this week in security — january 8 edition
THIS WEEK, TL;DR
Rackspace blames zero-day for ransomware hit
Bank Info Security: Rackspace customers finally got a sense of the cyberattack that hosed the company's hosted Exchange email environment following a ransomware attack in December. Rackspace said in an update this week that some 27 customers had their Exchange backups (.PST files) accessed in the attack, which was caused by an Exchange zero-day, it said, adding that Microsoft hadn't disclosed the bug was remotely executable. The company also said the attack was caused by the Play ransomware group, which Crowdstrike warned about some weeks back. Following the incident, Rackspace said it's shuttering its hosted Exchange service. It's not clear, though, if Rackspace paid the ransom or not, since the Play leak site doesn't yet list the data.
More: Rackspace | TechCrunch | @gossithedog
Cops hacked thousands of phones. Was it legal?
Wired ($): Encrochat, a highly-customized and encrypted Android phone service used almost exclusively by criminals, was secretly hacked by European police and became an intelligence goldmine on thousands of organized criminals. But the methods of the secret police-led hack, which led to the arrests of hundreds of people and crime rings dismantled, are under scrutiny, and are resulting in significant legal challenges and setbacks to these cases. Given that these encrypted devices were ultimately hacked, and that many European countries don't allow or highly restrict the use of intercepted data in court, things aren't going so well for the prosecutors, reports Wired. Encrochat isn't the only case. If you recall, Anom, another encrypted phone service used by crims, was also secretly hijacked and taken over by the FBI — and they're facing similar court rulings because the severity of the alleged crimes didn't justify the means. (And I'm just waiting for Dark Wire to drop...)
More: ComputerWeekly
First LastPass, now Slack and CircleCI have confirmed hacks
Ars Technica: It's been a bumpy start to 2023. Software testing company CircleCi confirmed on Wednesday that it was breached in December and warned customers to "immediately rotate any and all secrets" stored in CircleCi, in a blog about the incident. The news comes shortly after Slack confirmed its GitHub account was compromised and intruders downloaded private code repositories — a compromise similar in style to LastPass' first breach in August, which as we know unraveled by Christmas. Still, Slack said in its opaque statement that there's nothing to worry about. Well let's hope so, eh?
More: CircleCi | Slack | Bleeping Computer
Russian hackers targeted U.S. nuclear scientists
Reuters ($): A Russian hacking unit is accused of targeting U.S. nuclear scientists and labs, according to a Reuters investigation. The hacking unit, previously dubbed "Cold River" by Google researchers, created fake login pages for each targeted U.S. lab and emailed scientists in the hope of stealing their passwords. Cold River was previously linked to a hack-and-leak operation involving the former head of British spy agency MI6. But missteps by the Cold River crew in recent years allowed analysts to identify one of its members, a 35-year-old IT worker and bodybuilder called Andrey Korinets from a town north-east of Moscow, who used his personal emails (or emails connected to him) to set up the hacking group's infrastructure. Incredible work here.
More: @pearswick | @shanehuntley
~ ~
~ ~
THE STUFF YOU MIGHT'VE MISSED
How do you know when macOS detects and remediates malware?
The Eclectic Light Company: This blog looks at how macOS detects and blocks malware using the in-built XProtect system — and some valid criticisms of how it could improve.
The revamped NSA museum opens with displays of former nuke secrets and spy artifacts
NPR: NPR's cybersecurity correspondent @jennamclaughlin has a fantastic visual (and audio) package exploring the NSA's new museum, featuring some of the most important and critical spy, intelligence, defense and military, and codebreaking technologies of recent history — even if it's the NSA's sanitized version.
ChatGPT threats emerge as cybercriminals build malware
Forbes ($): ChatGPT, the AI natural text generator, can do a lot of things. Write cover letters, songs, high school papers, and more. But just like any new technology, the good is mixed with the bad. Cybercriminals are also using ChatGPT to create highly targeted and convincing phishing emails, where language barriers may have outed previous efforts.
~ ~
OTHER NEWSY NUGGETS
Guardian shutters office after ransomware attack: The ransomware attack on the London-based newspaper The Guardian continues on, with the outage reportedly affecting everything from its office Wi-Fi network to the check-outs in the staff canteen. The incident, which began on December 20, was followed by a memo to employees saying its London office will stay closed until January 23. Staff said the newspaper "nearly missed its payroll." Staff have also voiced concerns that production data was either lost, or potentially compromised, by the hack. (via Semafor)
The 'h' in Honda means "hacked": A group of seven hackers found multiple flaws in several major car makers' platforms, including Honda, Nissan and Hyundai, allowing wide remote access to millions of vehicles. Major security and privacy risks here, but that's the price we pay for bundling high-privilege telematics systems with every modern vehicle. SecurityWeek has a good tl;dr. (via @samwcyo)
Twitter's latest security headache: Some 200 million Twitter users' email addresses were leaked online this week after weeks of back-and-forth about claims of an alleged breach. The scraped data set is the first major security incident of Elon Musk's tenure as Twitter CEO, even if the data was limited to just email addresses and not phone numbers as feared. That said, it's a major headache (and likely concern) for pseudonymous accounts whose efforts to keep their identities hidden may have been compromised as a result of this leak, and as such it's unsurprisingly drawing the attention of regulators. The data is searchable in Have I Been Pwned. (via Bleeping Computer)
Hello? Yes, it's the FCC, we have news: The FCC is proposing updating rules for how quickly telecom companies and carriers have to notify customers and consumers about breaches to sensitive data. Telcos, which are highly regulated, would have to immediately alert the FBI, FCC and the Secret Service of breaches (but also human error like inadvertent exposure of customer information) under the new rules, which are currently set at a seven-day waiting period. Why now, I hear you ask? I mean, have you seen how many times T-Mobile, Verizon, and AT&T have experienced data lapses or losses in recent years? Hint: it's more than a few. (via Cyberscoop)
~ ~
THE HAPPY CORNER
Alright, let's move onto the good stuff. Welcome, once more, to the happy corner.
This isn't a new idea, nor is it unique to Discord, but having JavaScript warnings in the browser's console is a great idea to help prevent folks from inadvertently posting code that could get their accounts hacked. Discord's warning is a solid example. (via @0xabad1dea)
Good news if you're a MegaCortex victim. Bitdefender, with help from the No More Ransom initiative, have published a new decryption tool that can help recover files scrambled with the MegaCortex ransomware.
And, who had the NSA's director of cybersecurity @RGB_Lights strapping rockets to Christmas trees and firing them into the air on their 2023 bingo cards — anyone?
And finally this week. It is the absolute highlight of my career that I get to work with one of the finest cybersecurity reporters in the world: @lorenzofb is joining TechCrunch on January 17 to cover the usual beats of cybersecurity, hacking, surveillance and privacy.
If you have good news you want to share, get in touch at: this@weekinsecurity.com
~ ~
CYBER CATS & FRIENDS
This week's cyber cat is Heks, who lets her human handle the cybersecurity while she focuses on guarding the book collection. Will work for free, but won't say no to treats. A big thanks to Kurt F. for the submission!
Please send in your cyber cats (or their friends). Email me a photo and their name, and they'll be featured in an upcoming newsletter. Submitted before? Send an update!
~ ~
SUGGESTION BOX
That's it for this wonderful week in cybersecurity. If you have any feedback, drop it in the suggestion box or email me any time. Hope you have a great week, and I'll be back next with the latest roundup of all the cyber news.
See you next week,
—@zackwhittaker