It's weeks like these where I really enjoy the process of writing this newsletter. There were a whole lot of interesting articles and news items to read through, so I took my time, drank several coffees, and this is the end result :-) I hope you have a good read!
Breaches and leaks
- T-Mobile disclosed their second breach of the year: link.
- Brightline, a mental health provider, was a victim of the GoAnywhere ransomware attacks, impacted over 780,000 people: link.
- The City of Dallas was hit with ransomware: link.
- Bluefield University in Virginia was hacked, including its alert text messaging system that the attackers used to let the students know: link.
- The state of Missouri exposed documents with personal information on thousands of citizens: link.
- Americold, a cold storage and logistics company, was breached: link.
Ouch. When running a trial of the Solarwinds Orion software they noticed unusual traffic eminating from the server. They investigated, but couldn't find the cause, and afterwards approved the software for purchase. I feel for them, we've all chased ghosts before, but it sure would have been great to catch the attacks that much sooner.
Passkeys are an alternative to passwords, where your ability to log in is tied to your device and its biometric unlocking mechanism like FaceID. It's a technology that has me very excited, but there is a lot of work left to do, especially in interoperability between providers. Google is rolling it out now as a sign-in option, with regular passwords still being a fallback. HN thread here.
Rapid Security Response updates are meant to provide iOS and macOS devices with quicker security patches. It was announced some time ago, but this week saw its first use with the general public.
An international law enforcement operation codenamed 'SpecTor' has arrested 288 dark web vendors and customers worldwide. The vendors were active on a marketplace known as 'Monopoly Market' that sold drugs to customers worldwide, which was taken down by German law enforcement some time ago.
Devices like Airtags can be damn useful, but can also be used to track and stalk people. Apple and Google are working on a joint specification to combat this, with other vendors joining in. Great stuff.
Rust gets rid of a whole class of vulnerabilities that plagues non memory-safe code to this day. Just like with the Linux kernel, it's great progress, but the entire OS won't be re-written in Rust any time soon.
Just a reminder that Magecart is still at it, hijacking payment pages on many compromised webshops. These days their checkout page looks better than most actual pages out there, which makes it even harder to tell you're being fooled.
Packagist is the main PHP package repository. A researcher hijacked over a dozen packages by credential stuffing their way into accounts that re-used passwords, in order to "find a job". Not the way to do it folks.
Hacking satellites is a thing! The European Space Agency (ESA) challenged cybersecurity experts to disrupt the operation of a demo satellite. Cybersecurity firm Thales was able to get in and gain the ability to, among other things, modify the images captured by the satellite's camera.
There's a new version of the MITRE ATT&CK framework, with some nice changes for those who work with it often, like faster search, machine-readable changelogs, and my favorite: pseudo code to help with your detections. Very nice.
When Kevin Mandia, founder of Mandiant, talks, one tends to listen. It's a nice short list, including things like 2fa, honeypots, but also more specific items like Powershell module logging.
With 1Password Shell Plugins, you can forget about storing insecure plaintext keys on your disk or manually typing credentials into your terminal, and instead sign on to any CLI with biometrics. Use an existing plugin for AWS, Github, Gitlab, or dozens of other services. (Sponsored)