My Shared Links — Week 52/2022

Xavier «X» Santolaria
5 min readJan 3, 2023

Collection of the {cyber,info}security resources and links I have found insightful and shared during week #52 of 2022.

Photo by FLY:D on Unsplash

Ukraine shuts down fraudulent call center claiming 18,000 victims

A group of imposters operating out of a Ukrainian call center defrauded thousands of victims while pretending to be IT security employees at their banks.

They contacted the victims, claimed that their bank accounts had been accessed by attackers, and requested financial information claiming it was needed to prevent fraud but, instead, emptied their bank accounts.

The scheme was uncovered by the Cyber Police Department, the Main Investigative Department of the National Police, the Prosecutor General’s Office, and law enforcement officers in Kazakhstan.

Netgear warns users to patch recently fixed WiFi router bug

Netgear has fixed a high-severity vulnerability affecting multiple WiFi router models and advised customers to update their devices to the latest available firmware as soon as possible.

The flaw impacts multiple Wireless AC Nighthawk, Wireless AX Nighthawk (WiFi 6), and Wireless AC router models.

Data Breach at Louisiana Healthcare Provider Impacts 270,000 Patients

Southwest Louisiana healthcare provider Lake Charles Memorial Health System (LCMHS) is informing roughly 270,000 patients that their personal and medical information was compromised in a data breach.

Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities

Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022–27510 and CVE-2022–27518 (CVSS scores: 9.8), which were addressed by the virtualization services provider on November 8 and December 13, 2022, respectively.

According to a new analysis from NCC Group’s Fox-IT research team, thousands of internet-facing Citrix servers are still unpatched, making them an attractive target for hacking crews.

Amazon RDS announces integration with AWS Secrets Manager

Amazon RDS now supports integration with AWS Secrets Manager to streamline how you manage your master user password for your RDS database instances.

RDS integration with AWS Secrets Manager improves your database security by ensuring your RDS master user password is not visible in plaintext to administrators or engineers during your database creation workflow.

Twitter is the New Poster Child for Failing at Compliance

… In short, use Twitter as a perfect bad example. Make sure to properly staff and fund your compliance teams. Place direct and clear responsibility on qualified professionals. And get the whole organization on board.

The Most Prolific Ransomware Gangs of 2022

Many ransomware gangs operate like businesses, with their own marketing departments and user documentation. With the advent of Ransomware-as-a-Service (RaaS), gangs now sell their software to other criminals and get a portion of the profits — revenue without having to lift even a virtual finger. Here are four ransomware gangs that made headlines in 2022:

  • LockBit
  • REvil
  • BlackCat
  • BlackBasta

Zurich chief warned that cyber attacks will become uninsurable

Mario Greco, chief executive of insurer giant Zurich, has warned that cyber attacks will become soon “uninsurable.”

The attacks are becoming even more frequent and the damage they are causing continues to grow.

“What will become uninsurable is going to be cyber,” Mario Greco told the Financial Times. “What if someone takes control of vital parts of our infrastructure, the consequences of that?”

“First off, there must be a perception that this is not just data … this is about civilisation. These people can severely disrupt our lives.” he added.

https://securityaffairs.com/140090/security/cyber-attacks-become-uninsurable.html

Data of 30 million Indian Railways users is up for sale on a dark forum

It seems Indian Railways recently suffered a data breach. Data belonging to Indian Railways is up for sale on a hackers’ forum. This forum is mostly used by cybercriminals for selling breached data and hacked accounts. Indian Railways has not yet responded to this data breach.

https://techlomedia.in/2022/12/data-of-30-million-indian-railways-users-is-up-for-sale-on-a-dark-forum-96589/

LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all…

This time, however, “customers’ information” turns out to include both customer data, in the sense above, and password databases.

Not literally on the night before Christmas, but perilously close to it, LastPass admitted that:

The threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.

Loosely speaking, the crooks now know who you are, where you live, which computers on the internet are yours, and how to contact you electronically.

The admission continues:

The threat actor was also able to copy a backup of customer vault data.

So, the crooks did steal those password vaults after all.

--

--