June 3rd 2017
Cybersecurity #1
Subject: Major security breaches, one patched, one not so much
Hey all!
I think I should preface this by saying I originally planned to do a tool tip entry, but alas trouble is a brewing, so let us just jump right into it shall we.
In the wee hours of June 1st, the password company known as OneLogin (https://www.onelogin.com/) reported that AWS (amazon web service) keys had been accessed and used through a smaller intermediary by a malicious user. The attack however was actually initiated on the 31st according to an update released by the company. Here is a copy of their statement on the matter: “Our review has shown that a threat actor obtained access to a set of AWS keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US. Evidence shows the attack started on May 31, 2017 around 2 am PST. Through the AWS API, the actor created several instances in our infrastructure to do reconnaissance. OneLogin staff was alerted of unusual database activity around 9 am PST and within minutes shut down the affected instance as well as the AWS keys that were used to create it." The letter sent out to customers of onelogin reads as follows: Customer data was compromised, including the ability to decrypt encrypted data.
If you are a OneLogin User and you have not yet updated your OAuth Tokens or API Keys, (aswell as probably changing all your passwords in the process) I highly suggest you do so as quickly as possible.
Now an update to the big ol' Wannacry encryptor nonsense that reigned over the world a week back. Oh, and I mean update literally, as recently Microsoft has released a patch to both Windows 8 and XP (A dead software they do not support anymore, but which comprised the majority of encrypted devices). The issue was an exploit in Windows file sharing function, and it has now been patched, after a reported 100,000 devices have been encrypted, though they have only collected $26,000 in ransom. As always if you have not updated your operating system, it is always a good first step to do so. If you would like some help to steer clear of future ransomware, I will be releasing a guide to combat it in next week's cybersecurity blog.
As always thank you for reading and if you wish to get more weekly cybersecurity news and tools you can follow me!
Help me keep the caffeine tap on! Donations are happily accepted!
17kxfiXPJRGtw478FrNo4Nr9KwQXacUX8U (BTC)
Xjnu7uEDqbKz7vofKRJrvEBbu123VHSkq3 (DASH)
0xcD02a7968D80BC10c5a95ed535B468be776FB473 (ETH)
Thanks for the heads up.