Infostealer infrastructure hacked by Dutch police and FBI. Second Biden executive order on cybersecurity underway. Git config files still exposed all over the place.  1st November 2024

Hi all,

It's a bit of a quick one this week. Please bear with my while I make my way through three more weeks of training. I do my best not to skip a week though, even if the end result comes out a bit rough :-) Enjoy the digest and have a good one!

Cheers,

Quick stories

• Six senators tell Biden administration UN cybercrime treaty must be changed: link.
• Microsoft Entra "security defaults" to make MFA setup mandatory: link.
• Four REvil members sentenced to more than four years in prison: link.
• UnitedHealth Group names new CISO 8 months after massive ransomware attack: link.

Breaches and leaks

• Colorado scrambles to change voting-system passwords after accidental leak: link.
• Free, France’s second-largest telecoms company, confirms being hit by cyberattack: link.
• Massive PSAUX ransomware attack targets 22,000 CyberPanel instances: link.
• Interbank confirms data breach following failed extortion, data leak: link.
• LottieFiles hacked in supply chain attack to steal users’ crypto: link.
• Over a thousand online shops hacked to show fake product listings: link.

Issues and fixes

• New Chrome update for two critical vulnerabilities: link.
• QNAP fixes NAS backup software zero-day exploited at Pwn2Own: link.
• qBittorrent fixes flaw exposing users to MitM attacks for 14 years: link.
• LiteSpeed Cache WordPress plugin bug lets hackers get admin access: link.
• Hackers target critical zero-day vulnerability in PTZ cameras: link.