Stolen credentials are the prevailing footholds for a number of stories as we start to learn more. This week we also learned a lot about a number of different long running stories. We look to Australia at the plight of powerful owls and finally we highlight Patrolaroid, a new tool for point and shoot scanning of malware in AWS.
- Hackers bought stolen Slack cookies for EA, messaged IT they lost their phone who then gave backup codes so they could get in and supposedly steal 780G of data! Motherboard has the full story direct from the people that say did it.
- The SITA airline hack that has affected at least Air India (TSD #62), Singapore and Malaysia Airlines (TSD #51) is now being attributed to “Chinese state-sponsored threat actor APT41”. Read more at ThreatPost
- JBS admitted they paid $11 million ransom via NPR. Meanwhile SecurityScorecard has performed their own research indicating that there may have been over 5 TB of data exfiltrated over the course of 3 months before the ransomware event.
- Before Colonial was hit with ransomware, another pipeline company was hit and had 70GB of data leak according to Wired
- The Justice Department announced they recovered 63 out of 75 bitcoins paid for the Colonial Pipeline ransomware attack. Motherboard has more on how they did it.
- With JBS possibly being breached by stolen credentials comes the news that researchers have discovered “a dizzying 1.2TB database containing login credentials, browser cookies, autofill data, and payment information extracted by malware that has yet to be identified.” Read more at ArsTechnica
- So where do you go to buy passwords or Slack cookies? Specialized markets like Slilp, the largest online market of stolen login credentials that has now been seized by the FBI according to BleepingComputer
- The hacker known as Max that was part of the TrickBot group is a 55 year old Latvian woman who is in custody now via Bloomberg. KrebsOnSecurity digs more into her back story and the many personal details that were publicly available.
- The latest security updates are out for Microsoft with 6 zero days, Android with a critical RCE, Apple with an out of band release for 2 zero days and Intel with 73. Update all the things if you don’t have auto update on!
Owl fun and facts:
Scary news is coming out of Australia about an unfolding issue of powerful owls potentially being poisoned after eating mice poisoned by home rodenticides. This year is especially worrying as a mouse plague has some officials applying for emergency use of rodenticides. Read more about this unfolding issue at The Guardian. We first featured powerful owls and basic facts in TSD-27 and followed it up with research we highlighted in TSD-50 that the owls are increasingly found in urban areas.
A Shout Out:
Ryan Petrich and Kelly Shortridge just released an awesome new AV scanning tool for AWS EC2 and S3. Instead of running an agent directly, Patrolaroid takes snapshots of your EC2 instances and scans those instead. “In short, Patrolaroid provides “point-and-shoot” malware scanning of AWS assets without the malware-like tactics of existing “cloud security” tools.”
Check out Patrolaroid on GitHub today!
TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via firstname.lastname@example.org or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
That’s owl for now!