InfoSec News – July 26th 2024

Server racks on fire

More on the Crowdstrike BSoD

Security

CU Loses Nearly $300,000 in Four Hours With ATM Skimming Device – ATM skimming is on the rise across the country, but it doesn’t get talked about very much. Make sure to take steps to protect yourself and your organization from these attacks.

Chrome will now prompt some users to send passwords for suspicious files | Ars Technica – The files will be deep scanned by Google, then the passwords and files will be deleted (they claim).

Ransomware ecosystem fragmenting under law enforcement pressure and distrust – (Courtesy Seriously Risky Business Newsletter) – The increased fragmentation is a good thing, but it’s no reason to back off controls and protections.

Breaches & Attacks

Following Ransomware Attack, Patelco Has Restored Many Services, But Others Remain Unavailable / Fresh Today / CUToday.info – CU Today – I have a hunch the offline services are all located in the credit union’s data center, which likely means they are being rebuilt from scratch or restored from offsite backups.

Russian ICS malware cuts heat to 600 Ukrainian buildings – This new malware appears to directly manipulate devices using the common MODBUS protocol instead of vulnerabilities in the devices themselves. MODBUS is common in ICS, HVAC, and power systems. The protocol is not encrypted or authenticated. Take care to segment these devices away from normal business networks.

Squarespace Status – Domain Hijacking – Squarespace finally published their version of the domain takeover incidents related to the Google Domains business they acquired. TL;DR – make sure MFA is enabled on your Squarespace account.

How a North Korean Fake IT Worker Tried to Infiltrate Us – KnowBe4 was victim of a North Korean social engineering attack. The attacker created a synthetic identity and managed to get hired to a key IT position.

Vulnerabilities & Patches

TuDoor – A new vulnerability affecting many DNS resolvers has been discovered which allows cache poisoning, denial-of-service, and resource consumption.

Windows 11, version 22H2 known issues and notifications | Microsoft Learn – KB5040442 might require you to enter the Bitlocker recovery key after rebooting on Windows 2022.

Technology

Framework | Fix Consumer Electronics – A nice looking laptop that is designed to be repaired and upgraded! I can’t wait to see someone review these.

The Minimal Company | Live More, Scroll Less. – A stripped down Android-based phone, eInk display, and hardware keyboard. Another product I would love to see in action.

GPS Alternative: New Technique Uses Cell Signals to Navigate – IEEE Spectrum – The Air Force is testing using cellular signal positioning in the event GPS is blocked or spoofed.

Failure to follow procedures caused US-wide AT&T outage • The Register – Many change control failures and lack of planning lead to the February outage. It’s amazing what a simple peer review/signoff can prevent.

Science & Space

One-dose nasal spray clears toxic Alzheimer’s proteins to improve memory – The spray delivers antibodies to target plaques associated with Alzheimer’s disease.

We’re building nuclear spaceships again—this time for real  | Ars Technica – DARPA and NASA team up to build nuclear rockets for both defense and exploration purposes, 40 years after Nixon killed the original program.

World’s first meltdown-proof nuclear reactor unveiled in China – Tech like this could be the bridge to aid our transition to cleaner power sources like fusion and solar.

Misc

Overcast – This is hands-down the best iOS podcast app! The dev just refreshed the interface and has been cranking out updates in the last couple

Leave a Reply