News
Hi friends,
This week was a rather quiet one, as infosec weeks go. That's a good thing, mind you. So sit back and relax while reading this issue, or skim it quickly while on your way out to the weekend. Either way, enjoy ;-)
Breaches and leaks
- Discord.io (not an official Discord site) confirms breach after hacker steals data of 760K users: link.
- Colorado warns 4 million of data stolen in IBM MOVEit breach: link.
- Canadian Dental Service suffered a ransomware attack with 1.5 million people impacted: link.
- Attackers breached the network of a multi-billion dollar auction house and are selling the access for 120k: link.
Microsoft PowerShell Gallery vulnerable to spoofing and supply chain attack vectors
Researchers discovered that you can easily upload typo-squatted packages, spoof Author and Copyright fields, and even list all private/unlisted packages in the repository. They reported all this almost a year ago, but most issues haven't been fixed yet.
Ford says it’s safe to drive its cars with a WiFi vulnerability
Not exactly a comforting title ^^ There's a buffer overflow vulnerability in the car's Wifi system that might be exploited to remote code execution. They do say that it can't spill over to the actual car driving, but I don't think that's a guarantee. They'll bring out a patch which customers can put on a USB drive and insert in the car to update. Because that's what people do right ^^.
Industrial PLCs worldwide impacted by shared SDK remote-code execution flaws
Some more good news: the CODESYS V3 SDK is used by over 500 device manufacturers to program PLC's for industrial environments. Microsoft researchers discovered 15 vulnerabilities in the SDK allowing for RCE and DOS attacks. These devices aren't updated easily or frequently, so these issues will persist for a while.
GlitchSecure: real-time and continuous security testing
If you feel like doing a quick pentest every few quarters isn't enough, you are correct. Take a look at the combination of continuous vulnerability assessments and real-time pentesting that GlitchSecure offers. Every finding is verified by highly skilled (and wonderful) humans. (Sponsored)
Google released first quantum-resilient FIDO2 key implementation
It uses a new hybrid algorithm combining the classic ECDSA algorithm with the NIST-backed quantum-resistant scheme Dilithium. Apparently making the implementation compact enough to run on a security key was challenging but they made it work. They've also added it to OpenSK, Google's open-source security keys implementation. Kudos!
Almost 2,000 Citrix NetScaler servers backdoored
If you use NetScaler you'll want to take a very good look at it for signs of compromise.
AWS security monitoring in 2023: untangle the chaos
If you've ever been responsible for this kind of work in an AWS environment, you'll know how confusing and overlapping AWS security offerings can get. This is a nice blog post that lines up those services and tries to categorize them in a way that makes sense.
1Password now integrates directly with Datadog
1Password provides an Events API that lets you stream 1Password events to your SIEM, like group changes, sharing actions, user invites, and more. That's great by itself, but now they even directly integrate with Datadog to feed all of that information directly to you. (Sponsored)