Issue 25


The obvious news this week. In case you somehow missed it: a ransom worm was let loose on the world, infecting over 300.000 systems in a few days. This article provides a good overview of what happened.

The attack was based on an SMB exploit out of the NSA leaks. Microsoft had released a patch for this exploit in March, but not everyone had installed the update yet. Because of how serious this was Microsoft even released patches for Windows XP, Windows 8 and Windows Server 2003, which are in theory no longer supported.

A researcher by the alias of MalwareTech was able to effectively trigger a killswitch, stopping propagation of the worm. He writes his story here.
Thanks to MalwareTech we also have a live map of infections, which is just downright cool. And you can also see the total infection count up till now, 300.000 systems, right here.

Dieter Van der Stock


DocuSign e-mail breach and phishing campaign

Docusign had their users' e-mail addresses stolen, which were used in a phishing campaign with an e-mail crafted to look like Docusign's. I can tell from first-hand experience that it was a pretty convincing attempt.


Apple issues security updates for macOS and iOS

Apple released security updates for MacOS, iOS, Safari and others, fixing a total of 66 vulnerabilities.


HP laptops covertly log user keystrokes

It was found that HP laptops, through an audio driver from Conexant, log all keystrokes entered in the machine. It doesn't seem intentionally malicious though, but rather a debugging tool.


WordPress announces bug bounty program

In a "How was this not a thing yet?" move, Wordpress has set up a bug bounty program on HackerOne.


ASUS patches RT router vulnerabilities

TL;DR: If you own an Asus RT router, update it.


Results of OpenVPN security audits are in

OpenVPN's security audits found 7 vulnerabilities, out of which one was rated high severity and another medium. All were fixed. The researchers praise OpenVPN's secure development, although they do include some remarks.


Everything you need to know about HTTP security headers

Interesting overview of some of the most important HTTP security headers, like HTST, X-Frame-Options and others.


DiamondFox malware as a service

I remain amazed by the concept of malware-as-a-service. This article shows off DiamondFox. Just purchase the software, pick your plugins (keylogger, DDoS, Crypto Wallet Stealer, ...) and watch the dashboard to track your geographical spread and dig down into victim details.


Cybercrime on the high seas: threats facing billionaire superyacht owners

Something I've never given any thought about: security of yachts. Probably not that relevant to any of us, but an interesting read nonetheless :-)


Interview with Ross Anderson, pioneer of information security economics

This is a long but interesting read on how security has progressed over the last decades. How crime evolved, how the private industry evolved, cyber warfare and much more.


Sidenote: @secnewsletter

This newsletter now has a Twitter account \o/
It will tweet out the shared stories during the week after each issue.

Dieter Van der Stock