Cisco Duo warns of third-party 2fa breach. Palo Alto firewall exploitation continues. Opinion piece on Microsoft's dominance.  

News

Hi folks,

I hope you're all doing great! I'm good, but exhausted. We held a birthday party yesterday for our oldest, with about eight 8-year olds having a blast. Wonderful to see, but suffice it to say that no one should be expected to be very productive the day after that. After I press 'send' on this week's issue I'm going to make the most of my time off, relax, and probably play some Enshrouded :-)

Enjoy the read and have a good weekend!

Dieter Van der Stock

Palo Alto Networks warns firewall exploits are spreading

There's a 10/10 vulnerability in the Palo Alto PAN-OS operating system, which is used in over 156,000 publicly reachable firewalls. Active exploitation is underway, and seems to be using a second, not-yet designated vulnerability. If you run PAN-OS in your environment, better start those patching and incident response procedures.

cybersecuritydive.com

Cisco Duo warns third-party data breach exposed SMS MFA logs

Cisco Duo's security team warns that an unnamed telecom provider was breached, with the attackers stealing some VoIP and SMS logs containing multi-factor authentication messages. A fine example of why relying on telecom systems (SMS and voice) for 2fa is maybe better than nothing, but far from optimal.

Another example out of this week's news can be read here, where T-Mobile and Verizon workers receive texts offering $300 in exchange for SIM swaps.

bleepingcomputer.com

Why the US government’s overreliance on Microsoft is a big problem

An opinion column describing an issue that's definitely good to think about. Microsoft is so big, especially in government and corporate environments (also outside of the US), that there is little recourse when they fuck up. And it's not great that they have become one single point of failure for so many vital systems.

arstechnica.com

Evil XDR: researcher turns Palo Alto software into perfect malware

Unrelated to the other Palo Alto exploit news: this is an interesting little writeup of how a researcher turned an XDR product (in this case, Palo Alto's Cortex) into malware under their control. Not super actionable, it's in the nature of anti-malware products that they have a lot of power that might be subverted, but very good to be aware off.

darkreading.com

Quick links

  • Mandiant: Russian hacking unit Sandworm linked to breach of Texas water facility: link.
  • LastPass users targeted in phishing attacks good enough to trick even the savvy: link.
  • LabHost phishing service with 40,000 domains disrupted, 37 arrested: link.
  • 'Crude' ransomware tools proliferating on the dark web for cheap: link.
  • Akira ransomware gang made $42 million from 250 attacks since March 2023: FBI: link.
Dieter Van der Stock

Breaches and leaks

  • ‘Large volume’ of data stolen from UN agency after ransomware attack: link.
  • 840-bed hospital in France postpones procedures after cyberattack: link.
  • Michigan healthcare organization says ransomware breached data of 185,000: link.
  • Telecom giant Frontier shuts down some systems after cyberattack: link.
  • Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion: link.
  • Giant Tiger breach sees 2.8 million records leaked: link.
  • Chipmaker Nexperia confirms breach after ransomware gang leaks data: link.
  • Daixin ransomware gang claims attack on Omni Hotels: link.
  • Roku warns 576,000 accounts hacked in new credential stuffing attacks: link.
  • Cerebral to pay $7 million settlement in Facebook pixel data leak case: link.
  • Billions of public Discord messages may be sold through a scraping service: link.
  • Food and agriculture sector hit with more than 160 ransomware attacks last year: link.
Dieter Van der Stock

Issues and fixes

  • Multiple botnets exploiting one-year-old TP-Link flaw to hack routers: link.
  • Ivanti warns of critical flaws in its Avalanche MDM solution: link.
  • Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks: link.
  • Cisco discloses IMC root escalation flaw with public exploit code: link.
  • PuTTY SSH client flaw allows recovery of cryptographic private keys: link.
Dieter Van der Stock

1Password: the password manager with (to me) the best UX

I'm not going to write a long marketing-heavy paragraph on this one. I just love using 1Password. The UX, the support, the integrations, it all works wonderfully. Highly recommended. (Sponsored)

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.