US Nuclear missile credentials stolen
It’s believed that the threat group MAZE is responsible for the theft and encryption of sensitive government data concerning the United States missile deterrent programme Minuteman III. Minuteman III is a 3-stage intercontinental-range ballistic missile with a 13,000 km capability.
We are unclear as to exactly how the theft occurred. Still, we are aware that the data was swiped from Westech, a subcontractor for Northrup Grumman.
There is nothing to suggest that schematics or the like have been stolen, but more likely payroll details and emails. Forensic investigations are ongoing.
Security by design given a boost in a round of government funding targeted promoting safer IoT devices. While £400,000 is not exactly a game-changer, it is a vocal pitch to support a standard minimum-security requirement. The UK may very well lead the way as to what “Security good looks like”
Another bug bounty programme pays off
A programmer in India has found a vulnerability on the Apple Sign-on feature. This flaw could allow hackers to hijack the user’s third-party applications.
Bounty bugs are a method used by private firms to incentivise the tech-savvy to identify vulnerabilities to the tune of a handsome reward. In this case, $100,000.
Some question the ethics behind this, but it’s a sure-fire way to utilise the world’s technical talent on a no win no fee basis.
Data leak shines some light on the dark web.
Daniel’s Hosting (DH) database has been hacked with the information leaked online. DH is the largest hosting provider on the dark web, with around 7,600 records. Instead of Go-Daddy, think Creepy Uncle with something to hide.
It is possible to link the stolen credentials to dark web sites, removing anonymity. If you are setting up a service on the dark web, it’s pretty fair to assume that inconspicuousness is high on your agenda. Somewhat reminiscent of the Ashley Maddison Breach, only this time – there are worse things to hide than an affair.
MOT Tests may look quite different in the future. There are credible proposals for cyber security checks to reduce the chances of hacks. The safety standard, known as CAV PASS, will include threat mitigation protocols. The end goal is to provide the public with an extra layer of assurance around autonomous cars when they come into full-scale production. Before that, CAV PASS will be trialled on self-driving vehicles.
The automotive industry has been hit particularly hard by Covid-19 with factory closures, supply chain interruptions, and a reduction in customer demand.
“This is a great development for the automotive industry, an industry known for its ever-growing array of industry standards and technologies. Having a standard that includes testing the security as part of the overall safety of vehicles is a great way forward. Not just for autonomous vehicles but even for non-autonomous cars being produced today, which are becoming increasingly connected and ‘smart’. Smart dashboards, interconnected infotainment systems, 4G modules, mobile car companion apps, and an array of diagnostics and sensors all connecting to the central processing unit inside the vehicle.”
Ransomware Auction – A new trend? Cash in the Attic and Bargain Hunt move aside.
We may be seeing a new trend by ransomware attackers – Pay up or face your data being auctioned and sold to the highest bidder.
REvil ransomware group has set up an auction site for stolen credentials to be auctioned. Grubman Shire Meiselas & Sacks, a legal firm used by the likes of Madonna, Lada Gaga, and Bruce Springsteen, was compromised last month. REvil has already insinuated that Madonna’s data is to be auctioned.
Thoughts? Comments? Want further intel? Don’t be shy reach out: firstname.lastname@example.org