Back from London! The conference was brilliant. It had nothing to do with security funnily enough, it was about fusion energy, something I'm a bit of a nerd on during my off time. We even had site visits to fusion-related companies. It was fantastic.
Back to security now, my day-time passion! This was one busy week in the security world. I filtered as much as I could but the issue is still a bit longer then I'd like, especially the breaches section. Still, I hope it's a good read though!
Here's a question for you all: would there be interest in a daily version of this newsletter? Say, the top three news articles of the last 24 hours, just to make sure you didn't miss anything big?
It would be a big commitment to make though, I think I'd have to make it a paid version. But I'd love to do it. Maybe add an audio version in the future, and maybe add a community element too so we can all get to know each other. I'm not sure if there would be enough interest, so feel free to share your thoughts.
I'll stop talking now. Have fun reading this week's issue, and most of all have a wonderful weekend!
Breaches and leaks
- Luxottica, parent company to RayBan, Chanel, Versace and a whole range of other brands, had a breach with 70 million customers impacted: link.
- ScanSource, a cloud and Saas service provider, fell victim to ransomware: link.
- LaCroix Group, a French electronics manufacturer and not the water company, had three factories shut down because of a ransomware attack: link.
- Dish Network, an American television provider, had a breach and seems to have paid the ransom: link.
- Rheinmetall, a German automotive and arms manufacturer, was breached by ransomware: link.
- Suzuki Motorcycle India was forced to halt production due to a cyberattack: link.
Some interesting articles on the impact of ransomware, which might help you at your next budget meeting:
- Food company Dole said that its February ransomware incident cost them $10.5 million: link.
- UMass Memorial Health has agreed to pay $1.2 million to settle wage disputes after its timekeeping system went offline in an attack: link.
- Yum brands, from KFC and Taco Bell, faces class action lawsuit after employee data was breached: link.
This certainly raised my eyebrows a bit. We know that this goes on all the time, but interesting to see it called out like this. They seem to be compromising Fortinet Fortiguard devices for initial access, and route their traffic through compromised residential and small business routers.
This kind of misinformation is going to be a thing more and more often.
The connectivity problems were due to a corrupt config file for a built-in security service, that auto-updates regardless of whether or not you allow automatic updates.
PyPi instigated a temporary suspension of all new users and package uploads over the weekend. It wasn't that they were flooded with more malicious packages than usual, just that they were short-staffed for a few days. Still, it shows just how much work goes into this.
Geo-based security detections are often used to flag suspicious logins, like when a user might log in from Brussels at 9am and somehow from Moscow at 11am. In the ever-evolving arms race between defenders and attackers though, Microsoft says that it's now more and more common for attackers to acquire residential IP addresses to prevent those alerts.
Patch 'em if you got 'em!
It apparently actively tries to guess the used password in order to scan the contents. Quite the balancing act between privacy and protecting customers.
Very nice. Before any Rust dependencies are used at Google they are thoroughly audited for security issues and supply chain risk. Those audits will now be shared with the outside world. HN thread here.
Interesting article that goes over the lack of clear disclosure rules for CISO's. The recent courtcase with the Uber CISO gave rise to a new set of worries around liability.
This is one for the bookmarks, should you ever face this situation. It nicely lists up which (US) agencies to contact and why. Related, CISA updated its ransomware guide this week as well.
Quite the story. His employer was under attack by a ransomware gang. As a Security Analyst he was on the incident response team, but he decided to switch the attacker's wallet address with his own and tried to convince his employer to pay.
Very interesting report on the current landscape of AI voice cloning and how it impacts cybersecurity. The link above goes to the summary, the report itself can be found here.
Remembering one strong password isn't all that difficult, but there is still the risk that it might be phished or keylogged. Passkeys on the other hand remove that risk entirely, and 1Password will soon allow you to use a passkey to unlock your vault. Very exciting stuff. (Sponsored)