FBI obtains 7000 LockBit decryption keys. Microsoft deprecating NTLM. FCC votes to secure BGP.  

News

Hi folks,

Nothing Earth shattering this week, but plenty of interesting news and articles to share. My favorite is a write-up of how a security researcher got write access to millions of broadband modems, worth a read if you have the time. Enjoy!

Dieter Van der Stock

FBI obtains 7,000 LockBit ransomware decryption keys

While the LockBit gang is still up and running, recent law enforcement operations have disrupted it pretty good. As part of those operations the FBI now has 7000 decryption keys, and is urging victims to get in touch.

statescoop.com

Microsoft deprecates Windows NTLM authentication protocol

NTLM has been a massive attack vector for ages, so I doubt that anyone will be sad to see it go. Admins are advised to switch to Kerberos authentication, or use the "Negotiate" option which will try Kerberos first and fall back to NTLM as a transitionary measure.

bleepingcomputer.com

Azure Service Tags tagged as security risk, Microsoft disagrees

Azure allows for firewall filtering based on Service Tags, to only allow traffic of certain services. Tenable researchers found that one can craft those tags and act like a trusted service. Microsoft says that it isn't an issue because Service Tags aren't a security feature, although I'm pretty sure that they are used as security features all the time.

bleepingcomputer.com

FCC moves ahead on BGP security rules

It states that broadband internet providers would have to develop and maintain private BGP security plans, although I'm not entirely sure what that means. The top nine ISP's will also be required to provide public quarterly progress reports. Sounds like a good thing, for sure.

Related, the FCC approved a $200 million program to improve cybersecurity for schools and libraries: link. Good work, FCC.

cyberscoop.com

Windows Recall demands an extraordinary level of trust that Microsoft hasn’t earned

It's an opinion piece, but one worth reading if you aren't up to speed about the backlash against the "Recall" feature, which takes screenshots of everything you do on your device in order to make it searchable. Given Microsoft's recent security adventures it comes across as pretty tone-deaf.

arstechnica.com

Hacking millions of modems (and investigating who hacked my modem)

It's a long but beautiful write-up of how someone investigated their modem being hacked, and how they themselves were able to get access to a large-scale modem management API, giving them write access to millions of modems. If you're into technical write-ups, this is one to learn from.

samcurry.net

Quick links

  • Poland to invest $760 million in cyberdefense as Russian pressure mounts: link.
  • Kali Linux 2024.2 released with 18 new tools, Y2038 changes: link.
  • House Republicans propose eliminating funding for election security: link.
  • Israeli influence operation highlights global disinformation industry: link.
  • Apple will update iPhones for at least 5 years in rare public commitment: link.
Dieter Van der Stock

Breaches and leaks

  • Major London hospitals disrupted by Synnovis ransomware attack: link.
  • 361 million stolen accounts leaked on Telegram added to HIBP: link.
  • Los Angeles Unified School District investigates data theft claims: link.
  • ShinyHunters claims Santander breach, selling data for 30M customers: link.
  • AI platform Hugging Face says hackers stole auth tokens from Spaces: link.
  • Collection agency FBCS ups data breach tally to 3.2 million people: link.
  • Club Penguin fans breached Disney Confluence server, stole 2.5GB of data: link.
  • Advance Auto Parts stolen data for sale after Snowflake attack: link.
  • Nearly 400,000 affected by data breach at eye care management services company: link.
  • Chinese hacking groups stole ‘sensitive’ intel on South China Sea from SE Asian government: link.
  • Cyberattack disrupts operations of supermarkets across Russia: link.
  • Cyberattack on telecom giant Frontier claimed by RansomHub: link.
  • Germany's main opposition party hit by ‘serious’ cyberattack: link.
  • Google accidentally published internal Search documentation to GitHub: link.
Dieter Van der Stock

Issues and fixes

  • CISA warns of actively exploited Linux privilege elevation flaw: link.
  • Exploit for critical Progress Telerik auth bypass released, patch now: link.
  • Check-in terminals used by thousands of hotels leak guest info: link.
  • Zyxel issues emergency RCE patch for end-of-life NAS devices: link.
Dieter Van der Stock

1Password for developers: secrets, SSH keys, and more

I think most developers don't realise how valuable 1Password can be. It doesn't just hold passwords, it also hold your SSH keys, signs your Git commits, injects token and other secrets in CLI scripts when you want, and much more. (Sponsored)

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.