News
Hi folks,
I hope you're all doing fine on this (over here anyway) very rainy day.
It's one of those days that begs for either watching a movie under a blanket on the couch, or for a nice long gaming session. Or both?
Still, first we have some work left to do, but I know what I'm looking forward to for this evening :-)
Have a good one!
Ragnar Locker ransomware site taken down by FBI and Europol
The leak site of the ransomware gang Ragnar Locker was replaced with a takedown notice. Not much else is known so far, with Europol saying that they can't share details yet because “a number of actions are still ongoing.”
Almost 42K Cisco IOS XE devices exploited, no patch available
A critical zero-day vulnerability was found in Cisco IOS XE devices, and it is being very actively exploited. It does require you to have the web UI feature enabled and exposed to the web, which is generally a bad idea. Still, if you run these in your fleet, you better check up on them.
EPA calls off cyber regulations for water sector
The regulation is cancelled after a range of lawsuits against the EPA mandating cyber security audits as part of existing sanitary surveys. To be fair, there was a lot of seemingly valid criticism around whether the existing auditors could handle cybersecurity audits of industrial control systems. Still, let's hope that some other means of tightening up US water system security gets put into place.
Citrix Netscaler patch for critical CVE isn't enough, Mandiant warns
Mandiant warns that assets that were already compromised, are still compromised after the patch is installed because the authenticated sessions remain active. They believe that the patch otherwise works, but needs the additional step of terminating existing sessions.
Microsoft plans to kill off NTLM authentication in Windows 11
And there was much rejoicing. Microsoft is working on two new Kerberos features that should eliminate the need for the existing NTLM fallback. Once those are rolled out they will monitor reductions in NTLM usage to determine when it's safe to fully disable.
Amazon adds passkey support as new passwordless login option
It's still in an early phase though, it seems, with the author not being able to make it work on Firefox, or with a Google Titan hardware key.
Google links WinRAR exploitation to Russian, Chinese state hackers
The WinRAR vulnerability has been patched since August, but unsurprisingly it's still seeing widespread use in attacks all over the place.
GlitchSecure: real-time and continuous security testing
If you feel like doing a quick pentest every few quarters isn't enough, you are correct. Take a look at the combination of continuous vulnerability assessments and real-time pentesting that GlitchSecure offers. Every finding is verified by highly skilled (and wonderful) humans. (Sponsored)
Microsoft extends Purview Audit log retention after July breach
Microsoft is extending Purview Audit log retention as promised after the recent breaches of Exchange and Microsoft 365 accounts. Starting December 2023, Microsoft customers with Standard licenses will also have access to additional logs of email access and Yammer/Viva Engage, Teams, Exchange, and Sharepoint events previously only available to customers with Premium licenses.
Hackers use Binance Smart Chain contracts to store malicious scripts
Some threat actors are employing a code distribution technique dubbed 'EtherHiding,' which abuses Binance's Smart Chain (BSC) contracts to hide malicious scripts in that blockchain. They compromise Wordpress webpages to embed a few lines of Javascript that fetch whatever malicious code they put in there, and because the blockchain isn't hosted in a single place, it can't be taken down at the source.
Ex-Navy IT head gets 5 years for selling people’s data on darkweb
He created an account at a legitimate identity database, falsely claiming that the Seventh Fleet, which he served as a chief petty officer, required access to its database to conduct background checks on Navy personnel. He and his wife then illegally obtained the sensitive personal information of 9,000 people and subsequently sold the data on the dark web in exchange for Bitcoin payments valued at around $160,000 at the time.
Learn how to embrace shadow IT safely in your business, by 1Password
This blogpost was written by 1Password for Cybersecurity Awareness Month, focusing on how to safely manage shadow IT, which is the hardware and software that employees use that isn't managed by your company. (Sponsored)
Breaches and leaks
- Hacker leaks another 4.1 million 23andMe data profiles, mostly Britisch and German: link.
- 23andMe hit with lawsuits after hacker leaks stolen genetics data: link.
- Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach: link.
- Kansas courts closed, electronic systems down after alleged ransomware attack: link.
- TV advertising sales giant Ampersand affected by ransomware attack: link.
- Chilean government warns of Black Basta ransomware attacks after customs incident: link.
- UK fines Equifax $13.6 million for 2017 data breach: link.
- Estes cyberattack affected carrier’s phones, other communications: link.
- D-Link confirms breach, rebuts hacker's claims about scope: link.
- KwikTrip all but says IT outage was caused by a cyberattack: link.
- Casio discloses data breach impacting customers in 149 countries: link.