Here we are with this week's issue. Enjoy the read, and enjoy the weekend :-)
Breaches and leaks
- Building automation giant Johnson Controls hit by severe cyberattack: link.
- Sony investigates cyberattack as hackers fight over who's responsible: link.
- Mixin Network suspends operations following $200 million hack: link.
- BORN Ontario child registry data breach affects 3.4 million people: link.
- Crypto firm Nansen asks users to reset passwords after vendor breach: link.
- Dallas says Royal ransomware breached its network using stolen account: link.
- National Student Clearinghouse data breach impacts 890 schools: link.
- NY college forced to invest $3.5 million in cybersecurity after breach affecting 200,000: link.
- Kuwait isolates some government systems following attack on its Finance Ministry: link.
- UK logistics firm blames ransomware attack for insolvency, 730 redundancies: link.
- Philippines state health org struggling to recover from ransomware attack: link.
- Russian flight booking system suffers massive cyberattack: link.
Google assigned a 10/10 rating to a vulnerability in libwebp, a widely used library for a widely used image format, discovered by Citizen Lab and Apple's security team. This also seems to be a vulnerability that was used in the NSO Pegasus spyware.
The Exchange breach impact comes to a total of 60,000 e-mails stolen, mostly focused on personnel who work on Indo-Pacific diplomacy efforts. The US government hasn't officially attributed the attack, but "sees no reason to doubt the assessment from Microsoft" (that it was China).
While malicious ads are a danger in regular search results, we now also have to make peace with the fact that they might occur in chats with AI's.
Another interesting one. If you chose to share Bard conversations with a friend or coworker, those generated URL's apparently got indexed by Google. At the time of writing the author found over 400 conversations. Woops. I wasn't able to reproduce it though, so I imagine it's been fixed.
Dependabot is an automated tool provided by GitHub that scans projects for vulnerable dependencies and then automatically issues pull requests to install the updated versions. Some clever attackers are trying to impersonate it, in order to trick you into merging malicious code like password stealers.
If you feel like doing a quick pentest every few quarters isn't enough, you are correct. Take a look at the combination of continuous vulnerability assessments and real-time pentesting that GlitchSecure offers. Every finding is verified by highly skilled (and wonderful) humans. (Sponsored)
Issues and fixes
- Researchers release details of new RCE exploit chain for SharePoint: link.
- Google fixes fifth actively exploited Chrome zero-day of 2023: link.
- Cisco Catalyst SD-WAN Manager flaw allows remote server access: link.
- Cisco urges admins to fix IOS software zero-day exploited in attacks: link.
- Progress warns of maximum severity WS_FTP Server vulnerability: link.
- Hackers actively exploiting Openfire flaw to encrypt servers: link.
The joint report comes from the FBI, NSA, CISA, and the Japanese NISC (cybersecurity) and NPA (police). One example they gave was attackers enabling and disabling an SSH backdoor by using specially crafted TCP or UDP packets that are sent to the devices.
Apparently the US government is on one of it's "we might shut down" phases again, with CISA rightfully pointing out the effect this would have on the US cybersecurity posture.
Cybersecurity awareness on a national scale, love it. You can watch the ad on Youtube here. It's aesthetic and, well, weirdness, reminded me a lot of the Wes Anderson "Asteroid City" movie, on the off chance that that rings a bell for you :D
Passkey support is now available in 1Password, letting you create, manage, and sign in with passkeys on a growing number of websites and apps using the desktop version of 1Password in the browser, as well as on your iOS 17 and iPadOS 17 devices. (Sponsored)