I hope you're all doing fine on this (over here anyway) very rainy day.
It's one of those days that begs for either watching a movie under a blanket on the couch, or for a nice long gaming session. Or both?
Still, first we have some work left to do, but I know what I'm looking forward to for this evening :-)
Have a good one!
The leak site of the ransomware gang Ragnar Locker was replaced with a takedown notice. Not much else is known so far, with Europol saying that they can't share details yet because “a number of actions are still ongoing.”
A critical zero-day vulnerability was found in Cisco IOS XE devices, and it is being very actively exploited. It does require you to have the web UI feature enabled and exposed to the web, which is generally a bad idea. Still, if you run these in your fleet, you better check up on them.
The regulation is cancelled after a range of lawsuits against the EPA mandating cyber security audits as part of existing sanitary surveys. To be fair, there was a lot of seemingly valid criticism around whether the existing auditors could handle cybersecurity audits of industrial control systems. Still, let's hope that some other means of tightening up US water system security gets put into place.
Mandiant warns that assets that were already compromised, are still compromised after the patch is installed because the authenticated sessions remain active. They believe that the patch otherwise works, but needs the additional step of terminating existing sessions.
And there was much rejoicing. Microsoft is working on two new Kerberos features that should eliminate the need for the existing NTLM fallback. Once those are rolled out they will monitor reductions in NTLM usage to determine when it's safe to fully disable.
It's still in an early phase though, it seems, with the author not being able to make it work on Firefox, or with a Google Titan hardware key.
The WinRAR vulnerability has been patched since August, but unsurprisingly it's still seeing widespread use in attacks all over the place.
If you feel like doing a quick pentest every few quarters isn't enough, you are correct. Take a look at the combination of continuous vulnerability assessments and real-time pentesting that GlitchSecure offers. Every finding is verified by highly skilled (and wonderful) humans. (Sponsored)
Microsoft is extending Purview Audit log retention as promised after the recent breaches of Exchange and Microsoft 365 accounts. Starting December 2023, Microsoft customers with Standard licenses will also have access to additional logs of email access and Yammer/Viva Engage, Teams, Exchange, and Sharepoint events previously only available to customers with Premium licenses.
He created an account at a legitimate identity database, falsely claiming that the Seventh Fleet, which he served as a chief petty officer, required access to its database to conduct background checks on Navy personnel. He and his wife then illegally obtained the sensitive personal information of 9,000 people and subsequently sold the data on the dark web in exchange for Bitcoin payments valued at around $160,000 at the time.
This blogpost was written by 1Password for Cybersecurity Awareness Month, focusing on how to safely manage shadow IT, which is the hardware and software that employees use that isn't managed by your company. (Sponsored)
Breaches and leaks
- Hacker leaks another 4.1 million 23andMe data profiles, mostly Britisch and German: link.
- 23andMe hit with lawsuits after hacker leaks stolen genetics data: link.
- Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach: link.
- Kansas courts closed, electronic systems down after alleged ransomware attack: link.
- TV advertising sales giant Ampersand affected by ransomware attack: link.
- Chilean government warns of Black Basta ransomware attacks after customs incident: link.
- UK fines Equifax $13.6 million for 2017 data breach: link.
- Estes cyberattack affected carrier’s phones, other communications: link.
- D-Link confirms breach, rebuts hacker's claims about scope: link.
- KwikTrip all but says IT outage was caused by a cyberattack: link.
- Casio discloses data breach impacting customers in 149 countries: link.
Issues and fixes
- Hackers exploit critical flaw in WordPress Royal Elementor plugin: link.
- North Korean hackers exploit critical TeamCity flaw to breach networks: link.