News
Hi folks,
Here we are with another issue!
It's weeks like these that I'm happy that I moved the "Breaches and leaks" section to the bottom, because it's a looong one this week. Otherwise I'd feel obligated to trim it down. Now you can browse at your leisure to see if anything jumps out at you :-)
Enjoy the read, and have a wonderful weekend!
CacheWarp AMD CPU attack lets hackers gain root in Linux VMs
Look, I'll be honest. Whenever these CPU vulnerabilities are reported my head starts spinning by the time I get to the second paragraph. But I'll try to interpret it as best I can.
As I understand it, it allows attackers to revert cached VM memory to a previous state, thereby finding previously authenticated sessions or recovering private keys that they can use to get themselves access or escalate privileges. But the statement of AMD does say it requires a malicious hypervisor? If your hypervisor is malicious, I'd think you have bigger problems. Still, it sounds like a clever hack.
New Reptar CPU flaw impacts Intel desktop and server systems
Another CPU vulnerability, this time for Intel. It ... has something to do with prefixes.
From the article:
"Under certain microarchitectural conditions, Intel has identified cases where execution of an instruction (REP MOVSB) encoded with a redundant REX prefix may result in unpredictable system behavior resulting in a system crash/hang, or, in some limited scenarios, may allow escalation of privilege (EoP) from CPL3 to CPL0".
Yep.
I'll move on the words of comfort that we all seek:
While it might be possible to achieve privilege escalation with this vulnerability, that hasn't happened yet, although it can cause a DoS. Still, Intel does not expect this issue to be encountered in the real world, but just in case there is a microcode update available.
Citrix Hypervisor is also affected, they released a patch as well: link.
Google adds passkey support to new Titan security key
Google has updated their Titan security keys to include support for passkeys, allowing users to store up to 250 unique ones. That might be a very welcome alternative, or additive, to passkeys on smartphones. They also announced they'll be giving away 100,000 of them to high-risk users around the world.
What the !#@% is a passkey? (by the EFF)
Speaking of passkeys, great article by the EFF on what the <bleep> passkeys are. There's a part two on passkey privacy implications as well.
Ransomware gang files SEC complaint over victim’s undisclosed breach
This definitely jumped out to me. To add to the extortion arsenal, criminals might now file a complaint with the SEC for not complying with the four-day rule to disclose a cyberattack, that they caused.
Hackers don’t stop testing. Neither should you.
If you think doing a quick pentest every few quarters isn’t enough, you are correct. GlitchSecure combines continuous vulnerability assessments with real-time pentesting - all verified by highly skilled (and wonderful) humans in a user friendly platform. (Sponsored)
FBI takes down IPStorm malware botnet as hacker behind it pleads guilty
The botnet was originally discovered in 2019, and stood out for it's use of the InterPlanetary File System (IPFS) peer-to-peer protocol to communicate with infected systems. It grew to to more than 13,500 devices by 2020, earning the creator more than $550,000. He was arrested by the FBI, who took down the botnet infrastructure, but didn't remove the malware from infected devices.
Microsoft extends Windows Server 2012 ESUs to October 2026
Microsoft provides three more years of Windows Server 2012 Extended Security Updates (ESUs) until October 2026, allowing admins more time to upgrade or migrate to Azure.
FCC proposes cybersecurity pilot program for schools, libraries as attacks increase
The FCC proposed the creation of a “Schools and Libraries Cybersecurity Pilot Program” that would allow officials to research which cybersecurity services would best help K-12 schools and libraries across the US defend themselves from hackers.
New York proposes ‘nation-leading’ hospital cybersecurity regulations
It would require hospitals to have their own cybersecurity program, with their own CISO, incident response plans, enforced 2fa, the works. They'd be able to apply for funding to help make this a reality. Great stuff, and I absolutely wish that all hospitals (also in the EU) would have to do this. But it can't be easy to find enough people and resources :/
Polish court discovers secret cryptomining rigs hidden throughout building
They discovered hidden mining rigs -inside the court house-, in a ventilation duct and beneath a raised floor, where they were powered by electricity from the court’s mains supply.
CFO explains why every business needs 1Password
A password manager is more than a security tool. Learn from 1Password’s CFO why it’s an indispensable tool for finance teams that handle sensitive information. (Sponsored)
Breaches and leaks
- Alarm system cyberattack leaves those in need struggling to call for help: link.
- McLaren Health Care says data breach impacted 2.2 million people: link.
- Pharmacy provider Truepill data breach hits 2.3 million customers: link.
- PJ&A says cyberattack exposed data of nearly 9 million patients: link.
- Australian ports operator recovering after major cyber incident: link.
- LockBit ransomware leaks gigabytes of Boeing data: link.
- New Samsung data breach impacts UK store customers: link.
- Toyota confirms breach after Medusa ransomware threatens to leak data: link.
- Long Beach, California turns off IT systems after cyberattack: link.
- Maine govt notifies 1.3 million people of MOVEit data breach: link.
- More than $100 million stolen from Poloniex crypto platform: link.
- Ethereum feature abused to steal $60 million from 99K victims: link.
- Washington State Department of Transportation working to recover from cyberattack: link.
- Ransomware attack on Ohio city impacts multiple services: link.
- Cyberattack on North Carolina county allowed hackers to access data: link.
- Nearly two dozen Danish energy companies hacked through firewall bug in May: link.
- Critical systems restored at English council following ransomware attack: link.
- Mortgage giant Mr. Cooper says customer data exposed in breach: link.
- Toronto Public Library confirms data stolen in ransomware attack: link.
- Rackspace Ransomware Costs Soar to Nearly $12M: link.
Issues and fixes
- Microsoft's November Patch Tuesday fixes 5 zero-days, 58 flaws: link.
- 5 Juniper CVEs actively exploited in the wild: link.
- Fortinet warns of critical command injection bug in FortiSIEM: link.
- Microsoft fixes critical Azure CLI flaw that leaked credentials in logs: link.
- LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed: link.
- VMware discloses critical VCD Appliance auth bypass with no patch: link.
- WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks: link.