Security Leftovers

posted by Roy Schestowitz on Sep 04, 2023

• Clouds vs cryptominers [Ed: Clown computing never improved security; it is a marketing ploy]

  Cryptojackers knew long ago that stealing cloud resources for cryptomining is far more profitable than paying for their own cryptomining rigs. For example, cloud security company Sysdig recently found that TeamTNT, a notorious cryptojacking group, mined over $8,100 worth of cryptocurrency from hijacked cloud infrastructure at a cost to their victims of more than $430,000. TeamTNT made a buck at a cost to their targets of $53.

  Ouch.

  It gets much worse, according to other analyses. According to the Google Cybersecurity Action Team (GCAT) September 2022 Threat Horizons Report, a staggering 65% of cloud accounts compromised suffered cryptocurrency mining. A single attack can inflict unauthorized compute costs of hundreds of thousands of dollars within mere days.

• How to attract and retain cloud experts [Ed: Just system admins with a buzzowrd; also some memorised webappls/GUIs]

  The rapid evolution of technology has led to the widespread adoption of cloud computing, transforming the way businesses operate and deliver services [...]

• The quantum threat: Implications for the Internet of Things

  The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum

• Sandworm attacks Ukraine with Infamous Chisel malware | Computer Weekly

  The UK and its allies have attributed a novel malware campaign against Ukrainian state targets to the Russian intelligence-backed Sandworm APT

• Types of ransomware and a timeline of attack examples [Ed: Predominantly a Windows problem]

  There are eight main types of ransomware but hundreds of examples of ransomware strains. Learn how the ransomware types work, and review notable ransomware attacks and variants.

• Mandiant reveals new backdoors used in Barracuda ESG attacks

  Further investigations show threat actors were prepared for Barracuda Networks' remediation efforts, including an action notice to replace all compromised devices.

• 2023-08-30 [Older] International operation dismantles Qakbot malware, 22 servers seized in the Netherlands

• Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed

  A company that makes a chastity device for people with a penis that can be controlled by a partner over the internet exposed users’ email addresses, plaintext passwords, home addresses and IP addresses, and — in some cases — GPS coordinates, due to several flaws in its servers, according to a security researcher.

  The researcher, who asked to remain anonymous because he wanted to separate his professional life from the kink-related work he does, said he gained access to a database containing records of more than 10,000 users, thanks to two vulnerabilities. The researcher said he exploited the bugs to see what data he could get access to. He also reached out to the company on June 17 alerting them of the issues in an attempt to get them to fix the vulnerabilities and protect their users’ data, according to a screenshot of the email he sent and shared with TechCrunch.

  As of publication, the company has yet to fix the vulnerabilities, and did not respond to repeated requests for comment from TechCrunch.

• Kudos to North Mississippi Health Services for fast detection and disruption of attack

  In a website notice dated September 1, NMHS explains that on July 3, they discovered unauthorized access through an employee’s email account after a phishing email was unintentionally opened.

  “Our Security Operation Committee (SOC) promptly shut down the system, ending the unauthorized access within 17 minutes. Upon investigation, it was determined some of the employee’s emails, which may have included attachments, were potentially accessed.,” they write.

• Update: Leak site with plastic surgery patients’ data and sexually explicit videos removed

  In July, DataBreaches reported a data breach involving the plastic surgery practice of Gary Motykie, M.D. The incident, which appeared to be a hack with an extortion demand, had been reported to the Maine Attorney General’s Office, but an upset patient had also contacted NBC News in Los Angeles to reveal that a leak site had been created that was exposing nude photos of named patients with their full medical records. The identity of the attackers was not revealed, but the leak site included what appeared to be personal and explicit sex videos and pictures involving Dr. Motykie. Other videos, also sensitive and explicit in content, appeared to involve Dr. Motykie’s brother and the brother’s girlfriend in private moments.

• Pizza Hut Australia customer data hacked; ShinyHunters claims to have more than 1 million customers’ information

  This has not been a great year for Australian citizens whose personal information has been compromised in a number of cyberattacks. Although DataBreaches regrets being the bearer of more bad news for them, more than one million customers of Pizza Hut Australia appear to have had their data acquired by ShinyHunters.

  According to “Shiny” (@shinycorp), the group gained access 1-2 months ago via Amazon Web Services (AWS) using multiple entry points. They claim to have exfiltrated more than 30 million records with customers’ orders as well as information on more than 1 million customers.

  Shiny states that they were never detected during the attack.