News

Hi folks,

Another week, another digest of security news.

Nothing Earth-shattering, although the "issues" list looks pretty rough, with a lot of recent high-visibility vulnerabilities being actively targeted. Please make sure that your systems are all patched up.

Best of luck out there and have a good one!

Dieter




Quick stories

  • Microsoft's take on kernel access and safe deployment following CrowdStrike incident: link.
  • OpenAI says it has disrupted 20-plus foreign influence networks in past year: link.
  • White House is prioritizing secure internet routing, using memory safe languages: link.
  • CIOs turn to NIST to tackle generative AI’s many risks: link.
  • Dutch police arrest admin of 'Bohemia/Cannabia' dark web market: link.
  • Russia detains almost 100 suspects linked to the Cryptex cryptocurrency exchange: link.

Breaches and leaks

  • Internet Archive hacked, data breach impacts 31 million users: link.
  • UK nuclear site Sellafield fined $440,000 for cybersecurity shortfalls: link.
  • Outlast game development delayed after Red Barrels cyberattack: link.
  • Highline Public Schools confirms ransomware behind shutdown: link.
  • Comcast and Truist Bank customers caught up in FBCS data breach: link.
  • LEGO's website hacked to push cryptocurrency scam: link.
  • ADT discloses second breach in 2 months, hacked via stolen credentials: link.
  • MoneyGram confirms hackers stole customer data in cyberattack: link.
  • Casio reports IT systems failure after weekend network breach: link.
  • AI girlfriend site breached, user fantasies stolen: link.
  • Russian state media company operation disrupted by ‘unprecedented’ cyberattack: link.
  • Fidelity Investments says data breach affects over 77,000 people: link.
  • Marriott settles with FTC, to pay $52 million over data breaches: link.

Issues and fixes

  • Qualcomm patches high-severity zero-day exploited in attacks: link.
  • Ivanti warns of three more CSA zero-days exploited in attacks: link.
  • Mozilla fixes Firefox zero-day actively exploited in attacks: link.
  • Palo Alto Networks warns of firewall hijack bugs with public exploit: link.
  • CISA says critical Fortinet RCE flaw now exploited in attacks: link.
  • GitLab warns of critical arbitrary branch pipeline execution flaw: link.
  • Akira and Fog ransomware now exploit critical Veeam RCE flaw: link.
  • Microsoft offers updates on 117 vulnerabilities on Patch Tuesday: link.