News
Hi folks,
I hope this issue finds you well! There's some good news to report on this week with the takedown of LockBit, which is always nice.
I've added a little experimental section called "Quick links". Items that I found good to know about, but probably wouldn't make it into the newsletter in a normal issue. Or maybe the title just says enough without needing a summary.
I'm unsure if this is a keeper. On the one hand, I created this newsletter to give you a short overview of security news. On the other hand, security news has become such a firehose over the last few years that my issues keep getting longer, even with very active filtering on my side.
So, just as with the breaches and issues sections, I'm trying the solution of providing a list that you can easily scan over, or ignore at your leisure. Let me know if you like the extra info, or if you're more on the side of "please gawd make it shorter" :-)
As always folks, thanks for reading, and have a lovely day!
LockBit operations dismantled
Definitely the biggest news item this week. A collaboration of law enforcement partners, dubbed "Operation Cronos", seized Lockbit's infrastructure, created a decryption tool, seized over 200 crypto wallets, arrested two operators and identified several others. In a bit of professional trolling, they announced all of this ongoing news on Lockbit's own website, which is just beautiful. (link).
Some more reads on this:
KeyTrap attack: Internet access disrupted with one DNS packet
Researchers disclosed details about a vulnerability in DNSSEC which can be exploited to cause a massive delay on DNS responses, essentially DOS'ing the DNS server, with a single DNS request. It could easily be used to cause wide-spread outages. Fortunately, they worked with Google, Cloudflare and Akamai to implement mitigations before releasing their research. Interesting find though, kudos.
Leaked documents show how private companies support Chinese hacking operations
Documents that appear to belong to the offensive security firm I-SOON have leaked on Github, providing an interesting view into the world of Beijing's hackers for hire.
FTC to ban Avast from selling browsing data for advertising purposes
As a former Avast user (a long, long time ago), I was not pleased with this. Antivirus ain't what it used to be folks.
Biden administration issues executive order on port cybersecurity
Given their importance to the US economy, the executive order gives the US Coast Guard explicit authority to respond to cyber attacks, requires quick reporting of incidents, and determines that more than $20 billion will be invested in port infrastructure. One of the main goals of the latter investment is to manufacture cranes in the US again, because 80% of those are now made in China and those can be remote controlled and programmed.
A security analyst’s guide to identity threats
A really nice write-up of attacks on corporate identities, how to prevent them and how to detect them.
Quick links
- Signal rolls out usernames that let you hide your phone number: link.
- NSA Cyber Director Rob Joyce to retire: link.
- Apple adds post-quantum encryption to iMessage: link.
- Google open sources file-identifying Magika AI model: link.
- Nginx core developer quits project in security dispute, starts “freenginx” fork: link.
Breaches and leaks
- Cactus ransomware claim to steal 1.5TB of Schneider Electric data: link.
- Change Healthcare hit by cyberattack: link.
- Wyze camera glitch gave 13,000 users a peek into other homes: link.
- ALPHV ransomware claims loanDepot, Prudential Financial breaches: link.
- HHS reaches second-ever ransomware settlement: link.
- Critical infrastructure vendor PSI Software hit by ransomware: link.
- Eye care services firm faces lawsuit over data breach impacting 2.3 million: link.
- DC-area school system says data of 100,000 people affected in ransomware attack: link.
Issues and fixes
- SolarWinds fixes critical RCE bugs in access rights audit solution: link.
- Over 28,500 Exchange servers vulnerable to actively exploited bug: link.
- VMware urges admins to remove deprecated, vulnerable auth plug-in: link.
- Joomla fixes XSS flaws that could expose sites to RCE attacks: link.
- Zero-click Apple Shortcuts vulnerability allows silent data theft: link.
- ConnectWise ScreenConnect under active exploitation due to critical flaws: link.
- Hackers exploit critical RCE flaw in Bricks WordPress site builder: link.
Implement passwordless logins into your app in seconds
Solid security shouldn't have to come at the expense of a great user experience. That's why Passage by 1Password is building a passwordless auth service that allows you to implement passkey logins in your app or website with just a few lines of code. (Sponsored)