- 1. Apple kept mum about XcodeGhost malware attack against 128M users
"according to a new report, emails presented during the Epic Games vs. Apple court proceedings have revealed startling new details on that particular attack. It turns out that nearly 128 million iOS users downloaded the apps containing the XcodeGhost malware. Reportedly, Apple kept this malware attack a secret and didn’t share the impact’s full details."
- 2. Leaky database exposes fake Amazon product reviews scam
"The IT security researchers at SafetyDetectives discovered a China-based ElasticSearch server publicly available online without any security authentication. The researchers claim that this misconfigured database helped them unearth a well-organized scheme of Amazon vendors to produce fake reviews for their products on the website."
- 3. A Closer Look at the DarkSide Ransomware Gang – Krebs on Security
Darkside got $5 million from Colonial, others paid even more: "DarkSide has shown itself to be fairly ruthless with victim companies that have deep pockets, but they can be reasoned with. Cybersecurity intelligence firm Intel 471 observed a negotiation between the DarkSide crew and a $15 billion U.S. victim company that was hit with a $30 million ransom demand in January 2021, and in this incident the victim’s efforts at negotiating a lower payment ultimately reduce the ransom demand by almost two-thirds."
- 4. Ad-hoc scanning is not enough
I agree: "Don’t just run a scan with every major release. Instead, make it a regular element of your staging cycle. Use vulnerability management and vulnerability assessment capabilities as well as easy integration options to automatically create tickets for every vulnerability that exceeds a certain severity threshold. Automatically retest vulnerabilities after the software is amended by the developers and re-deployed in staging." - This is a different way to think about vuln management, operationalize it, don't run ad-hoc scans, always be scanning!
- 5. 10 Things You Might Not Know About Cyber Essentials
- 6. Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations
"The Babuk group is said to have stolen 250GB of data, including investigation reports, arrests, disciplinary actions, and other intelligence briefings.Like other ransomware platforms, DarkSide adheres to a practice called double extortion, which involves demanding money in return for unlocking files and servers encrypted by the ransomware, as well as for not leaking any data stolen from the victim prior to cutting off access to them."
- 7. Google open sources cosign tool for verifying containers
I like this concept: "The tool was developed in collaboration with the Linux Foundation’s sigstore project. The IT giant used the tool to sign its Distroless images and the users could verify them using the cosign tool. “Distroless” images only contain the user’s application and its runtime dependencies, they do not contain package managers, shells, or any other programs that are ordinarily present in a standard Linux distribution." - I don't agree with many choices being made by the variety of Linux distros. They all make DIFFERENT decisions, which is hurting Linux in a big way.
- 8. FragAttacks vulnerabilities expose all WiFi devices to hack
This concept is not new: "Several implementation flaws can be abused to easily inject frames into a protected Wi-Fi network. In particular, an adversary can often inject an unencrypted Wi-Fi frame by carefully constructing this frame. This can for instance be abused to intercept a client's traffic by tricking the client into using a malicious DNS server as shown in the demo (the intercepted traffic may have another layer of protection though). Against routers this can also be abused to bypass the NAT/firewall, allowing the adversary to subsequently attack devices in the local Wi-Fi network (e.g. attacking an outdated Windows 7 machine as shown in the demo)." Supposedly this was in Wifitap? https://tools.kali.org/wireless-attacks/wifitap
- 9. AWS configuration issues lead to exposure of 5 million records
"AWS Systems Manager automates operational tasks across AWS resources by creating SSM documents. The SSM documents, created in JSON or YAML, contain the operations that an AWS Systems Manager will perform on the cloud assets. By default, SSM documents are private, but can be configured to be shared with other AWS accounts or publicly. AWS provides best practices for shared SSM documents." https://research.checkpoint.com/2021/the-need-to-protect-public-aws-ssm-documents-what-the-research-shows/
- 10. Biggest ISPs paid for 8.5 million fake FCC comments opposing net neutrality
"It was clear before Pai completed the repeal in December 2017 that millions of people—including dead people—were impersonated in net neutrality comments. Even industry-funded research found that 98.5 percent of genuine comments opposed Pai's deregulatory plan. But today's report reveals more details about how many comments were fake and how the broadband industry was involved."
- 11. Biden signed executive order to improve the Nation’s Cybersecurity
What does everyone think about this?
- 12. Jenkins Attack Framework
Neat: "The Jenkins Attack Framework automates and simplifies many common Jenkins attack and introduces some new techniques which are likely not well known in the offensive security community before now. "
- 13. Shining a Light on DARKSIDE Ransomware Operations
"We believe that threat actors have become more proficient at conducting multifaceted extortion operations and that this success has directly contributed to the rapid increase in the number of high-impact ransomware incidents over the past few years. Ransomware operators have incorporated additional extortion tactics designed to increase the likelihood that victims will acquiesce to paying the ransom prices. As one example, in late April 2021, the DARKSIDE operators released a press release stating that they were targeting organizations listed on the NASDAQ and other stock markets. "
- 14. All Wi-Fi devices impacted by new FragAttacks vulnerabilities
- 15. Wormable Windows Bug Opens Door to DoS, RCE
"“If exploited, this vulnerability could enable an unauthenticated attacker to send a specially crafted packet to a targeted server utilizing the HTTP protocol stack (http.sys) to process packets and ultimately, execute arbitrary code, and take control of the affected system,” Eric Feldman, cybersecurity researcher with Automox, wrote in an analysis. Worse, Microsoft noted that the bug is wormable, so that it could be used to self-replicate across the internal network and affect internal services that may not have been exposed." - CodeRed 2.0?
- 16. FCC’s net neutrality rollback overwhelmed by bogus industry comments, investigation finds
- 17. AirTag Successfully Hacked to Show Custom URL in Lost Mode
- 18. Cyberattack prompts shutdown of major fuel pipeline in the US
- 19. Police caught one of the web’s most dangerous paedophiles. Then everything went dark
"In response, politicians in Europe, the UK, India and US have restarted the same arguments that defined the cryptowars of the 1990s. A few years ago they raised the spectre of terrorism to attack encryption, now the detection of child sexual abuse is being used to make their case. Demands have been made for technical “solutions'' to encryption and Facebook has been encouraged to abandon its planned rollout. " - Cryptowars 2.0