Here we are again with this week's wrap-up of the infosec news. Enjoy the read, and have a wonderful weekend.
Microsoft hasn't had a stellar few months when it comes to security. This time they were compromised by a Russian state-sponsored hacking group known as Midnight Blizzard. They breached a "non-production test tenant account", and somehow pivoted from there to extracting emails and attachments from top-level executives and cybersecurity employees.
Microsoft responded themselves in this blogpost, where they seem to downplay this a little too much. For example, they state that "only a very small percentage of our corporate inboxes were breached". Yeah, at the size of a company like Microsoft, breaching only the executives and cybersecurity teams won't be a high percentage number. But we're not assessing quantity here, are we. They also don't provide information on how the attackers went from a test tenant to corporate email inboxes.
They do state that this breach forces them to accelerate their security priorities, even saying that this might impact business processes while the shift is being made.
My favorite genetic analysis company now confirms that the attackers stole raw genotype data and health reports, and that the attack went unnoticed for five months.
Escape's security team scanned nearly 200 million URL's and found more than 18,000 exposed API secrets, and $20 million in Stripe tokens. The report is well worth a read, going deep into their methodology, the development of their web spider, the cost of the process, and of course their findings. Nice work! (Sponsored)
Good stuff! As the article points out though, do be mindful of the fact that this means that your iCloud account has to be properly secured, since you're shifting the security responsibility there.
Democratic voters in New Hampshire were flooded with robocalls using the AI-generated voice of Joe Biden urging them not to vote in the primary. The calls were also spoofed to make it seem like they were made by the former Democratic state party chair.
Always interesting to read the results of these. From what I can tell, the Synacktiv Team did a remarkable job, taking $295,000 in price money just on day one, with more the days after. I haven't seen a full wrap-up yet, but you can see the results of each day on ZDI's blog.
For the technical deep-divers among us: I came across this gem last week where someone documents the use of a Perl OAuth2 module. It explains very well, and yet casually, how the OAuth flows work, I just really liked reading through it :-)
Breaches and leaks
- Water services giant Veolia North America hit by ransomware attack: link.
- Trello API abused to link email addresses to 15 million accounts: link.
- LoanDepot ransomware attack exposes data on almost 17M customers: link.
- Trading platform EquiLend down following cyberattack: link.
- HPE hit by a monthslong cyberattack on its cloud-based email: link.
- Local governments in Colorado, Pennsylvania and Missouri dealing with ransomware: link.
- Aviation leasing company AerCap investigates ransomware incident: link.
- Vans, North Face owner says ransomware breach affects 35 million people: link.
- Tietoevry ransomware attack causes outages for Swedish firms and cities: link.
- Trezor support site breach exposes personal data of 66,000 customers: link.
- SEC confirms X account was hacked in SIM swapping attack: link.
- Jason’s Deli says customer data exposed in credential stuffing attack: link.
Issues and fixes
- CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities: link.
- Ivanti: VPN appliances vulnerable if pushing configs after mitigation: link.
- Exploit released for Fortra GoAnywhere MFT auth bypass bug: link.
- Over 5,300 GitLab servers exposed to zero-click account takeover attacks: link.
- Chinese hackers exploit VMware bug as zero-day for two years: link.
- Hackers target WordPress 'Better Search Replace' plugin active on 1 million sites: link.
- Cisco warns of critical RCE flaw in communications software: link.
- Atlassian Confluence Data Center under active exploitation in older versions: link.
- Apple fixes first zero-day bug exploited in attacks this year: link.
I'm not going to write a long marketing-heavy paragraph on this one. I just love using 1Password. The UX, the support, the integrations, it all works wonderfully. Highly recommended. (Sponsored)