Okta warns of unprecented credential stuffing attack. Dropbox Sign breached. DNS probing using China's Great Firewall. Quick version.  

News

Hi folks,

I hope you're all doing well! It's been a super exciting week for me. I've started working at a freakin' nuclear power plant, as a Reliability Engineer. I've joined one of the teams responsible for keeping the power plant running, from turbines to the cooling systems and even the reactor itself, and I'll focus on the software and cybersecurity side of that whole process.

Suffice to say, I have a -lot- to learn, and I'm loving every minute of it :-)

But enough about me, let's get to this week's security news! Enjoy!

Dieter Van der Stock

Okta warns of "unprecedented" credential stuffing attacks on customers

Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks.

bleepingcomputer.com

Muddling Meerkat hackers manipulate DNS using China’s Great Firewall

A new cluster of activity tracked as "Muddling Meerkat" is believed to be linked to a Chinese state-sponsored threat actor's manipulation of DNS to probe networks globally since October 2019, with a spike in activity observed in September 2023.

bleepingcomputer.com

Quick links

  • IBM to buy HashiCorp in $6.4 billion deal: link.
  • REvil hacker behind Kaseya ransomware attack gets 13 years in prison: link.
  • US Post Office phishing sites get as much traffic as the real one: link.
  • Millions of Docker repos found pushing malware, phishing sites: link.
  • CISA warned 1,750 organizations of ransomware vulnerabilities last year. Only half took action. link.
  • Google now pays up to $450,000 for RCE bugs in some Android apps: link.
Dieter Van der Stock

Breaches and leaks

  • DropBox says hackers stole customer data, auth secrets from eSignature service: link.
  • UnitedHealth CEO confirms company paid $22 million ransom in heated Senate hearing: link.
  • Change Healthcare hacked using stolen Citrix account with no MFA: link.
  • LockBit publishes confidential data stolen from Cannes hospital in France: link.
  • Hackers accessed more than 19,000 accounts on California state welfare platform: link.
  • Collection agency FBCS warns data breach impacts 1.9 million people: link.
  • London Drugs pharmacy chain closes stores after cyberattack: link.
  • Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach: link.
  • Qantas app exposed sensitive traveler details to random users: link.
  • Panda Restaurants discloses data breach after corporate systems hack: link.

Issues and fixes

  • Hackers try to exploit WordPress Automatic plugin vulnerability that’s as severe as it gets: link.
  • CISA says GitLab account takeover bug is actively exploited in attacks: link.
  • HPE Aruba Networking fixes four critical RCE flaws in ArubaOS: link.
  • Cactus ransomware targets a handful of Qlik Sense CVEs: link.

1Password for developers: secrets, SSH keys, and more

I don't think most developers realise how valuable 1Password can be. It doesn't just hold passwords, it also hold your SSH keys, signs your Git commits, injects token and other secrets in CLI scripts when you want, and much more. (Sponsored)

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.