Whatsapp critical vulnerability. ZombieLoad attacks against Intel CPU's. Minimal mode.  

News

Personal note - minimal edition

I'm afraid this is another minimal edition. I'm still in caretaker mode for my wife and daughter, after my wife's fall a few weeks back, and on top of that we're having major house renovations done. Quite the double whammy :-) Sucks though, it was one hell of a juicy news week.

As usual in the minimal edition I've selected the articles and news that seemed most interesting, but with less curation and summarising than usual. I hope it still provides value to you. Cheers!

Dieter Van der Stock

Breaches and leaks

  • Russian government sites leak passport and personal data for 2.25 million users: link.
  • Over 10 million people hit in single Australian data breach: link.
  • Unsecured server exposes data for 85% of all Panama citizens: link.
Dieter Van der Stock

Update WhatsApp now: Bug lets snoopers put spyware on your phone with just a call

zdnet.com

Intel ZombieLoad Side-Channel Attack: 10 takeaways

New Spectre-like speculative execution vulnerabilities were disclosed this week.

threatpost.com

Microsoft worm warning: Windows users urged to patch now

bitdefender.com

Linux Kernel prior to 5.0.8 vulnerable to remote code execution

Despite the headline, it's not a omg-we-all-gonna-die vulnerability, apparently it's hard to exploit. But important to patch either way, you don't want it to evolve into something worse. Although if it does I sure hope they up the severity from High to Critical to match the headlines :D

bleepingcomputer.com

Hackers breached 3 US antivirus companies

arstechnica.com

Six men accused of stealing over $2.4M in SIM swapping attacks

bleepingcomputer.com

Serious Phar flaw allows arbitrary code execution on Drupal, Joomla and Typo3

threatpost.com

SharePoint servers under attack through CVE-2019-0604

helpnetsecurity.com

Google discloses Bluetooth flaw in Titan security key, issues recall

bleepingcomputer.com

Trump signs executive order banning US telcos from buying or using foreign gear

zdnet.com

SHA-1 collision attacks are now actually practical and a looming danger

zdnet.com

Post-mortem for Matrix.org breach

matrix.org

Sponsorships

1Password for Teams and Business

As always I'm extremely grateful to 1Password for supporting the newsletter. If you have passwords or secure notes to share with your colleagues, I highly recommend you give them a try.

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.