Sans news bites was quite interesting today. Several of the items talk about arrests, and we love arrests and convictions. These are more convictions than arrests, but they were good.
Microsoft also got handed to as well with their recent breach of email, 23 and not me gets slapped in this newsletter, and Ivanti missed their patch day because they want to get it right.
Top of the news
Here’s what the items were at the top of the news.
- Microsoft Provides Details About eMail Breach
- Additional Information About the 23andMe Breach
- Ivanti Acknowledges Missed Patch Deadline
As for the Microsoft Fiasco, they write:
Microsoft has released additional information about the breach that compromised executives’ emails. The intruders accessed the corporate email system through an old test account that had admin privileges but was not protected by multifactor authentication.
If I were to set up a test account like I’ve done in my early development days, I deleted them after I was done. I hope they learn from this.
As for 23 and not me, stop me if you’ve read something like this before in past blogs. Sans writes:
In a breach notification letter recently filed with regulators, 23andMe disclosed that intruders were accessing customer accounts for about five months before the situation was detected. From April through September of last year, the intruders brute-forced user accounts, stealing both raw genomic and health data.
One of their editors may be saying what I think we said on TSB. They wrote:
Five months to detect a breach that affected 50% of users is not ideal. Subsequently updating terms of service to prevent filing of class action lawsuits, even less so. Make sure that you’re going beyond tabletop exercises to ensure that you can detect intrusions in a timely fashion. Make sure that you’ve got updated scenarios in your incident response plans that reflect your current architecture and services. Lastly, make sure key stakeholders are onboard, including legal, HR, C-Level and the board. You all need to be operating from the same sheet of music when it goes sideways.
I don’t remember if we talked about the terms of service but the fact they did that with no communication with their “customers” (in quotes) should be problematic among itself.
Since the attack seems to be brute forced. One of the editors wrote about that in their comments.
Ivanti has acknowledged that it missed a self-imposed deadline for releasing patches for several vulnerabilities that are being actively exploited. Initially, Ivanti planned to begin releasing fixes for the flaws on January 2; an updated advisory cites “the security and quality of” the fixes as the reasons for the delay.
I’m glad that they are taking their time but the KEV now says that people should remove the software or get the mitigations in place.
The rest of the news
Here are the rest of the news items. As stated, several convictions.
- Freehold Township (NJ) Schools Closed Due to Cyberattack
- Ransomware Attack Disrupts Kansas City Transportation Communications
- Patch Jenkins Vulnerability Now
- Schneider Electric Suffers Ransomware Attack
- Swatting Arrest
- Prison Sentence for Ransomware Operator
- 64-Month Prison Sentence for Trickbot Developer
Here’s what they say for the electric company.
Ransomware operators have reportedly targeted systems at Schneider Electric’s Sustainability Division. The attack, which occurred in mid-January, resulted in the theft of terabytes of data. The incident has caused disruptions for Schneider’s Resource Advisor cloud platform.
This is what they have to say about the ransomware operator. They write:
A Canadian court has sentenced Matthew Philbert to two years in prison for launching ransomware and other cyberattacks. Philbert was arrested in 2021, and pleaded guilty to fraud and unauthorized access to computers in October 2023.
Only two years for running a ransomware group? I think that’s crap.
As for the 64 months, they write:
A US court has sentenced Vladimir Dunaev to more than five years in prison for his role in the development of the Trickbot malware. The malware has been used to disrupt systems at hospitals and other businesses in the US. Dunaev, who is a Russian citizen, was extradited to the US from South Korea in 2021. He pleaded guilty to conspiracy to commit computer fraud and conspiracy to commit wire fraud in November.
Good job, hopefully you’ll find a better job.
There are other items that I have not covered here, but you can read more about them.
After all these, there’s an internet storm center that covers other stuff. Feel free to take a look at it.
Here’s the link to the Sans News bites for January 30, 2024 and make it a great day!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.