Issue 129

Personal note - minimal edition

I'm afraid this is another minimal edition. I'm still in caretaker mode for my wife and daughter, after my wife's fall a few weeks back, and on top of that we're having major house renovations done. Quite the double whammy :-) Sucks though, it was one hell of a juicy news week.

As usual in the minimal edition I've selected the articles and news that seemed most interesting, but with less curation and summarising than usual. I hope it still provides value to you. Cheers!

Breaches and leaks

  • Russian government sites leak passport and personal data for 2.25 million users: link.
  • Over 10 million people hit in single Australian data breach: link.
  • Unsecured server exposes data for 85% of all Panama citizens: link.

Update WhatsApp now: Bug lets snoopers put spyware on your phone with just a call

Intel ZombieLoad Side-Channel Attack: 10 takeaways

New Spectre-like speculative execution vulnerabilities were disclosed this week.

Microsoft worm warning: Windows users urged to patch now

Linux Kernel prior to 5.0.8 vulnerable to remote code execution

Despite the headline, it's not a omg-we-all-gonna-die vulnerability, apparently it's hard to exploit. But important to patch either way, you don't want it to evolve into something worse. Although if it does I sure hope they up the severity from High to Critical to match the headlines :D

Hackers breached 3 US antivirus companies

Six men accused of stealing over $2.4M in SIM swapping attacks

Serious Phar flaw allows arbitrary code execution on Drupal, Joomla and Typo3

SharePoint servers under attack through CVE-2019-0604

Google discloses Bluetooth flaw in Titan security key, issues recall

Trump signs executive order banning US telcos from buying or using foreign gear

SHA-1 collision attacks are now actually practical and a looming danger

Post-mortem for breach


1Password for Teams and Business

As always I'm extremely grateful to 1Password for supporting the newsletter. If you have passwords or secure notes to share with your colleagues, I highly recommend you give them a try.