Over 4700 bitcoins were stolen, currently worth around $80 million. At this time NiceHash is still down. Their website shows a message saying they'll be back soon and are working with law enforcement to track down the attackers.
It was a big news item but there is no malicious intent here that anyone can see, the keylogger is actually a debugging tool left in there by accident. It was off by default but an attacker could switch it on and use it to record all keystrokes stealthily, so updating is advised.
It's not a new breach, but an aggregate of 252 previous breaches. The dump includes search tools to comb through the data. The author isn't selling it, instead just making it available and accepting donations.
A fascinating technique that uses NTFS transactions, essentially locking a valid .exe in a transaction, which keeps it out of reach of AV, modifying and executing it, and then rolling back. The modifications never get written to disk.
The Spotify forums tend to rank well in SEO. Apparently some attackers figured this out and started streaming spam messages on the forums, boosting their tech scam phone numbers in the listings.
The latest Chrome includes some interesting features: restrict extension installs based on permission requests, TLS 1.3 (for Gmail only initially), and site isolation, a feature where each open website runs in a separate process, more isolated from other websites than is now the default. More on the latter here.
Update all the things \o/
- Microsoft's latest update batch fixed 30 vulnerabilities, including 2 remote code execution bugs found in the Malware Protection Engine: link
- The previous link also discusses the new Adobe update fixing one medium security-related bug (yes, just one).
- Chrome has been brought to version 63, including a set of security and feature updates : link
Great article discussing some ways that EV certs can be misused, like using fake identities to set up fake EV companies, or using the same name as well-known companies in your EV since those don't have to be unique. Good reminder to all that even the "padlock + green company name" is not phishing-safe.
An easy to read explanation of the differences between TLS 1.2 and 1.3.
Interesting article describing the operation of MoneyTaker, a Russian-speaking hacker group who have thus far compromised 14 US banks, 3 Russian banks and other targets.
Integration of web application security in the SDLC has become really important. Businesses are pushing new code to production multiple times in a day, so it is vital that security flaws are identified at source. Listen to Paul’s Security Weekly podcast discussing this, scaling up web application security, time management for penetration testers and more.