News
Hi folks,
Another week, another digest of security news.
Nothing Earth-shattering, although the "issues" list looks pretty rough, with a lot of recent high-visibility vulnerabilities being actively targeted. Please make sure that your systems are all patched up.
Best of luck out there and have a good one!
European govt air-gapped systems breached using custom malware
Nice write-up on a hacking group known as GoldenJackal which seems to specialise in breaching air-gapped systems, with two succesfull attacks that we know off.
They created malware that, when on a system, will install itself on inserted USB drives in the hopes of being inserted into a airgapped system afterwards. When it does it starts collecting a bunch of sensitive files, store it in a hidden folder, and then send that data home once inserted in the Internet-connected infected system again.
The complete research by ESET can be found here, fun Hackernews discussion here.
American Water shuts down online services after cyberattack
Well helloo pet-peeve. Another water utility company breached, although the article doesn't really talk about any impact on the water itself, just the backend systems. Still, ugh.
New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
A scanner has been released by MalwareTech (Marcus Hutchins, from WannaCry fame) to scan your network for CUPS servers that might be vulnerable to the RCE and the 600x DDoS attack.
It's worth noting that it's probably unlikely that CUPS is exposed to the outside world (but you still should check), but even if it's just advertising within your own network it can be used for lateral movement and privilege escalation.
Quick stories
- Microsoft's take on kernel access and safe deployment following CrowdStrike incident: link.
- OpenAI says it has disrupted 20-plus foreign influence networks in past year: link.
- White House is prioritizing secure internet routing, using memory safe languages: link.
- CIOs turn to NIST to tackle generative AI’s many risks: link.
- Dutch police arrest admin of 'Bohemia/Cannabia' dark web market: link.
- Russia detains almost 100 suspects linked to the Cryptex cryptocurrency exchange: link.
Breaches and leaks
- Internet Archive hacked, data breach impacts 31 million users: link.
- UK nuclear site Sellafield fined $440,000 for cybersecurity shortfalls: link.
- Outlast game development delayed after Red Barrels cyberattack: link.
- Highline Public Schools confirms ransomware behind shutdown: link.
- Comcast and Truist Bank customers caught up in FBCS data breach: link.
- LEGO's website hacked to push cryptocurrency scam: link.
- ADT discloses second breach in 2 months, hacked via stolen credentials: link.
- MoneyGram confirms hackers stole customer data in cyberattack: link.
- Casio reports IT systems failure after weekend network breach: link.
- AI girlfriend site breached, user fantasies stolen: link.
- Russian state media company operation disrupted by ‘unprecedented’ cyberattack: link.
- Fidelity Investments says data breach affects over 77,000 people: link.
- Marriott settles with FTC, to pay $52 million over data breaches: link.
Issues and fixes
- Qualcomm patches high-severity zero-day exploited in attacks: link.
- Ivanti warns of three more CSA zero-days exploited in attacks: link.
- Mozilla fixes Firefox zero-day actively exploited in attacks: link.
- Palo Alto Networks warns of firewall hijack bugs with public exploit: link.
- CISA says critical Fortinet RCE flaw now exploited in attacks: link.
- GitLab warns of critical arbitrary branch pipeline execution flaw: link.
- Akira and Fog ransomware now exploit critical Veeam RCE flaw: link.
- Microsoft offers updates on 117 vulnerabilities on Patch Tuesday: link.
What 1Password can do for developers
If you're an engineer, it's really worth checking out 1Password's developer tools. It can manage secrets for your infrastructure and CI/CD pipeline, manage SSH keys, and inject tokens into CLI scripts. Play around with it and see how it can fit in your development flow. (Sponsored)