Welcome to the 200th issue of this little newsletter!
Oof, I have a hard time believing it's been that many. I went back to look when the first issue was sent, turns out it was December 2nd, 2016. More than six years ago, with two long breaks in between.
If you're curious, you can still read that first issue here. Nice to see that the format hasn't changed much, only now I babble a bit before getting to the news ^^
Thank you all for reading what I write, and thank you for the wonderful messages of support and feedback that I've received over the years.
Have a wonderful day!
Breaches and leaks
- MCNA, a US government-sponsored provider of dental healthcare, had a ransomware breach impacting 9 million clients: link.
- Harvard Pilgrim Health Care, a Massachusetts-based non-profit health services provider, disclosed a ransomware breach impacting 2.5 million clients: link.
- ABB confirms it was hit by ransomware: link.
- The city of Augusta, Georgia was breached: link.
- Toyota reported that they found another data leak: link.
- Several crypto related Discord communities were hacked through a malicious bookmarklet acting as a verification step: link.
- SuperVPN had a database with 360 million records exposed: link.
- RaidForums, a notorious hacking and data leak forum, had a database of its own leaked. Always interesting when that happens: link.
Researchers found that the firmware on many Gigabyte motherboards pulls in payloads from Gigabyte servers over an insecure connection and without signature validation. There was some press about it being a "deliberate backdoor", but it sounds like it's more just a badly implemented firmware update check that might be abused by attackers down the line. The linked article gives a more nuanced view. Gigabyte is releasing a fix to address the issues.
I don't really take whatever the FSB says for granted but also perfectly assume that this might happen, sure. Interesting to read either way.
Interesting action to take. Emby noticed several instances that were compromised due to a malicious plugin. They pushed out an update that detects and removes the plugin, and when detected it shuts down the instance to prevent any further foothold by the attackers and to draw the attention of the admins.
Nice move. I have some mixed experienced with security.txt files, but all in all it's a pretty good thing to have. Hackernews thread on this here.
By December 2023 it will be mandatory for accounts that maintain a project or organisation. The mandate is part of a larger effort to prevent account takeover attacks. A bit overdue, I would say, but good improvement nonetheless.
Google is temporarily tripling its bug bounty reward for a full chain exploit leading to a sandbox escape in the Chrome browser. If you're in to this sort of thing, get cracking :-)
Moonlighter is a small satellite that will soon be launched, meant specifically to serve as a hacking sandbox. It will be part of Hack-A-Sat 4, an annual challenge, where finalists will get the chance to hack the satellite in orbit during DEFCON in August.
A somewhat longer, interesting read and a trip down memory lane. Pairs good with some coffee.
Remembering one strong password isn't all that difficult, but there is still the risk that it might be phished or keylogged. Passkeys on the other hand remove that risk entirely, and 1Password will soon allow you to use a passkey to unlock your vault. Very exciting stuff. (Sponsored)