News
Hi folks,
I hope you all had a wonderful and productive week. Nothing too Earth-shattering in this issue, although it could have been if I read the article on supply-chain attacks on iOS and Mac apps right. And plenty of other interesting stuff to read and learn about. Enjoy!
“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Definitely something that made the news. It's not an easy one to exploit, fortunately, and I haven't seen any news on it being exploited in the wild. But there will definitely be attempts, so might as well patch up and make sure.
More info:
Europol takes down 593 Cobalt Strike servers
Cobalt Strike is a legit and powerful pentesting tool, but it's also often also used by the bad folks. Almost 600 Cobalt Strike servers have now been taken offline in an impressive operation, taking three years and a lot of coordination between law enforcement and a number of private parties.
384,000 sites still pull code from malicious polyfill CDN
For a more detailed breakdown of the Polyfill problem, see last week's issue. One week later there are still about 400.000 websites using the malicious library, including big ones like Hulu, Warner Bros and Mercedes.
Millions of iOS and macOS apps were exposed to potent supply-chain attacks
Interesting write-up of three vulnerabilities that were found in the CacoaPods system, a dependency manager for Swift and Objective-C projects (used to write iOS and Mac apps).
One issue hijacked a log-in-by-mailed-link flow and stole your session keys, another allowed anyone to claim abandonded projects, and the last one allowed for remote code execution on the CacoaPods server, no less.
Considering the level of access that lot's of apps have, and that apparently most apps auto-update whenever a dependency gets an update, this could have been a really bad one. Right now it's not certain if anything was exploited.
The write-up is well written, I'd recommend it as an educational read. And another warning of how bad supply chain attacks can be.
Quick links
- Latest Intel CPUs impacted by new Indirector side-channel attack: link.
- Google now pays $250,000 for KVM zero-day vulnerabilities: link.
- Stolen credentials could unmask thousands of darknet child abuse website users: link.
- UN urges Russia to ‘immediately’ cease interference in European satellites: link.
- Google Chrome to let Isolated Web App access sensitive USB devices: link.
Breaches and leaks
- LockBit claims cyberattack on Croatia’s largest hospital: link.
- Chicago children's hospital says nearly 800,000 affected by January ransomware attack: link.
- TeamViewer: Hackers copied employee directory data and encrypted passwords: link.
- Ticketmaster sends notifications about recent massive data breach: link.
- Hackers abused API to verify millions of Authy MFA phone numbers: link.
- Formula 1 governing body discloses data breach after email hacks: link.
- OVHcloud blames record-breaking DDoS attack on MikroTik botnet: link.
- Dairy giant Agropur says data breach exposed customer info: link.
- Prudential Financial now says 2.5 million impacted by data breach: link.
- Affirm says cardholders impacted by Evolve Bank data breach: link.
- Patelco shuts down banking systems following ransomware attack: link.
- HealthEquity data breach exposes protected health information: link.
- Ransomware attack on Patelco Credit Union causes confusion ahead of holiday weekend: link.
- Ethereum mailing list breach exposes 35,000 to crypto draining attack: link.
Implement passwordless logins into your app in seconds
Solid security shouldn't have to come at the expense of a great user experience. That's why Passage by 1Password provides a passwordless auth service that allows you to implement passkey logins in your app or website with just a few lines of code. (Sponsored)