Ransomware payments reach record low, sort of. Github and Gitlab flaw to create trustworthy URL's. Endoflife API.  

News

Hi friends,

I hope you're all doing great. I have a few days off myself, I'm due to start at a new job next week so it's good to have a bit of space in between. I'm very excited to start though, and I'll tell you more about it once I get going there :-)

In the mean time I hope you get value out of this week's issue, and see you all next week! Have a good one!

Dieter Van der Stock

Ransomware payments drop to record low of 28% in Q1 2024

Nice writeup of statistics and trends that we're seeing in ransomware payments and groups. There's good news, for example that a smaller share of victims are paying ransom. But overall revenue for ransomware operators is up, unfortunately, because they're attacking more targets.

If you like statistics, the following article has some more. This time from Mandiant on how they've seen median dwell time drop, which is good progress: link.

bleepingcomputer.com

GitHub comments can be abused to produce legit looking links from Microsoft and others

This definitely raised my eyebrows. There's a mechanism in Github that is ripe for abuse, and in fact is being abused as we speak.

You can go to a public repo of a well known company, like Microsoft, write a comment on an issue somewhere, and upload an attachment to that comment. That attachment will then look like github.com/microsoft/repo/files/legitlooking.zip.

If you give that file the same name as, for example, a driver, even I would believe at a glance that it's a legit link to a release artifact. But unfortunately anyone can generate them. In fact, you don't even have to post the comment for it to work. Once you upload the file it remains in existence, even if you cancel the comment. So far, Github hasn't tackled this issue yet, although I assume/hope that they soon will.

Since this article it's become known that Gitlab has the same issue: link.

bleepingcomputer.com

endoflife.date: API to query EOL information

This might have been known to many of you, but I only learned about this service last week. It's a free API that published information when certain software will be end-of-life. Super useful to scan your software across your org and find out what needs replacing or upgrading.

endoflife.date

Quick links

  • MITRE says state hackers breached its network via Ivanti zero-days: link.
  • US imposes visa bans on 13 spyware makers and their families: link.
  • Researchers sinkhole PlugX malware server with 2.5 million unique IPs: link.
  • Majority of businesses worldwide are implementing zero trust, Gartner finds: link.

Breaches and leaks

  • "Substantial proportion" of Americans may have had health and personal data stolen in Change Healthcare breach: link.
  • UnitedHealth confirms it paid ransomware gang to stop data leak: link.
  • LA County Health Services: Patients' data exposed in phishing attack: link.
  • Kaiser Permanente healthcare provider: Data breach may impact 13.4 million patients: link.
  • Plasma donation company Octapharma slowly reopening as BlackSuit gang claims attack: link.
  • Russian Sandworm hackers targeted 20 critical orgs in Ukraine: link.
  • Belarusian hackers claim to breach fertilizer plant in retaliation for support of Lukashenko regime: link.
  • DPRK hacking groups breach South Korean defense contractors: link.
  • Synlab Italia suspends operations following ransomware attack: link.
  • Anti-Trump PAC Lincoln Project scammed for $35,000 after vendor email hack: link.
  • Sweden's liquor shelves to run empty this week due to ransomware attack: link.
  • HelloKitty ransomware rebrands, releases CD Projekt and Cisco data: link.
  • Ring customers get $5.6 million in privacy breach settlement: link.

Issues and fixes

  • Over 1,400 CrushFTP servers vulnerable to actively exploited bug: link.
  • Maximum severity Flowmon bug has a public exploit, patch now: link.
  • Nation-state hackers exploit Cisco firewall 0-days to backdoor government networks: link.
  • Microsoft releases Exchange hotfixes for security update issues: link.
  • Older Windows Print Spooler flaw resurfaces, dubbed GooseEgg: link.
  • WP Automatic WordPress plugin hit by millions of SQL injection attacks: link.

What 1Password can do for developers

If you're an engineer, it's really worth checking out 1Password's developer tools. It can manage secrets for your infrastructure and CI/CD pipeline, manage SSH keys, and inject tokens into CLI scripts. Play around with it and see how it can fit in your development flow. (Sponsored)

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.