Issue 131

Personal note - greetings from Portland, Oregon

In a few days I'll be visiting the Monitorama conference with my awesome colleagues from Articulate. I flew in a little early to get rid of the jetlag and see a bit of Oregon. Holy crap is it beautiful here.
I'm not sure if I'll be able to do a full issue next week, but I did manage one this week :-) Enjoy!

Breaches and leaks

  • First American Financial Corp: over 800 million mortgage documents, containing very sensitive information, were available to anyone to see by changing the ID in the URL. Ffs.
  • Perceptics: a company that creates license plate readers used extensively by US border control. Was compromised, all stolen files are available for download on the dark web.
  • Flipboard: hackers breached their databases, compromising user data. Tokens were revoked, and passwords were hashed with bcrypt. Although if you hadn't logged in for a few years, then your password was hashed with the easier to crack SHA-1.
  • Canva: graphic design service. Was compromised with 139 million users impacted. They seem to have handled it relatively well though. The breach was quickly detected, and all passwords were hashed with bcrypt.
  • Pyramid Hotel Group: service provider to large hotel chains like Marriot and Plaza. Had an unsecured server exposing 85GB in security logs, stemming from its intrusion detection system. Great that they had one, not so great that anyone could see the sensitive data it collected.

One million devices open to wormable Microsoft BlueKeep flaw

BlueKeep is the name of a security vulnerability in the Remote Desktop Protocol (RDP) in older Windows versions (Windows 7, XP, Server 2003 and Server 2008). Microsoft issued a patch two weeks ago, but almost a million devices can still be found that are unpatched. Since the vulnerability is "wormable", there are serious concerns that it's only a matter of time before we'll see a self-propagating attack like WannaCry. If you have older Windows systems running, make sure to patch up.

Unpatched flaw affects all Docker versions, exploit available

It's a big headline, but from what I can make out it's not all that horrible. If you have a malicious image, or an attacker compromises a running image, one can exploit the use of docker cp to give an attacker access to files on the host. There's no real patch available yet, only mitigations in the form of AppArmor and the likes.

New unpatched macOS Gatekeeper bypass published online

If an attacker gets you to open a malicious zip file, and controls a network share or external drive, they can run arbitrary code that bypasses Gatekeeper. Doesn't seem trivial to exploit, but it's an interesting vulnerability.

Gmail's confidential mode for for GSuite goes live on June 25th

Emails can be made to expire, blocked from printing or forwarding, and/or require a text-message step for authentication. It can also 'work' with other e-mail providers by not sending the contents in the e-mail itself but rather using a link to the content. I'm not entirely sure how I feel about Snapchat-like e-mail, but there you go.

Over 50.000 MS-SQL and PHPMyAdmin servers infected

There seems to be a large-scale and pretty sophisticated attack underway targeting these servers. It the end the malware drops a crypto mining payload and installs a rootkit to maintain persistent. It's worth checking your servers if you run these.

Chinese military to replace Windows OS with custom OS

From their point of view that seems like a very reasonable move, instead of running US-made OS's. Similarly, Russia is working to replace their (modified) Windows version with a Russian-made Linux distro called Astra Linux.

GDPR after one year: costs and unintended consequences

An overview of negative consequences of GDPR. I personally don't agree with the gloom and doom, but hey, this newsletter isn't called "Here's a list of things Dieter agrees with". Hackernews discussion here.

The National Guard's cyber escape room

Seems like a fun way of educating employees :-)


1Password: awesome UX and support

If you're not using a password manager yet, please start using one.
And if you are, but it's not 1Password, I'd recommend taking a look at what they offer. I've moved over to them because the UX is just so much better than where I came from. Despite my fears, the entire migration took less than 10 minutes and worked flawlessly.