News
Hi all,
It's a bit of a quick one this week. Please bear with my while I make my way through three more weeks of training. I do my best not to skip a week though, even if the end result comes out a bit rough :-) Enjoy the digest and have a good one!
Cheers,
Servers for Redline and Meta infostealers hacked by Dutch police and FBI
Authorities said Operation Magnus "gained full access" to the servers for malware known as Redline and Meta, both of which are popular among cybercriminals.
Hackers steal 15,000 cloud credentials from exposed Git config files
A global large-scale dubbed "EmeraldWhale" exploited misconfigured Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories.
Biden administration nears completion of second executive order on cybersecurity
Federal agencies would have to address everything from AI to cloud security to access management.
Quick stories
- Six senators tell Biden administration UN cybercrime treaty must be changed: link.
- Microsoft Entra "security defaults" to make MFA setup mandatory: link.
- Four REvil members sentenced to more than four years in prison: link.
- UnitedHealth Group names new CISO 8 months after massive ransomware attack: link.
Breaches and leaks
- Colorado scrambles to change voting-system passwords after accidental leak: link.
- Free, France’s second-largest telecoms company, confirms being hit by cyberattack: link.
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances: link.
- Interbank confirms data breach following failed extortion, data leak: link.
- LottieFiles hacked in supply chain attack to steal users’ crypto: link.
- Over a thousand online shops hacked to show fake product listings: link.
Issues and fixes
- New Chrome update for two critical vulnerabilities: link.
- QNAP fixes NAS backup software zero-day exploited at Pwn2Own: link.
- qBittorrent fixes flaw exposing users to MitM attacks for 14 years: link.
- LiteSpeed Cache WordPress plugin bug lets hackers get admin access: link.
- Hackers target critical zero-day vulnerability in PTZ cameras: link.
1Password for developers: secrets, SSH keys, and more
I don't think most developers realise how valuable 1Password can be. It doesn't just hold passwords, it also hold your SSH keys, signs your Git commits, injects token and other secrets in CLI scripts when you want, and much more. (Sponsored)