I found that it's flippin hard to know what's going on security-wise inside a Gsuite account. To make this easier, I started writing an application that runs security and audit reports for me.
I'm making this into a product for others to use. If you've had the same problem trying to manage your Gsuite security, let me know and I'll keep you informed :-)
Plenty of breaches and data leaks this week, so it's list-time.
- Electronics retailer Dixons Carphone had 5.9 million credit card numbers stolen and 1.2 million user records leaked. Fortunately almost all credit cards use chips and pin's. It's the second breach in three years though, they were just fined £400k for their last breach: link
- WeightWatchers had an unsecured Kubernetes cluster, giving access to AWS keys and s3 buckets. No customer data is thought to have leaked though: link
- HR company PageUp had a malware infection, causing a cascade of companies (their customers, mostly Australian) sending out a breach notification: link
- The French data protection authority issued a 250.000 Euro fine to a hearing-aid company that was found to have a significant data leak two years ago: link
- The Trick botnet had an unsecured C&C server, leaking 43 million e-mail addresses. Don't you just hate it when bad guys don't get security right: link
All these images were uploaded through the same account ID, "docker123321", and were downloaded more than a million times.
Just scan the internet on port 8545, issue an API call, get 20 million. I can see how one would find that to be well worth the effort ^^
According to a report by the Washington Post the hackers compromised systems belonging to a U.S. Navy contractor, in January and February of this year.
All 74 were involved in the "pose as the CEO and ask for an urgent wire transfer" e-mails, a fraud method that so far yielded over $3.7 billion in the US alone.
Interesting article by the NY Times that digs a bit deeper into the repercussions of law enforcement (again) not being able to unlock iPhones.
Some updates I came across:
- Microsoft had its Patch Tuesday, fixing 51 vulnerabilities including 11 critical. One allowed for taking over a system just by sending a malformed DNS request :-/ link
- Flash issued an emergency patch for a Flash zero-day that's being actively exploited: link
- VMWare fixed a remote code execution flaw in VMware AirWatch Agent for Android and Windows Mobile: link
- IP camera manufacturer Foscam issued patches for a set of vulnerabilities with which you can take over any camera of theirs: link
- F-Secure patched a serious vulnerability where a device could be taken over through a malicious zip archive. It was disclosed through their bug bounty program: link
Starting from the fact that many database backup tools default their output to <domain>.sql, they scanned the Alexa top million to see if any <domain>.sql files are in the public folder. In 736 cases, they were. Pretty significant since most of those probably contain sensitive (user) data.
Good slide deck on various ways and tools to secure your Kubernetes cluster.
Long but interesting read on how security is both the responsibility of the company providing the service (Google, Facebook, ..) and of their users. But it's not an easy balance to strike. You'd need both a company with large security resources -and- very knowledgeable users to be successful.
GDPR is coming, are you ready? If not, don't worry. Read this easy to follow whitepaper that gives practical advise on what businesses have to do to get started and become GDPR compliant.
Fleetsmith is a fantastic solution for keeping your macOS devices managed and secure. If you sign up today you can manage 10 devices for free, and Fleetsmith's new zero-touch deployment allows you to ship devices without needing IT to set up WiFi and other apps.