News
Hi folks,
I hope you're all doing well! This one is a day early, which seems to line up better with my schedule so it might happen more often.
Nothing major this week that I could see, so I was able to focus on a few smaller items that I found interesting, like the 7-zip zero day and a Go module supply chain attack. I hope you get value from reading through this :-) Cheers!
DeepSeek surge hits companies, posing security risks
The article is essentially a range of opinions (and facts) on why it's tough to trust a Chinese-built AI model. Including the fact that the terms of services of DeepSeek state that everything is stored on Chinese servers (duh), the low level of security exhibited by the company, and the fact that the model fell victim too 100% of well known AI attack vectors.
Ransomware payments fell 35% in 2024
The decline is mostly attributed to successful crackdowns by law enforcement, and more victims that are well defended. Don't read this as ransomware not being an issue anymore. The total amount paid in 2024 was, after all, still over $813 million. But let's hope the downward trend continues on.
Crypto-stealing apps found in Apple App Store for the first time
A new campaign dubbed 'SparkCat' has been uncovered, targeting the cryptocurrency wallet recovery phrases of Android and iOS users using optical character recognition (OCR) stealers. Essentially trying to find screenshots of your recovery phrase, which is of course a bad idea to have in the first place. The malware was embedded in an SDK that maskeraded as analytics, and it apparently wasn't detected by Apple's App Store controls.
7-Zip 0-day was exploited in Russia’s ongoing invasion of Ukraine
Normally, an archive downloaded from the Internet carries the "MotW" tag ("Mark of the Web"), which triggers Defender to do some extra scrutiny. But when you embedded an archive into an archive, the MotW tag wasn't propagated. Apparently this causes enough of an issue that several Ukrainian organisations, like public transport and water supply, were targeted. Although it's not clear if the attacks were successful.
Go Module Mirror served backdoored package for 3+ years
The malicious module was named boltdb-go/bolt, a variation of widely adopted boltdb/bolt, which 8,367 other packages depend on to run. The original malicious package was brought down a while ago, but the Module Mirror kept serving it. Something to pay attention to if you run Go.
Quick links
- US healthcare provider data breach impacts 1 million patients: link.
- House Democrats demand answers over DOGE OPM server: link.
- Thailand cuts power supply to Myanmar scam hubs: link.
- Deloitte pays $5M in connection with breach of Rhode Island benefits site: link.
- Sophos completes $859M acquisition of Secureworks: link.
1Password for developers: secrets, SSH keys, and more
I don't think most developers realise how valuable 1Password can be. It doesn't just hold passwords, it also holds your SSH keys, signs your Git commits, injects token and other secrets in CLI scripts when you want, and much more. (Sponsored)