News
Jenkins Miner - crypto mining on hacked Jenkins servers
The people from CheckPoint have discovered a campaign targeting Jenkins, the continuous integration and deployment server. The servers are breached through a known serialisation vulnerability. So far over $3 million in Monero has been mined.
Hackers hijacked Tesla servers to mine cryptocurrency
It seems that someone discovered an unsecured Kubernetes console in use by Tesla, used to it get AWS credentials and then started mining Monero on Tesla's AWS servers. This breach also exposed an s3 bucket but Tesla says no customer data was in there. The issue was fixed within hours of reporting.
Bitcoin phishing gang made over $50 million with the help of AdWords
They pushed ads that seemed to go to the legit blockchain.info website, but was actually a phishing website. Instead of logging in to their online Bitcoin wallet, users were actually giving the phishers their credentials.
I guess that's another reason to use an ad blocker :-/
Google drops new Edge zero-day as Microsoft misses 90-day deadline
It doesn't make Edge exploitable on its own. Instead it defeats the mitigation technique known as Arbitrary Code Guard, or ACG, which is supposed to prevent remote-code execution flaws from being effective. The article explains it pretty well.
Nearly 8,000 security flaws did not receive a CVE ID in 2017
A good post summarising findings of discovered security flaws and security incidents in 2017. One surprising fact is that there are a whole lot of reported vulnerabilities that didn't get officially 'acknowledged', presumably due to resource constraints (must be a lot of work indeed to keep up).
Hackers sentenced for SQL injections that cost $300 million
A few years back there was a large case of credit card theft by a Russian hacker gang, stealing over 160 million credit cards and incurring damages of over $300 million. Three of them are now finally sentenced to 20, 12 and 4 years. Three others are still fugitives.
US sets up dedicated office for energy infrastructure cybersecurity
Details are scarce but it's no doubt a good move, considering previously seen news on power grid attacks.
Amazon AWS servers might soon be held for ransom, similar to MongoDB
Interesting article exploring the possibility of s3 ransomware, making (mis)use of writeable s3 buckets. It also mentions an intriguing aspect that I didn't consider yet: blackmailing companies with discovered sensitive data to be reported to the GDPR authority.
Fine-tuning firewall rules: 10 best practices
Some common-sense hints & tips on how to handle your firewall rules.
Dissecting an SSL certificate
A fun to read blogpost on what 'issuing an SSL certificate' means, with some pointers to find out more.
Sponsorships
Automated vulnerability scans of web applications in the SDLC
Integration of web application security in the SDLC has become really important. Businesses are pushing new code to production multiple times in a day, so it is vital that security flaws are identified at source. Listen to Paul’s Security Weekly podcast discussing this, scaling up web application security, time management for penetration testers and more.
Securing your company Macs
Fleetsmith is a fantastic solution for keeping your macOS devices managed and secure, used by yours truly every day. It fully integrates with G Suite, and you can try it free with 10 devices for as long as you need.