1. Home
  2. Cybersecurity Events

Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

State of (in)security - Week 29
published: July 24, 2023
Between July 17, 2023, and July 24, 2023, there were 10 advisory/vulnerability events and 24 incident/data breach events, impacting a total of 3,709,686 individuals across various industries, with healthcare being the most affected sector. The weirdest and biggest one is a data breach of dating apps.
Take action: Exercise your organizational discipline for the tedious stuff. You forget to offboard a user and the company may get into a legal and data breach dispute with you being questioned by lawyers. You forget to patch regularly and you get into a massive data breach or a complex risk management process of a huge patching process.
Maximising profit - Ransomware gang pressuring victims on the public web
published: July 24, 2023
The Clop ransomware gang is trying to maximize profit by creating easily accessible websites on the regular internet to leak stolen data from specific victims. This approach aims to increase the pressure on victims to pay the ransom by making the threat of data leakage more immediate and tangible.
Take action: You are not important, but you are a source of profit. Crime groups care only about maximizing profit, even at an increased risk to themselves. They don't care about whose data they have stolen and under which conditions. If your data can be stolen, you will be extorted.
Learning from the Microsoft key breach - Logs, Authentication Pentests, Key Protection
published: July 22, 2023
Microsoft has attempted to explain that the Storm-0558 breach exposing email organizations, but it seems the issue is much worse - the exploit also exposes Azure Active Directory. Exploiting Azure Active Directory poses a severe risk as it serves as the source of truth for all identity questions and allows threat actors to impersonate accounts in various Microsoft applications. Microsoft is now facing criticism for lack of transparency and requiring customers to pay extra for access to essential audit logs for detection and remediation purposes.
Take action: When building your product, enable access audit as a core product feature, manage your cryptographic key security, and continuously test since there is always someone that says "this is fine" hoping someone else will fix it. If you are a Microsoft Cloud customer and you hadn't paid for the advanced license for audit logging you can only hope that your data wasn't compromised.
Design consideration example: Google Cloud Build vulnerability to malicious code injection
published: July 19, 2023
Security researchers discovered Bad.Build, a critical vulnerability in Google Cloud Build, enabling attackers to inject malicious code into container images in the Artifact Registry, posing risks such as malware infections, data manipulation, data theft, and denial-of-service attacks. The flaw is related to default permissions, granting attackers access to audit logs with a list of permissions for all Google Cloud Platform (GCP) accounts, potentially facilitating targeted attacks through spear phishing, social engineering, or exploitation of intermediary targets.
Take action: When designing or reviewing an application, consider what details your unauthenticated or shared access endpoints can expose about other components of the system or other users. Because that knowledge can be used as a stepping stone for further attacks.
State of (in)security - Week 28
published: July 18, 2023
During the week between July 10, 2023, and July 17, 2023, a total of 16 advisory/vulnerability events and 36 incident/data breach events were witnessed. Two practical knowledge items were shared. The incidents impacted a total of 13,745,120 individuals, with the finance industry being the most affected, followed by government and healthcare with six incidents. Notable vulnerabilities and incidents include exploits targeting ICS systems, Rockwell Automation components, SAP products, and critical data breaches affecting HCA Healthcare, gaming Razer, US government email accounts.
Take action: The past week showed that a lot of ICS and OT systems are vulnerable to attacks. Operators of those systems strongly resist to patching them for fear of breakdowns. Unfortunately, hackers don't care about uptime of your OT and ICS systems. They will happily compromise and corrupt them, cause a breakdown and then extort you. So however painful, start educating top management about the need for a systemic patching of ICS and OT.
How to target Security Professionals - Fake exploit POC steals data
published: July 13, 2023
Hos you attack cybersecurity professional? You give them an fake exploit to a vulnerability, then hide malware inside it. A fake proof of concept (PoC) claims to exploit a high-severity flaw CVE-2023-35829 but when executed, installs a Linux password-stealing code.
Take action: PoC exploits are a great way to study a vulnerability, to even test your own systems. But *make sure* you run the PoC code in an ephemeral and isolated sandbox (something that's isolated from the rest of the world and will be destroyed after the test). Also train yourself to read and understand the PoC code before you deploy it to anything resembling a live system (even if it's a test system).
Broken cryptography example - MalCare, Blogvault, and WPRemote for WordPress
published: July 11, 2023
The MalCare WordPress plugin, along with similar plugins WPRemote and Blogvault, is vulnerable due to its use of broken cryptography for authenticating API requests, allowing attackers who gain access to the shared secret to execute unauthorized commands on connected WordPress sites; a suggested alternative implementation involves using an asymmetric key signing mechanism for improved security.
Take action: Sometimes a not-so-secure implementation is acceptable. But implement it with full awareness of your scope and risk profile and be conscious that the scope can creep into more dangerous realm and re-implementation may be prohibitively expensive.
State of (in)security - Week 27
published: July 10, 2023
It's been a terrible week for number of exposed individuals in data breaches. In the week between July 3, 2023, midnight and July 10, 2023, midnight, there were a total of 8 advisory/vulnerability events and 31 incident/data breach events. The total number of impacted individuals across 13 incidents was 105,223,569 with the largest breach being the Bangladesh e-government website exposes personal data incident exposing 50,000,000 individuals.
Take action: Even massive, rare and expensive systems are subject to vulnerabilities and risks. Don't ignore the security of a platform just because very few people can afford it. These days automation helps a lot, crime groups have the funds to invest in testing out even very expensive systems and at the end of the day, most security vulnerabilities are mostly ignored items - like placing confidential files on a Content Delivery Network storage accessible to the internet.
State of (in)security - Week 26
published: July 3, 2023
In the week between June 26, 2023, and July 3, 2023, there were 10 advisory/vulnerability events, 31 incident/data breach events, and 1 practical knowledge item shared. The total number of impacted individuals across 11 incidents was 4,320,447, with the largest breach involving the BlackCat gang suspected of hacking NHS trust and exposing 2.5 million individuals. The incidents were predominantly in the healthcare industry, followed by finance, education, government and insurance.
Take action: Security happens before you drop the egg basket. Everything you do after that should be about cleanup and learning how not to drop it the next time. Just don't try to create a theater performance of gluing the eggs or claiming that the eggs were in somebody else's basket. In practice, ignoring reported vulnerabilities for a year and sharing passwords is not negligent. It's criminal.
State of (in)security - Week 25
published: June 26, 2023
In the week between June 19, 2023, and June 26, 2023, there were a total of 10 advisory/vulnerability events and 36 incident/data breach events. The incidents impacted a total of 3,745,301 individuals across various industries, with the largest breach affecting 2,500,000 individuals. Among the incidents, the healthcare industry experienced the highest number of incidents with 10, followed by finance with 9 incidents.
Take action: Never ever ever store more data than you need to. On two incidents the companies have exposed data of former customers/ people that are not customers at all. Now they have a bigger problem than just a data breach, from regulators and law enforcement.