The target was EDGAR, the SEC's filing system where public-traded companies upload their information. Insider trading seems a very reasonable motive.
The breach happened in the fall of 2016 and affected all company email and internal admin accounts.
On further investigation of the CCleaner infection it was discovered that the actual goal was to infect a range of tech companies, like Google, Intel, Microsoft, Cisco and more, presumably for the purpose of industrial espionage.
Facts like there are always useful when you're talking to your managers about the security budget ;-)
This one is very much worth a read. You know when for certain features you get an @company.com address assigned, like for support tickets or thread replies. You can use that in turn to sign in to services like Slack which can have an option to allow anyone with an @company.com address to join their workspace. It gets even cleverer further down.
Leaks (aka the golden goose that is unsecured s3):
- Viacom, owner of Comedy Central, MTV and more, had an unsecured s3 bucket containing over a gig of credentials and configuration settings, apparently used for a Puppet deployment. (link)
- SVR, a company that sells vehicle tracking products, had an unsecured s3 bucket with over 500,000 customer records with passwords and vehicle information. (link)
- Verizon had an unsecured s3 bucket, which was reportedly private-owned by a Verizon engineer, with internal credentials. (link)
Interesting new feature where the OS checks the firmware for changes that shouldn't be there. You can't do much about it yet besides reporting, but it might be a first step towards better firmware integrity.
Fun bit of research where infrared LED's of security cameras are used to send out data, assuming you were able to compromise the air-gapped network in the first place.
Great article where a security researcher explains his process on how to find vulnerabilities in web- and desktop applications.