Decade-old healthcare security SNAFU settled for $11M • The Register - Health Net Federal Services (HNFS) and its parent company Centene Corporation, were found liable of lying on security attestations and ignoring 3rd party audits of their environment from 2015-2018. Fine amounts to 0.0067% of it’s 2023 revenue ($163Bn).
Thousands of trafficked scammers await return to Thailand • The Register - Prime Minister Shinawatra said around 7,000 individuals are awaiting transfer to Thailand after being rescued from call centers in Myanmar.
Black Basta’s fighty internal chats leak online • The Register - BlackBasta has had a significant leak of its internal chats that show a lot about how the ransomgang works, and how victims interacted with it. Plus, HudsonRock has stood up BlackBastaGPT, a chat agent trained on the contents of conversations so that researchers can “talk” to the leaked messages.
Microsoft Power Pages websites attacked via security hole • The Register - Microsoft PowerPages exploited, users may need to clean up their sites. But if you haven’t been notified by Microsoft you weren’t impacted.
Notorious crooks broke into a company network in 48 minutes. Here’s how. - Ars Technica - deluge of spam that shut down email systems, followed by social engineering of individual users via Teams. Threat actor moved quickly and was fairly skilled at getting a foot hold. Incorporating Living Off the Land techniques and multiple courses of action.
Automated tool scans public repos for exposed AWS secrets • The Register - New AWS Key Scanner finds AWS Keys that GitHub’s built-in secrets scanner may miss. Researchers added a specific functionality to the tool that continuously monitors and scans specific repos, if configured.
Botnet targets Basic Auth in Microsoft 365 password spray attacks - Some Microsoft services still support basic auth (plaintext userid and password) until September 2025. Once a good UID/Pwd pair can be confirmed, threat actors may attempt to bypass MFA or use the uid/pwd in further credential stuffing attacks
Feds warn Ghost ransomware crew remains active, potent • The Register - You don’t have to run faster than the bear, you just have to run faster than your friend.
New Snake Keylogger infects Windows using AutoIt freeware • The Register - New Keylogger comes wrapped in AutoIT script to prevent detection.
Microsoft expands Copilot bug bounty targets, payouts • The Register - Wanna make some money? Copilot bugs expand in price, depth, and type.
Google binning SMS MFA and replacing it with QR codes • The Register - Scanning QR codes on login to replace texted codes. Solving the issues of sim swapping.
Apple ends iCloud Advanced Data Protection for UK customers • The Register - Apple kills Advanced Data Protection over UK’s Investigatory Powers bill. The bill would have required Apple to provide backdoor access into the ADP encryption used by Apple users. Instead, users and their devices will be less safe, but Apple will still respond to subpoena’s for iCloud held data.
All the alternative iApps needed to maintain E2EE • The Register - Users need not dismay, plenty of Apple alternatives exist that will preserve your privacy, but then, that wasn’t the point was it.
Palo Alto warns firewalls flaws are under active attack • The Register - Chained attacks allow root access if not patched.
OpenSSH bugs threaten enterprise security, uptime • The Register - OpenSSH gets a MachineInTheMiddle attack thats decades old, and a Denial of Service. The OpenSSH client and server can be made to eat up server cpu and memory until legitimate traffic can’t pass. All versions prior to 9.9p2 are impacted back to 6.8p1 introduced in 2014.
Two critical vulns lead to stolen MongoDB data, RCE • The Register - We should get rid of computers. Attackers can send a query to MongoDB using $where operator and bypass server-side javascript restrictions to perform remote code execution. Allowing them to access, manipulate, and exfiltrate data.
Exploits for unpatched Parallels Desktop flaw give root on Macs - In conclusion, all known versions of Parallels Desktop, including the latest, are vulnerable to at least one exploit. One creates a race condition, make sure the executable is signed, then replace it. The other is a hokey pokey of CVE’s, between each version, they put one in, then take out and then they put it back in.