blog 2 Minutes
I was meant to post this Friday, but the day got away from me. Then I was waiting to watch the England match, and now relieved that they secured a win, I’m free to post in clarity.
Fortibleed keeps bleeding
Fortinet’s official story doesn’t quite match what the logs are saying. Turns out 75,000 firewalls were systematically looted over the course of a month. Configs exported, passwords cracked on rented GPUs, credentials now for sale on markets where the reviews are disturbingly professional. If your Fortigate shows config exports you didn’t authorise, assume you’re already compromised and work backwards from there.
https://doublepulsar.com/an-update-on-fortibleed-whats-happening-with-victim-orgs-c0671a50e7f4
When espionage has a typo problem
GhostWriter’s fishing in Gmail’s personal account pond now, targeting Polish users. When they miss their mark, unrelated people with similar names get the phishing email instead. It’s state-sponsored espionage with autocomplete errors. The tradecraft is solid right up until someone called Jan Kowalski gets an email meant for a completely different Jan Kowalski.
https://therecord.media/ghostwriter-targets-personal-gmail-accounts-in-poland
Submarine cables and lazy seamanship
A cargo ship dragged its anchor 130km across the Baltic, severing submarine cables as it went. The defence is ‘we lack jurisdiction.’ Turns out the real sabotage campaign was just lazy seamanship all along. The ship’s captain presumably spent the whole voyage wondering why the drag coefficient was a bit off.
https://therecord.media/finland-brings-charges-against-cargo-ship-undersea-cables
Drowning in relevance, not volume
Your SOC analysts are drowning in alerts that mean absolutely nothing without context. The problem isn’t volume. It’s relevance. And it’s burning them out faster than the business can replace them. Turns out knowing that something happened is spectacularly useless without knowing whether it matters.
https://www.securityweek.com/alert-fatigue-is-becoming-a-security-threat-of-its-own
Chrome extensions with a side hustle
152 Chrome wallpaper extensions were quietly clicking ads and tracking you. The audacity of hiding a business model inside something meant to make your desktop prettier. Your background image of a sunset over Santorini was generating revenue for someone who definitely wasn’t you.
https://hackread.com/chrome-live-wallpaper-extensions-ad-track-fake-search-clicks/
When AI turns breaches into catastrophes
Five Eyes spooks reckon AI turns garden-variety breaches into company-ending catastrophes. Their solution: do the basics properly and actually test whether your defences work when it matters. It’s not flashy advice, but it’s the difference between an incident report and a bankruptcy filing.
A government builds a honeypot for criminals
A government wants to verify age for adult websites by creating a database of passport details, driving licences and ID numbers. Cybercriminals are already booking their holidays. The only question is whether it gets breached before or after it goes live.
Knuth dropped email in 1990
Knuth dropped email in 1990 and never looked back. The man is writing a book that started in 1962. Meanwhile you’re checking Slack every four minutes wondering why you can’t focus. He might be onto something.
https://www-cs-faculty.stanford.edu/~knuth/email.html
Norway acts on pattern recognition
Norway banned AI from primary schools. The rest of us are still trying to figure out if it’s actually harmful. That’s the difference between waiting for proof and acting on pattern recognition. Sometimes the precautionary principle is just seeing where the wind’s blowing and putting up an umbrella.
That’s your week. If any of this made you want to reply with your own horror stories, my inbox is open. If it made you want to follow along in real time, I’m on Mastodon / Bluesky making the same tired jokes but faster.
Stay cynical.