News
Hi everyone,
Welcome to this week's newsletter. I write to you while enjoying warm sunshine on my face on a beautiful autumn day. Days like today are why this is my favorite season :-)
I took in all the relaxing I could after last week's succesful exam, but now it's time for the next (and for now final) course. This is the hardest one, six weeks of math-heavy work. Word to the wise: if you want to work in the nuclear industry, be ready to do a lot of studying. Duh, right. Fortunately, I'm loving it.
I enjoyed putting this week's issue together and taking my time to read up on all the news. Now I hope you enjoy reading the digest :-) Have a good one folks!
Linux malware “perfctl” behind years-long cryptomining campaign
A Linux malware named "perfctl" has been targeting Linux servers and workstations for at least three years. The article gives a nice overview of how nifty it is, having several ways to gain initial access and several ways of maintaining presence, like halting mining whenever a user logs in, replacing a bunch of well-known binaries like crontab and top with malicious versions, and communication completely over TOR.
JPCERT shares Windows Event Log tips to detect ransomware attacks
Hopefully it's not too new of an idea to use logs to detect ransomware. But having a nice overview of which ransomware triggers which logs can no doubt be useful to tune your own systems.
Hacker charged for breaching 5 companies for insider trading
The attacker breached several public companies by hijacking e-mail accounts of senior executives, which he then used to gain access to sensitive information and documents for insider trading. He earned a whopping $3.7 million in profits before getting caught.
Honestly, I think this kind of hacks happen a lot more than we hear about. Although I mostly say that because it's probably what I would do if I had chosen the dark side :D
Quick stories
- Meta fined €91 million for storing passwords in plaintext: link.
- Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps: link.
- Microsoft Defender adds detection of unsecure Wi-Fi networks: link.
- Recently patched CUPS flaw can be used to amplify DDoS attacks: link.
- Average North American CISO pay now $565,000: link.
Breaches and leaks
- Ransomware attack forces UMC Health System to divert some patients: link.
- Rackspace monitoring data stolen in ScienceLogic zero-day attack: link.
- Dutch Police says state actor likely behind recent data breach: link.
- Media giant AFP hit by cyberattack impacting news delivery services: link.
- T-Mobile pays $31.5 million FCC settlement over 4 data breaches: link.
- Detroit-area government services impacted by cyberattack: link.
- Agence France-Presse says cyberattack targeted IT systems: link.
Issues and fixes
- Windows 11 24H2 now rolling out, here are the new features: link.
- Critical Ivanti RCE flaw with public exploit now used in attacks: link.
- Critical flaw in NVIDIA Container Toolkit allows full host takeover: link.
- DrayTek fixed critical flaws in over 700,000 exposed routers: link.
- Zimbra RCE flaw exploited to backdoor servers using emails: link.
- CISA warns about Optigo Networks RCE: link.
1Password: the password manager with (to me) the best UX
I'm not going to write a long marketing-heavy paragraph on this one. I just love using 1Password. The UX, the support, the integrations, it all works wonderfully. Highly recommended. (Sponsored)