The people from CheckPoint have discovered a campaign targeting Jenkins, the continuous integration and deployment server. The servers are breached through a known serialisation vulnerability. So far over $3 million in Monero has been mined.
It seems that someone discovered an unsecured Kubernetes console in use by Tesla, used to it get AWS credentials and then started mining Monero on Tesla's AWS servers. This breach also exposed an s3 bucket but Tesla says no customer data was in there. The issue was fixed within hours of reporting.
They pushed ads that seemed to go to the legit blockchain.info website, but was actually a phishing website. Instead of logging in to their online Bitcoin wallet, users were actually giving the phishers their credentials.
I guess that's another reason to use an ad blocker :-/
It doesn't make Edge exploitable on its own. Instead it defeats the mitigation technique known as Arbitrary Code Guard, or ACG, which is supposed to prevent remote-code execution flaws from being effective. The article explains it pretty well.
A good post summarising findings of discovered security flaws and security incidents in 2017. One surprising fact is that there are a whole lot of reported vulnerabilities that didn't get officially 'acknowledged', presumably due to resource constraints (must be a lot of work indeed to keep up).
A few years back there was a large case of credit card theft by a Russian hacker gang, stealing over 160 million credit cards and incurring damages of over $300 million. Three of them are now finally sentenced to 20, 12 and 4 years. Three others are still fugitives.
Details are scarce but it's no doubt a good move, considering previously seen news on power grid attacks.
Interesting article exploring the possibility of s3 ransomware, making (mis)use of writeable s3 buckets. It also mentions an intriguing aspect that I didn't consider yet: blackmailing companies with discovered sensitive data to be reported to the GDPR authority.
Some common-sense hints & tips on how to handle your firewall rules.
A fun to read blogpost on what 'issuing an SSL certificate' means, with some pointers to find out more.
Integration of web application security in the SDLC has become really important. Businesses are pushing new code to production multiple times in a day, so it is vital that security flaws are identified at source. Listen to Paul’s Security Weekly podcast discussing this, scaling up web application security, time management for penetration testers and more.
Fleetsmith is a fantastic solution for keeping your macOS devices managed and secure, used by yours truly every day. It fully integrates with G Suite, and you can try it free with 10 devices for as long as you need.