Security News

The problem is there was no data authentication or verification stage. The moral of the story is: Don't rely on data you can't verify.

Listeners will probably know that Virus Total is a very popular service where, if you've got a file that either you know it's malware and you want to know what lots of different products call it, or if you think, "Maybe I want to get the sample securely to as many vendors as possible, as quickly as possible". The file is meant to be made available to dozens of cybersecurity companies almost immediately.

DUCK. Yes, the usual large number of bugs fixed. Although Elevation of Privilege usually gets looked down on as lesser than Remote Code Execution, where crooks use the bug to break in in the first place, the problem with EoP has to do with crooks who are already "Loitering with intent" in your network.

MATT. Yes, the idea of Bring Your Own Device [BYOD] wouldn't fly back in the day, would it? MATT. One of the things that's changed so much since then, Paul, is that, back in the day, you had an infected machine, and everyone was desperate to get the machine disinfected.

DOUG. Emergency Apple patches, justice for the 2020 Twitter hack, and "Turn off your phones, please!". DOUG. As luck would have it, we have a long list of things you can do other than just turning off your phone for five minutes.

DUCK. I don't know whether that's true, but I like to think it is. Before we get to stuff that's in the news, we are pleased, nay thrilled, to announce the first of three episodes of Think You Know Ransomware?

As long as they don't choose password or secret or one of the Top Ten Cats' Names in the world, maybe it's OK if we force them to change it to another not-very-good password before the crooks would be able to crack it? The simple observation is that changing a bad password regularly doesn't make it a better password.

In what's a new kind of software supply chain attack aimed at open source projects, it has emerged that threat actors could seize control of expired Amazon S3 buckets to serve rogue binaries without altering the modules themselves. "Malicious binaries steal the user IDs, passwords, local machine environment variables, and local host name, and then exfiltrates the stolen data to the hijacked bucket," Checkmarx researcher Guy Nachshon said.

A UK agency for freelance doctors has potentially exposed personal details relating to 3,200 individuals via unsecured S3 buckets, which one expert said could be used to launch ID theft attacks or blackmail. In the process, it discovered the Lantum S3 bucket, which was accessible and indexed on some IoT search engines.

MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do. Amongst the things that they could do would be: finding out the structure of your internal databases, so they know what stored where; perhaps downloading and messing with your data; and, optionally for the crooks, injecting what's known as a webshell.