Security News > 2021 > May

Imagine law enforcement reaches out to a security team to tell them a threat actor is selling employee credentials or private access keys to a sensitive business application. Even though there is no confirmation that these threat actors accessed or stole data, it is very troubling.

The cockup, which happened on Monday, had locals in the borough of Tower Hamlets receive emails with hundreds of addresses visible. Register reader Patrick, who was the unlucky recipient of one such message, told us: "The email I received had 400 recipients in the To: field, I assume because Outlook has a limit of 500... Just assuming that I received all the Bs and Cs - then that's ~5,000 email addresses they leaked."

Red Hat this week announced that it's taking the first steps towards open-sourcing the StackRox container security product for Kubernetes. Announced only months after Red Hat bought StackRox, the new StackRox community project follows the organization's business model of providing open source enterprise solutions.

Founded by Eyal Wachsman and Avihai Bar Yosef, the company offers a cloud-based security validation platform that helps organizations test their security controls by running thousands of attack simulations, shows points of exposure, and provides remediation guidance. The platform can assess the security of various systems, such as email, Windows Domain Network configurations, web servers, web traffic, and more.

Federal law enforcement in Maryland has shut down a fraudulent website targeting immigrant communities that claimed to be for a company developing a COVID-19 vaccine. The U.S. Attorney's Office for the District of Maryland, working with Homeland Security Investigations in Baltimore, seized "Freevaccinecovax.org," "Which purported to be the website of an actual biotechnology company developing a vaccine for the COVID-19 virus," according to a release on the office's website posted earlier this week.

Starting in version 90, Chrome for Windows improves resilience against vulnerability exploitation by adopting Hardware-enforced Stack Protection. Together with existing protection measures, the Stack Protection should mitigate a variety of exploitation techniques, but could affect stability if it is not compatible with software that loads itself into Chrome.

A new threat actor that appears to be financially motivated has targeted many organizations in the United States and other countries using several new pieces of malware, FireEye reported on Tuesday. The phishing campaign conducted by UNC2529 targeted a wide range of organizations, and involved the use of a sizable command and control infrastructure, three sophisticated malware families, and custom lures.

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization's own email login page. The apps will persist in a user's Office 365 account indefinitely until removed, and will survive even after an account password reset.

Cloud comms platform Twilio has confirmed its private GitHub repositories were cloned after it became the latest casualty of the compromised credential-stealing Codecov script. Twilio said: "We have Codecov tools, including the Bash Uploader component, in use in a small number of our projects and CI pipelines." The company added that these particular projects were "Not in the critical path to providing updates or functionality to our communication APIs" and that it has "Remediated the potential exposure by thoroughly reviewing and rotating any potentially exposed credentials."

After developing a tool for testing the security of its own AI systems and assessing them for vulnerabilities, Microsoft has decided to open-source it to help organizations verify that that the algorithms they use are "Robust, reliable, and trustworthy." Counterfit started as a collection of attack scripts written to target individual AI models, but Microsoft turned it into an automation tool to attack multiple AI systems at scale.