a cross-platform compilation step, not an actual targeted deployment.
There's apparently a market now for compromised ChatGPT premium accounts, to enable malicious users to circumvent OpenAI’s geofencing restrictions.
Very noteworthy improvement where researchers can disclose vulnerabilities to a repository in a private manner instead of in a public issue.
Police officers came to their Swedish office with a search warrant. According to their short blogpost, Mullvad somehow proved to the officers that no customer data was available anywhere and they left. HN thread: link.
Excellent report from The Citizen Lab, as always. They go over observed activities and exploits of the NSO group through 2022 and the beginning of 2023. Proper evil stuff, like spying on Mexican human rights activists representing victims of military abuses. They used zero-days in Apple's Homekit, FindMy and iMessage. Apple's new Lockdown Mode seems to stop some of these, which is nice.
It's only in draft, but interesting so far. The proposal would form a cooperation between European SOC's for intel sharing, and create a "cybersecurity reserve" of trusted private companies to react quickly in case of major incidents. There is some criticism though, for example on using private parties instead of governement agencies. But all in all, it sounds like a welcome move forward.
Just so you know what to expect in future news stories. Microsoft is now going with a more consistent theme where hacker groups are references by weather patterns. Russia will be "Blizzard", Iran will be "Sandstorm". North Korea will be "Sleet", whatever that is. Financially motivated actors will be "Temptest". I'm entertained, but I'm not sure if it's an improvement.
A good reminder that hardware like routers should receive just as much care in being offboarded as servers and workstations.
Bit out of place maybe, but I found this to be an interesting read. It's about AI generated music that duplicates the voice of a famous artist. The last part of the article piqued my interest, where the author states (quite rightfully I think) that content will need a zero-trust model of some sort in the future. We'll have the essentially consider all content fake, except for the pieces that are properly authenticated.
When configuring a CI/CD pipeline you'll usually have to copy over secrets to make it work. It always feels a bit icky, but necessary. That is until now, because now you can connect 1Password directly to your workflow instead. There's already a guide for CircleCI, Github Actions and Jenkins. (Sponsored)