News
Hi folks,
It's been a busy week here, with more incident trainings and a bout of the flue. Next week I'll be taking an exam on incident handling, so send me some happy thoughts ;-)
There's some good news in this week's issue! There's research that shows ransomware payments going down, and Biden saying he'll veto any pushback on the SEC's disclosure rules. Considering our industry's usually doom and gloom, I'll take any positivity I can get. Hooray for positive changes!
Have a good read, and a good weekend!
Cheers,
FBI removes Chinese malware from SOHO routers
The routers were being used as geo-IP proxies to launch attacks on US critical infrastructure. It's linked to more warnings about China preparing for a destructive move.
Ransomware payments drop to record low as victims refuse to pay
That's certainly good news. It seems to be caused by better preparedness, a lack of trust towards cybercriminals about their promises of not publishing data when paid, and legal pressure in some regions where paying a ransom is illegal.
How we discovered 18,000 API secrets, including $20M in Stripe tokens
Escape's security team scanned nearly 200 million URL's and found more than 18,000 exposed API secrets, and $20 million in Stripe tokens. The report is well worth a read, going deep into their methodology, the development of their web spider, the cost of the process, and of course their findings. Nice work! (Sponsored)
CISA orders Ivanti devices to be disconnected
You know you've gone and f'd up when CISA goes "just jank the plug". With this week seeing yet another actively exploited Ivanti zero-day, it's not a surprise.
White House rejects efforts to undo SEC cyber disclosure rule
There are apparently efforts underway to undo the four-day disclosure rule that the SEC has brought into force. However, the White House made it clear that Biden would veto the resolution if it made it to his desk. Nice.
I looked through attacks in my access logs. Here's what I found
Interesting write-up of someone combing through their access logs to see what kind of scanners pass by their servers.
How to read leaked datasets like a journalist
The article links to a podcast and a book about handling and parsing big breach datasets and tackling security news stories. I haven't read it yet, but it sure looks interesting.
Breaches and leaks
- Cloudflare hacked using auth tokens stolen in Okta attack: link.
- A mishandled GitHub token exposed Mercedes-Benz source code: link.
- Kansas City public transportation authority hit by ransomware: link.
- Energy giant Schneider Electric hit by Cactus ransomware attack: link.
- Keenan warns 1.5 million people of data breach after summer cyberattack: link.
- Citibank sued over failure to defend customers against hacks and fraud: link.
- Johnson Controls says ransomware attack cost $27 million, data stolen: link.
- Europcar denies data breach of 50 million users, says data is fake: link.
- FTC orders Blackbaud to boost security after massive data breach: link.
- $112 million stolen from founder of Ripple cryptocurrency platform: link.
Issues and fixes
- Exploits released for critical Jenkins RCE flaw, patch now: link.
- Ivanti warns of new Connect Secure zero-day exploited in attacks: link.
- New Linux glibc flaw lets attackers get root on major distros: link.
- CISA warns of patched iPhone kernel bug now exploited in attacks: link.
- Exploit released for Android local elevation flaw impacting 7 OEMs: link.
- New Windows Event Log zero-day flaw gets unofficial patches: link.
- 'Leaky Vessels' container escape vulnerabilities impact docker and others: link.
1Password: the password manager with (to me) the best UX
I'm not going to write a long marketing-heavy paragraph on this one. I just love using 1Password. The UX, the support, the integrations, it all works wonderfully. Highly recommended. (Sponsored)