News
Hi folks,
We're back to more or less normal service this week, except for this issue being a day early.
I've had another few days of training around incident response for real-world events, and it was incredibly interesting. As a direct result though, I am taking the day off tomorrow, and plan on spending a good portion of it lying on the couch, watching a movie, doing absolutely nothing productive.
I wish you either a very productive, or a very non-productive Friday, whichever is more appropriate for you ;-)
Have a good one friends!
Ukrainian military says it hacked Russia's federal tax agency
That's pretty huge. They breached the central tax authority servers and 2,300 regional servers, infecting them with malware that wiped out the main and backup databases and config files. It's estimated that it will take them at least a month to come back online, with complete restoration being improbable.
The cyber aspect of this war keeps going back and forth though, with Kyivstar, Ukraine's largest telecom provider, also being hacked, taking down services for 25 million customers and also impacting air raid alarms.
23andMe is updating its TOS to force binding arbitration with a limited opt-out window
Just another example on how well 23andMe is handling this. In response to the cyberattack they've now change their terms, mandating binding arbitration for disputes.
North Korean hacking ops continue to exploit Log4Shell
Two years after it was disclosed, the Log4j vulnerability continues to enable North Korean hacking operations, according to a report from Cisco's Talos group. And, according to another report, this time from Veracode, about 38% of applications that rely on Log4J, still use a vulnerable version (link). A long tail indeed.
Hackers don’t stop testing. Neither should you.
If you think doing a quick pentest every few quarters isn’t enough, you are correct. GlitchSecure combines continuous vulnerability assessments with real-time pentesting - all verified by highly skilled (and wonderful) humans in a user friendly platform. (Sponsored)
Microsoft report says OAuth apps often used to automate BEC and cryptomining attacks
Attackers often breach a user's identity through password re-use and lack of 2fa. But instead of then using the identity directly, they use it to create or approve OAuth applications with broad privileges, which can then be used for all kinds of mischief.
It's definitely something that is often forgotten: audit the OAuth applications that your employees/colleagues have generated or given access to. Those can be at least as powerful as the user account itself, and much more stealthy.
Leader of Russian hacktivist group Killnet ‘retires,' appoints new head
The leadership change comes just a few weeks after Russian journalists uncovered the alleged identity of Killmilk, who became famous during the war for representing a collective of politically motivated hackers.
Chinese APT Volt Typhoon linked to botnet made of SOHO routers
Always interesting to deep-dive a bit into the infrastructure of nation-state hackers. In this case, a botnet made out of outdated Cisco, Netgear and Fortinet devices, among other vendors, is being used as a sort of Tor-like network to exfiltrate date from the victims. Recent expansion and network changes seem to indicate they are gearing up for another wave of attacks during the holidays.
Cloud engineer gets 2 years for wiping ex-employer’s code repos
He was sentenced to two years in prison and a restitution of $529,000 for going on a "disgruntled ex-employee rampage", wiping the code repositories of his former employer, First Republic Bank, in retaliation for being fired. In case you ever get the bright idea to go on one of these yourself, don't.
U.S. Senate confirms Harry Coker Jr. as National Cyber Director
It will be on him to implement the national cybersecurity strategy that aims to shift the responsibility for security to technology manufacturers and vendors instead of customers. Not an easy job, no doubt.
Escape: automated API discovery and security
You can't secure what you can't see, right? Explore Escape's powerful combination of agentless and automated API discovery and security scanning. Start uncovering business-logic flaws with the help of AI at scale. (Sponsored)
Breaches and leaks
- Two-day water outage in remote Irish region caused by pro-Iran hackers: link.
- Norton Healthcare ransomware attack exposes 2.5M people: link.
- Toyota warns customers of data breach exposing personal, financial info: link.
- Cold storage giant Americold discloses data breach after April malware attack: link.
- Central Virginia transit system affected by cyber incident: link.
- Credit union operations restored after tech supplier ransomware attack: link.
- District court in Switzerland victim of a cyber attack: link.
- Sony investigating potential ransomware attack on Insomniac Games unit: link.
- Henry Schein says 29K people affected in September cyberattack: link.
Issues and fixes
- Microsoft patches 34 vulnerabilities, including one zero-day: link.
- WordPress fixes POP chain exposing websites to RCE attacks: link.
- 50K WordPress sites exposed to RCE attacks by critical bug in backup plugin: link.
- Apple emergency updates fix recent zero-days on older iPhones: link.
- Ledger dApp supply chain attack steals $600K from crypto wallets: link.
- Russian hackers targetting TeamCity servers since September: link.
- Counter-Strike 2 HTML injection bug exposes players’ IP addresses: link.
- Over 1,450 pfSense servers exposed to RCE attacks via bug chain: link.
- Sophos backports RCE fix after attacks on unsupported firewalls: link.
- Hackers are exploiting critical Apache Struts flaw using public PoC: link.
From 1Password, to No Password?
Remembering one strong password isn't all that difficult, but there is still the risk that it might be phished or keylogged. Passkeys on the other hand remove that risk entirely, and 1Password will soon allow you to use a passkey to unlock your vault. Very exciting stuff. (Sponsored)