1. Home
  2. Cybersecurity Events

Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

Three quarters of all Juniper firewalls remain vulnerable to remote unauthenticated attacks
published: Sept. 18, 2023
A critical remote code execution vulnerability affecting Juniper SRX firewalls and EX switches, initially rated as 'medium' severity but elevated to a critical 9.8 CVSS score when exploited in combination. This requires immediate patching as approximately 79% of exposed devices are still vulnerable to unauthenticated code execution without file uploads.
Take action: If you were sleeping on the job about patching your Juniper systems, wake up and start patching. NOW. Because with a public PoC and the devices visible from the internet by nature, you are about to be hacked. That is, if you were lucky not to be hacked until now.
State of (in)security - Week 37
published: Sept. 18, 2023
During the week from Sept. 11, 2023, to Sept. 18, 2023, there were a total of 7 advisory/vulnerability events, 31 incident/data breach events, and 1 shared practical knowledge item. The week-over-week comparison showed improvement with half the number of advisories compared to the previous week, though the number of incidents remained similar. A total of 134,374 individuals were reported as impacted by the events of the week, with the largest breach exposing 58,505 individuals. The incidents were primarily caused by ransomware and third-party breaches, affecting various industries such as healthcare, government, IT/software/technology.
Take action: Security breaches are never one big event. They are always a series of small compromises, in the spirit of "efficiency", "speed", "success" or something else, because we are always optimistic that "this won't happen to us". A great example was the single pirated software on a computer in Turkey being used to steal credentials for Airbus systems, and then gain access because of no MFA.
State of (in)security - Week 36
published: Sept. 11, 2023
During the week of September 4 to September 11, 2023, there were 14 advisory/vulnerability events, 29 incident/data breach events, and 4 shared practical knowledge items. Advisory events more than doubled compared to the previous week, while incidents remained the same. The data breaches affected over 5 million individuals, with the largest breach at the Traderie in-game marketplace potentially exposing 2.6 million. Incidents were primarily caused by third-party breaches and ransomware attacks, affecting various industries like healthcare, government, education, and entertainment/leisure.
Take action: Leaving legacy unsupported Windows computers running and not patching your Windows and Office apps is the best and most common way to get hacked. It's your own PC, click the update button once per month and take a one hour walk. It's worth it.
Death by a thousand cuts - How Chinese hackers compromise Microsoft's cloud
published: Sept. 11, 2023
Microsoft revealed that the Chinese hacking group Storm-0558 exploited a series of security lapses, including the accidental inclusion of a cryptographic key in a crash dump and the compromise of an engineer's account, to breach government email accounts and access various Microsoft cloud services, affecting 25 organizations and high-ranking officials.
Take action: Security breaches are never one big thing. They are always a series of small compromises, in the spirit of "efficiency", "speed", "success" or something else, because we always assume that some other control somewhere will stop an issue from happening. Try to enforce discipline as much as possible, because it does help.
Security Prioritization - Microsoft flaws used in three quarters of all exploits
published: Sept. 8, 2023
Cybersecurity firm Qualys has released an analysis of the top 20 vulnerabilities most exploited by threat actors, malware and ransomware families in the past few years. Qualys' analysis of the top 20 exploited vulnerabilities reveals that 15 are associated with Microsoft products, with some dating back to 2017, indicating a concerning lack of patching discipline. The top 5 most targeted vulnerabilities all involve Microsoft products, while others include issues related to Apache's Log4j, Oracle, Unix/Linux, Jira Atlassian, Citrix, Ivanti, and Fortinet.
Take action: Just updating your windows desktop and laptop reduces your risk of being hacked by a huge margin. And all it takes is click of a button and waiting for an hour a month. Take the hour to go outside, talk to people, or make some good food.
State of (in)security - Week 35
published: Sept. 4, 2023
In the week from August 28, 2023, to September 4, 2023, there were 6 advisory/vulnerability events and 29 incident/data breach events, with 5,478,525 impacted individuals across 11 incidents. The most significant breach exposing 1,800,000 individuals was the Eversource energy provider data breach. Key causes of incidents include third-party breaches, ransomware attacks, protocol design issues, affecting various industries such as education, IT/Software/Technology, finance, and others.
Take action: Stop the recycling of passwords and use MFA everywhere. Just as important, work hard not to store secrets, API keys and tokens in code, since they will eventually leak and your systems will be compromised.
APIs in Zombieland: How abandoned Microsoft Azure URL Allowed Exposed Unauthorized Access
published: Aug. 29, 2023
Microsoft addressed a vulnerability in its Power Platform by removing a compromised, abandoned reply URL, closing off unauthorized access to its API. Which highlights the importance of the thankless job of maintaining and retiring APIs properly to avoid potential security risks and unauthorized access scenarios.
Take action: Invest time in shutting down old APIs and URLs in your application. Or if nothing else locking them out from access. It's a thankless part of the job, both for Product and Development, until someone hacks the API. Then everyone will ask "how could you miss this!"
State of (in)security - Week 34
published: Aug. 28, 2023
During the week between August 21, 2023, and August 28, 2023, there were 5 advisory/vulnerability events, 30 incident/data breach events, and 3 practical knowledge items shared, with a decrease in advisories and incidents compared to the previous week. Over 13 million individuals were impacted in incidents with the largest breach being the French government unemployment agency breach. IT/Software/Technology has moved into the most impacted industry this week, neck and neck with finance and healthcare.
Take action: If you are developing APIs, enforce authentication for the API, limit the number of requests and carefully check which request content you accept and which data is being returned in the API. And test environments are NEVER as secure as production environments, simply because everyone is testing. Hence, test environments are a very bad place for live customer data.
State of (in)security - Week 33
published: Aug. 21, 2023
During the week of August 14-21, 2023, there were 9 advisory/vulnerability events, 33 incident/data breach events, and 1 practical knowledge item shared. The total number of reported impacted individuals from breaches was 2,909,548 across 11 incidents, with the largest breach involving Fidelity National Information Services' MOVEit Data breach impacting 873,000 bank customers. Healthcare, Educaton and Government are still the most impacted industries. Top causes of incidents are unsecured third party providers, ransomware and people being lazy and using recycled passwords.
Take action: Have you checked where your backup hard drives are stored, and whether they are really there? A lot of data is kept on backup hard drives, and those are quite portable and easy to move around - even to steal. While you are checking, think about not recycling your passwords on multiple sites, since hackers don't have to bother to steal your hard drive, just reuse your old leaked passwords.
Step-by-step: How Hacker Group 'LabRat' Works to abuse your computer to mine crypto and rent it to others
published: Aug. 20, 2023
We discuss the methods that the The "LabRat" cyber crime campaign is using to compromise your computers to make money. They use several techniques to attack your computers and avoid being caught while profiting from your computer power to mine cryptocurrency or to sell the bandwidth of victims to profit-to-peer profit sharing networks. To protect yourself, make sure your computer software is updated, use strong passwords, be careful with emails, and practice basic security hygiene.
Take action: If you think you are not important enough to get hacked, you are right. But it doesn't matter, because cyber criminals have ways to profit from your computer and make you pay the bills for that regardless of how unimportant you are. All you need to do to prevent being profited from is a little bit of security hygiene and a little less comfort when using technology.