My Weekly Roundup #142
Okta on handling of Lapsus$ breach: ‘We made a mistake’
We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - August 3. Join AI and data leaders for insightful talks and exciting networking opportunities. Learn More
Exposing initial access broker with ties to Conti
In early September 2021, Threat Analysis Group (TAG) observed a financially motivated threat actor we refer to as EXOTIC LILY, exploiting a 0day in Microsoft MSHTML (CVE-2021-40444).
Russia’s cyber offensive against Ukraine has been limited so far. Experts are divided on why
(CNN) US officials warned that a wave of debilitating cyberattacks could accompany Russia’s war on Ukraine. So far they haven’t materialized, and US and Ukrainian officials are contemplating why as they prepare for the next phase of the war.
DOJ unseals indictments of four Russian gov’t officials for cyberattacks on energy companies
The indictments of four Russian nationals were unsealed by the Justice Department on Thursday, revealing a widespread hacking campaign against energy companies around the world.
Mustang Panda’s Hodur: Old tricks, new Korplug variant
ESET researchers have discovered Hodur, a previously undocumented Korplug variant spread by Mustang Panda, that uses phishing lures referencing current events in Europe, including the invasion of Ukraine ESET researchers discovered a still-ongoing campaign using a previously undocumented Korplug va
Unoriginal-Rice-Patty “Can you believe that a low-quality garage door has better security than a Honda?” “Unoriginal-Rice-Patty” is my personal title for the Replay-based attack on Honda and Acura vehicles “Honda” in Japanese translates to “Original Rice Patty”.
Threat Brief: Lapsus$ Group
The Lapsus$ Group threat actor has grown in just a few months from launching a handful of destructive attacks to stealing and publishing source code of multiple top-tier technology companies.
Cybersecurity researchers trace Lapsus$ attacks to a teenager from England
A hacking group calling itself Lapsus$ recently made waves by releasing sources codes it claimed to have stolen from Microsoft and Okta. Now, cybersecurity researchers investigating the attacks have traced them to a 16-year-old living with his mother near Oxford, England, according to Bloomberg.
Emotet Spoofs IRS in Tax Season-Themed Phishing Campaign
Emotet has consistently employed financial themes in its phishing emails, and attackers have previously exploited the arrival of the U.S. tax season to construct emails targeting users who need to file tax returns. The 2022 tax season is no different.
Protestware is trending in open source: 4 different types and their impact
A few days ago, Snyk reported on a new type of threat vector in the open source community: protestware. The advisory was about a transitive vulnerability — peacenotwar — in node-ipc that impacted the supply chain of a great deal of developers.
Sandworm: A tale of disruption told anew
For cybersecurity pundits, it has become a doctrine that cyberdisruption, whether perpetrated directly or via proxy groups, can be expected to accompany military, political, and economic action as a way of softening up targets or of strategically applying pressure via subterfuge.
Welcoming the Italian Government to Have I Been Pwned
For the last 4 years, I’ve been providing API-level access to national government agencies so that they can search and monitor their government domains on Have I Been Pwned.
Okta investigating claims of customer data breach from Lapsus$ group
Okta, a leading provider of authentication services and Identity and access management (IAM) solutions says it is investigating claims of data breach. On Tuesday, data extortion group Lapsus$ posted screenshots in their Telegram channel of what it alleges to be Okta’s customer data.
Analysis of LockBit Ransomware v2.0
Initial Access Broker Landscape Version 1 of the initial access broker (IAB) landscape project helps clarify the economy of selling accesses by visualizing information flows. The project is curated by Trevor Giffen and reviewed by the broader Curated Intelligence community.
Browser In The Browser (BITB) Attack
This article explores a phishing technique that simulates a browser window within the browser to spoof a legitimate domain. For security professionals, the URL is usually the most trusted aspect of a domain.
iFixit’s Mac Studio teardown reveals monster cooling system
The teardown video depicted a somewhat complicated but not insurmountable process for getting inside that little metal rectangle, and there weren’t too many surprises.
The Actual Pronunciation of GIF, from the Creator
The pronunciation of GIF is one of the oldest and most aggressive internet debates. Some of these will never be settled, but luckily with the GIF debate there’s an actual answer.
Open source project Tea is brew2 for web3
Image Credits: Photo by TeaCora Rooibos on Unsplash Open source code is integral to tech stacks at many large companies, but its authors rarely get recognized — let alone compensated — for their work.
Google to allow Spotify to test its own in-app billing system
Google LLC revealed today that it’s working with the music streaming app Spotify Inc. to test out third-party billing options for app developers. The announcement comes in the wake of massive pressure on Google and its rival Apple Inc.
Teardown Video Reveals What’s Inside The iPhone SE (2022)
Even though we weren’t really impressed with the battery life of the iPhone SE (2022) in our review, Apple deserves credit for increasing the device’s battery capacity to 2,018 mAh, which is a substantial upgrade over the previous model’s 1,821 mAh capacity.
Amazon dropped as sponsor for Seattle Pride 2022
Seattle Pride will not allow Amazon to sponsor LGBTQ pride celebration events in 2022. The nonprofit, which organizes pride events in Seattle and does other advocacy work, released a statement Tuesday that it would “part ways” with Amazon.
Ukraine Just Captured Part Of One Of Russia’s Most Capable Electronic Warfare Systems
Russia’s lost Krasukha-4 electronic warfare system command module would be a prize for foreign intelligence agencies. A curious ‘container’ that Ukrainian troops captured today looks to actually represent a significant Russian loss and a potential intelligence goldmine.
EU, US agree ‘in principle’ to new trans-Atlantic data agreement
For more than one decade, Kurt Wimmer was this blog and this blogger’s First Amendment defender, representing me pro bono.
John Carpenter’s ‘The Thing’ Is a Paranoid Classic
John Carpenter’s 1982 movie The Thing, about a group of scientists battling a shape-shifting alien, is a classic of sci-fi horror. Humor writer Tom Gerencer is one of the film’s many fans. TV writer Andrea Kail agrees that The Thing is one of Carpenter’s best films.
Disney+ And Netflix Are Taking Totally Different Paths On Advertising
The so-called ‘streaming wars’, just like any fiercely competitive exercise, is never static. To gain an advantage, to stand out in an ever-thickening crowd, participants need to change tactics, employ different strategies, zig when an opponent zags or come up with something entirely novel.
Foo Fighters Drummer Taylor Hawkins Dead at 50
Taylor Hawkins, the drummer for American rock outfit Foo Fighters, has died at the age of 50, according to a statement from the band. Hawkins, who previously served as the touring drummer for Alanis Morissette, joined Foo Fighters in 1997 after the departure of original drummer William Goldsmith.