Weekend Wrap-Up: The Maddie Stone Edition

(Plug plug plug. Today Metacurity has published its first post for paying subscribers—including our Patreon patrons—which lists the top 87 cybersecurity podcasts, along with their corresponding URLs and RSS feeds. It’s an hors d'oeuvre of sorts to what we plan to be a never-ending service of original content and useful data for our Metacurity paid subscribers)

Over the weekend, most of the infosec world read and applauded a long profile of Maddie Stone, a 29-year-old prominent researcher on Google’s Project Zero bug-hunting team. Written by Wired’s Lily Hay Newman, the profile takes aims at antiquated stereotypes of who can be a hacker, highlighting Stone’s gender, youth, and tenacity to make it in the male-dominated hacking arena. According to Newman, Stone’s approach to life is: “You don’t have to be the best at anything right away, you don’t have to fit in. You just have to enjoy what you’re doing—and have the raw determination to see it through.”

Cryptocurrency Finance Protocol Harvest Finance Puts $100,000 Bounty on Contact With Hacker Who Who Led $24 Million Attack

Harvest Finance, a major decentralized finance protocol, has seemingly issued a $100,000 bounty to the first person or persons who can reach out to an attacker who led a $24 million attack targeting its liquidity pools. The attacker, who Harvest Finance said is well-known in the cryptocurrency community, reportedly exploited about $24 million from Harvest Finance pools and swapped for renBTC (rBTC). The attacker also subsequently sent back about $2.5 million to the deployer in the form of Tether (USDT) and USD Coin (USDC), which will be distributed pro-rata to the affected victims. Harvest Finance said it is working to mitigate the attack. (Helen Partz / Cointelegraph)

KashmirBlack Botnet Targets Outdated Content Management Systems

A highly sophisticated botnet dubbed KashmirBlack has been taking over sites and implanting backdoors by attacking their underlying content management system (CMS) platforms, according to security researchers from Imperva. KashmirBlack expands by scanning the internet for sites using outdated software and then using exploits for known vulnerabilities to infect the site and its underlying server. (Catalin Cimpanu / ZDNet)

Related: Reddit - cybersecurity

India’s Largest Press Agency Temporarily Shuttered by LockBit Ransomware Attack

On Saturday, the Press Trust of India’s computer servers were hit by a ransomware attack, disrupting operations and the delivery of news to hundreds of subscribers across India for several hours. The ransomware identified itself as LockBit. The attack occurred around 10 PM on Saturday, infecting almost all the servers of the news agency. After an all-night effort by engineers, service was restored by Sunday morning. (Business Line)

Related: DataBreaches.net, TechNadu, SecurityWeek

Finnish Psychotherapy Clinic Was Hacked, Data of Up to 40,000 Patients May Have Been Stolen

Vastaamo, a company that offers psychotherapy treatment to patients across 20 cities in Finland told relevant authorities that “an unknown hostile party” got in touch with them saying they had obtained up to 40,000 customers’ details. The company said it was probably breached twice, in November 2018 and March 2019, and the hackers are demanding payment of nearly half a million euros (nearly $600,000_ for the data's return. (YLE)

Related: DataBreaches.net, NewsNowFinland

Talk About Scary Stories…

Raman Shalupau, who runs a cryptocurrency job board, offers this cautionary nightmare of a tale of getting hacked after buying a new, certified refurbished Macbook. The hacker gained access to his Telegram, Yahoo, Gmail, and iCloud accounts. He then received a notification that the hacker was moving money from his cryptocurrency accounts. The likely cause of the hacks was likely stored private keys in his Apple notes or iCloud somewhere. Photo by NeONBRAND on Unsplash

Main photo by the blowup on Unsplash