Issue 129

Personal note - minimal edition

I'm afraid this is another minimal edition. I'm still in caretaker mode for my wife and daughter, after my wife's fall a few weeks back, and on top of that we're having major house renovations done. Quite the double whammy :-) Sucks though, it was one hell of a juicy news week.

As usual in the minimal edition I've selected the articles and news that seemed most interesting, but with less curation and summarising than usual. I hope it still provides value to you. Cheers!



Breaches and leaks

  • Russian government sites leak passport and personal data for 2.25 million users: link.
  • Over 10 million people hit in single Australian data breach: link.
  • Unsecured server exposes data for 85% of all Panama citizens: link.


Update WhatsApp now: Bug lets snoopers put spyware on your phone with just a call


zdnet.com


Intel ZombieLoad Side-Channel Attack: 10 takeaways

New Spectre-like speculative execution vulnerabilities were disclosed this week.
threatpost.com


Microsoft worm warning: Windows users urged to patch now


bitdefender.com


Linux Kernel prior to 5.0.8 vulnerable to remote code execution

Despite the headline, it's not a omg-we-all-gonna-die vulnerability, apparently it's hard to exploit. But important to patch either way, you don't want it to evolve into something worse. Although if it does I sure hope they up the severity from High to Critical to match the headlines :D
bleepingcomputer.com


Hackers breached 3 US antivirus companies


arstechnica.com


Six men accused of stealing over $2.4M in SIM swapping attacks


bleepingcomputer.com


Serious Phar flaw allows arbitrary code execution on Drupal, Joomla and Typo3


threatpost.com


SharePoint servers under attack through CVE-2019-0604


helpnetsecurity.com


Google discloses Bluetooth flaw in Titan security key, issues recall


bleepingcomputer.com


Trump signs executive order banning US telcos from buying or using foreign gear


zdnet.com


SHA-1 collision attacks are now actually practical and a looming danger


zdnet.com


Post-mortem for Matrix.org breach


matrix.org


Sponsorships

1Password for Teams and Business

As always I'm extremely grateful to 1Password for supporting the newsletter. If you have passwords or secure notes to share with your colleagues, I highly recommend you give them a try.
1password.com