News
Hi friends,
It's weeks like these where I really enjoy the process of writing this newsletter. There were a whole lot of interesting articles and news items to read through, so I took my time, drank several coffees, and this is the end result :-) I hope you have a good read!
Breaches and leaks
- T-Mobile disclosed their second breach of the year: link.
- Brightline, a mental health provider, was a victim of the GoAnywhere ransomware attacks, impacted over 780,000 people: link.
- The City of Dallas was hit with ransomware: link.
- Bluefield University in Virginia was hacked, including its alert text messaging system that the attackers used to let the students know: link.
- The state of Missouri exposed documents with personal information on thousands of citizens: link.
- Americold, a cold storage and logistics company, was breached: link.
DOJ detected SolarWinds breach months before public disclosure
Ouch. When running a trial of the Solarwinds Orion software they noticed unusual traffic eminating from the server. They investigated, but couldn't find the cause, and afterwards approved the software for purchase. I feel for them, we've all chased ghosts before, but it sure would have been great to catch the attacks that much sooner.
Google adds passkeys support
Passkeys are an alternative to passwords, where your ability to log in is tied to your device and its biometric unlocking mechanism like FaceID. It's a technology that has me very excited, but there is a lot of work left to do, especially in interoperability between providers. Google is rolling it out now as a sign-in option, with regular passwords still being a fallback. HN thread here.
Apple uses Rapid Security Response feature for the first time
Rapid Security Response updates are meant to provide iOS and macOS devices with quicker security patches. It was announced some time ago, but this week saw its first use with the general public.
Police operation 'SpecTor' arrests 288 dark web drug vendors and buyers
An international law enforcement operation codenamed 'SpecTor' has arrested 288 dark web vendors and customers worldwide. The vendors were active on a marketplace known as 'Monopoly Market' that sold drugs to customers worldwide, which was taken down by German law enforcement some time ago.
Apple and Google team up to fight Bluetooth tracker stalking
Devices like Airtags can be damn useful, but can also be used to track and stalk people. Apple and Google are working on a joint specification to combat this, with other vendors joining in. Great stuff.
Microsoft is rewriting core Windows libraries in Rust
Rust gets rid of a whole class of vulnerabilities that plagues non memory-safe code to this day. Just like with the Linux kernel, it's great progress, but the entire OS won't be re-written in Rust any time soon.
Magecart threat actor rolls out convincing modal forms
Just a reminder that Magecart is still at it, hijacking payment pages on many compromised webshops. These days their checkout page looks better than most actual pages out there, which makes it even harder to tell you're being fooled.
Researcher hijacks popular Packagist PHP packages to get a job
Packagist is the main PHP package repository. A researcher hijacked over a dozen packages by credential stuffing their way into accounts that re-used passwords, in order to "find a job". Not the way to do it folks.
First cybersecurity exercise to hack a satellite
Hacking satellites is a thing! The European Space Agency (ESA) challenged cybersecurity experts to disrupt the operation of a demo satellite. Cybersecurity firm Thales was able to get in and gain the ability to, among other things, modify the images captured by the satellite's camera.
ATT&CK v13 released
There's a new version of the MITRE ATT&CK framework, with some nice changes for those who work with it often, like faster search, machine-readable changelogs, and my favorite: pseudo code to help with your detections. Very nice.
Mandiant CEO’s 7 tips for cyber defense
When Kevin Mandia, founder of Mandiant, talks, one tends to listen. It's a nice short list, including things like 2fa, honeypots, but also more specific items like Powershell module logging.
Unlock any CLI with your fingerprint
With 1Password Shell Plugins, you can forget about storing insecure plaintext keys on your disk or manually typing credentials into your terminal, and instead sign on to any CLI with biometrics. Use an existing plugin for AWS, Github, Gitlab, or dozens of other services. (Sponsored)