News
Howdy everyone,
Here's this week's wrap-up of security news. Nothing major, I'd say, except for the UK iCloud decryption thing pissing me off, but it did give me comfort to know that even top ransomware groups have issues with their security sometimes. Keep your employees happy folks! :-)
Have a good read and a wonderful weekend!
Leaked chat logs expose inner workings of Black Basta ransomware group
Over 200.000 messages of the ransomware group have been leaked, either by an outside party or a disgruntled "employee". It seems there was some division within the group when the leader decided to also attack Russian targets. Funnily enough, researchers have already loaded the messages into a ChatGPT bot to help analyse Black Basta operations.
How North Korea pulled off a $1.5 billion crypto heist—the biggest in history
Crypto was stolen from what were essentially cold wallets that required multiple signatures to unlock, by some combination of manipulating UI interfaces and social engineering. I read this as saying that some UI would indicate to the employees wether it was ok or not to unlock the cold wallet? I'm not entirely sure, but it sounds like quite the heist indeed.
Botnet targets Basic Auth in Microsoft 365 password spray attacks
A massive botnet of over 130,000 compromised devices is conducting password-spray attacks against Microsoft 365 accounts worldwide using Basic Auth, which is often used for service-to-service communication and doesn't trigger 2fa. Might be a good idea to check those logs.
VSCode Material Theme extensions pulled over security risks
Seems worthy of inclusion because of how often this theme is used, and to serve as yet another example of supply chain risk. There's a bunch of drama attached to this one, with the maintainer at one point making their extension "closed source", starting to obfuscate code, it's a whole thing. You can dive deeper through this Hackernews thread and this Github issue.
DoubleClickjacking: a new era of UI redressing
Only came across this one recently, even though it's a post from a few months back. It's a neat explainer of a "double click jacking" attack, where the first click closes the attackers fake page and the second unwillingly authorizes the attacker into an application. The videos show it nicely.
Quick links
- US drug testing firm DISA says data breach impacts 3.3 million people: link.
- Apple pulls iCloud end-to-end encryption feature in the UK: link.
- Have I Been Pwned adds 284M accounts stolen by infostealer malware: link.
- Australia bans all Kaspersky products on government systems: link.
- CISA taps Karen Evans as executive assistant director for cybersecurity: link.
MDM vs Device Trust: technical limitations
A recent blogpost by 1Password comparing standard MDM solutions to their Device Trust offering, based on osquery, which offers up a lot of possibilities. (Sponsored)