Best Infosec-Related Long Reads for the Week of 11/2/24

Cops can't keep up with the rise of infostealers, How a third-party script exploited British Airways, Setting up a risk appetite statement, The security threats poised against Smart Grid 2.0

US CFPB Warns Employees Against Phone Use Due to China's Salt Typhoon Hacks

Salt Typhoon tapped Trump lawyer's phone, Russian interference is now baked into US elections, China's MirrorFace targeted EU diplomatic org, TSA issues new cyber NPRM, New DPRK campaign seeks crypto firm intrusions through disguised malware, Chinese hackers breached Singapore Telecom, much more

Canada Orders TikTok to Shutter Two Offices Due to Security Concerns

Interpol takes down 1,037 servers and busts 41 in Operation Synergia II, Germany drafts law to protect security researchers, Chinese hackers targeted US natsec and policy officials, Nigerian real estate firm hacker sentenced to 25 years, S.Ct. hears Meta's Cambridge Analytica case, much more

The World Has Changed; Metacurity Is Not Normal Today

What happened yesterday was cataclysmic. Pretending it's business as usual would be tone-deaf. Metacurity will return to its regular format tomorrow. It is a good thing that cybersecurity is one of the least political issues we face.

US Voting Infrastructure Is Highly Secure, But Disinformation Threatens the Election

Suspected Snowflake hacker busted, Schneider Electric confirms breach, Nokia probes vendor breach, Threat actors abuse DocuSign API to distribute fake invoices, Two Android flaws exploited in the wild, NCSC warns of Pigmy Goat malware, LA and Houston housing authorities hit by attacks, much more

German Cops Seize Dstat.cc DDoS-for-Hire Platform

Okta password flaw allowed users with long account names to log in without passwords, Chinese hackers use Quad7 botnet in password-spray attacks, Crypto exchange M2 hacked for nearly $14M, Online casino MetaWin hacked for $4M, Booking.com stolen credentials used in phishing campaign, much more

Best Infosec-Related Long Reads for the Week of 10/26/24

Trump's failed hack of Venezuela's government, Transport for London's cyber sh*tshow, How voting machines got safer, The misunderstood quantum attacks paper, How a Dutch cyber prodigy got busted, YouTube's election conspiracies, Easterly in the hot seat

Sophos Battled Chinese State-Sponsored Hacking Campaigns for Five Years

Zero-click bug in Synology devices allowed backdoor access, FBI says get rid of remember-me cookies, Iran's Emennet Pasargad accused of Olympics hacking, Ex-employee hacked Disney World restaurant menus, US adversaries target minority populations, Phishing campaign promotes fake products, much more

Update Number Two: DHL Admits 'Downtime Incident' Affecting Third-Party Supplier

N. Korean hackers are collaborating with Play ransomware gang, Colorado voting machines accidentally exposed BIOS passwords, Right-wing voter database for sale, Crypto app websites compromised by animation library supply chain attack, Threat actor claims attack on Peru's Interbank, much more

Midnight Blizzard Is Targeting US Government, Defense Officials in New Phishing Campaign

Salt Typhoon targeted Trump family, US charges Redline infostealer dev, Canadian tax agency was mum after hackers accessed accounts, 22K CyberPanel instances targeted in ransomware attack, Google fined $2.5 decillion for allegedly blocking pro-Kremlin content, much more

Operation Magnus Shutters Redline and Meta Infostealers

World leaders still getting tracked by Strava fitness app, Four REvil gang members sentenced in Russia, Mint Sandstorm finally got stolen Trump material published, French ISP Free was hacked, New ChatGPT safeguards jailbreak released, Star Health CISO cleared of wrongdoing, much more

China's Salt Typhoon Targeted Top Politicians' Phones, Obtained Call Audio

CSRB to study Salt Typhoon's intrusion into wiretap systems, Canada warned of Chinese state scanning, Delta sues CrowdStrike over outage, Italy embroiled in database hack scandal, Japan sentences man for creating AI-generated virus, UNC5812 targets Ukraine using Telegram persona, much more