Hi everyone,

This was quite a heavy week all around, including for the security industry. The resulting issue is longer than I usually like, even after some heavy filtering :-) I hope you get value out of the articles I've picked to share!

I'm really happy to welcome 1Password back as a sponsor! They supported this newsletter for years before my break, and offered to continue doing so now. Thank you so much!

Dieter Van der Stock

Breaches and leaks

  • United Nations data breach exposed over 100k UNEP staff records: link.
  • Vodafone's ho. Mobile admits data breach, 2.5m users impacted: link.
  • Indian government sites leaking patient COVID-19 test results: link.
  • Ransomware gang collects data from blood testing lab: link.
  • Nissan source code leaked online after Git repo misconfiguration: link.
  • New Zealand Reserve Bank suffers data breach via hacked storage partner: link.
  • Dassault Falcon Jet reports data breach after ransomware attack: link.
  • Hacker sells Aurora Cannabis files stolen in Christmas cyberattack: link.
  • Data from London Counsil ransomware attack leaked online: link.
  • Hacker posts data of 10,000 American Express accounts for free: link.
Dieter Van der Stock

Solarwinds continued

  • Sealed U.S. court records exposed in SolarWinds breach: link.
  • US government formally blames Russia for SolarWinds hack: link.
  • SolarWinds hires Chris Krebs and Alex Stamos as part of security review: link.
  • CISA: SolarWinds hackers also used password guessing to breach targets: link.
  • SolarWinds shareholder files class-action lawsuit: link.
  • Another great essay by Bruce Schneier on the SolarWinds attack: link.
Dieter Van der Stock