One of the last Bletchley Park’s heroes Betty Webb dies • The Register - Webb along with a number of other prominent women in the cryptography field worked at Bletchley Park to help decrypt some 10k German intercepts per day. Women have a long history in the Computer Science and Cryptography fields, I would highly recommend Invisible Women by Caroline Perez, Hidden Figures by Shetterly, BROAD band: The Untold Story of the Women Who Made the Internet - Claire Evans,
Hunters International said ransomware now ‘too risky’ • The Register - HI looking to move back to the good old days of steal and extort. Big problem for defenders as thieving thieves are much hard to catch than Ransoming thieves. Previously everyone celebrated that “dwell times were dropping” but that’s not true. It was just obfuscated by the threat actor knocking on your door and telling you they had broke in.
Signalgate solved? Reports claim accidental contact mix-up • The Register - Saved Staffers name with journalists number, that intern ended up working at the National Security Council. SMH But how’d that number get saved? White House reportedly blames auto-suggested iPhone contact for Signal scandal | TechCrunch
UK loses plea to keep Apple ‘backdoor’ case secret • The Register - Thanks to Apple and others, the bare details of the UK’s Technical Capability Notice (the request demand that Apple backdoor its total encryption options.)
Unknown scanners probing Juniper and Palo Alto products • The Register - MassScanning and likely impending exploitation of Juniper systems is underway. scans have been increasing over the last two weeks to specifically target the Juniper WAN products PaloAlto infrastructure.
Dan Tentler (Viss) talks Masscan with Hak5’s Shannon Morse (Snubs) https://youtu.be/7XMIFTRiAGA?t=1561
With Masscan a /11 scan takes about an hour. At 2.09mn addresses, it would take 2057hrs to scan all 4.3bn IPs or 85 days, from one host. Bot nets have tens of thousands: Nearly 24,000 IPs behind wave of Palo Alto Global Protect scans
Chrome preps fix for browser history spying • The Register - This is a wild attack on privacy, render a link on a page, then query the style applied to the link. If the link appears as purple, instead of blue, you know your target uses this page. The Marketing implications of this are wild.
Critical auth bypass bug in CrushFTP now exploited in attacks - That drama around CrushFTP last week? Vendor wasted precious time arguing with detractors instead of pushing patches, now customers are getting hit.
North Korean IT worker army expands operations in Europe - In their efforts to secure these positions, DPRK IT workers employed deceptive tactics, falsely claiming nationalities from a diverse set of countries, including Italy, Japan, Malaysia, Singapore, Ukraine, the United States, and Vietnam. Workers are using real and fabricated personas. Researchers are able to cross reference these personas to help identify NKIT workers. NKIT workers may contribute successfully to their team, deploying backdoors, and committing IP theft to help NK avoid sanctions from Western countries.
CISA warns of Fast Flux DNS evasion used by cybercrime gangs - Fast Flux allows for DNS records to be updated extremely quickly through a series of infrastructure making the Layer 3 defenses almost useless. Coupled with botnets and the increasing number of attacks happening from residential IP space, and the world gets harder to protect.
Port of Seattle says ransomware breach impacts 90,000 people - After refusing to pay, threat attackers stole employee, contractor, and parking data in various combinations, including names, dates of birth, Social Security numbers (or last four digits of Social Security number), driver’s license or other government identification card numbers, and some medical information.
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware - URL shorteners, QR codes, same mess, new hook.
Politics
CISA braces for more cuts, threat-intel efforts are doomed • The Register - 1300 of 3300 employees. The Sector Coordinating Councils, the lifelines between critical industries and the government is one of the most significant cuts to CISA’s operations since last months cuts to the Information Sharing councils.
Trump fires head of National Security Agency and Cyber Command | TechCrunch - General Haugh, head of NSA and Cyber command was let go friday, along with NSA Dep Directory Wendy Noble. An acting head has been appointed in the mean time.
Oracle
Oracle tells customers its public cloud was compromised • The Register
Github
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack