News
Howdy folks,
I hope you're all doing great. I personally had some health issues this week, so I might be a bit less thorough on summaries and deep dives to save energy. I hope you still enjoy it!
I am however very happy to welcome SecAlerts as a new sponsor, it's a beautiful service that lets you subscribe to vulnerability alerts tailored to your software. Thank you for your support!
Breaches and leaks
- Law firm working for Uber lost driver data in breach: link.
- Western Digital discloses network breach, My Cloud service down: link.
- British outsourcing services provider Capita was attacked: link.
- Several cryptocurrency companies were backdoored in 3CX supply chain attack: link.
- eFile.com tax return software breached to serve JS malware: link.
- The Open University of Cyprus was hit by ransomware: link.
- Ukrainians hack Russian fighter’s account and buy $25k worth of sex toys. Hey, it's a breach so I'm putting it here: link
No one matches vulnerabilities to your software better and easier
SecAlerts matches vulnerabilities to your software. Choose the frequency and severity of the vulnerability alerts you wish to receive, and it's all sent in one easy-to-understand email. You can even get news specifically matched to your software. (Sponsored)
Nexx garage openers allow anyone to remotely open your garage door
To complete the image of the cliché remote control vendor, they don't seem to respond to the disclosure.
CISA warns of e-mail stealing attacks against NATO countries by Russian hackers
The hacks are happening through a cross-site scripting flaw exploited in the Zimbra Collaboration software.
FBI seizes Genesis marketplace in 'Operation Cookie Monster'
This put "Another one bites the dust" in my head and now in yours too.
Contractor leak gives insight in Russia's cyberwarfare strategy
From the article: The release of thousands of pages of confidential documents has exposed Russian military and intelligence agencies' grand plans for using their cyberwar capabilities in disinformation campaigns, hacking operations, critical infrastructure disruption, and control of the Internet.
'Proxyjacking': selling hijacked bandwidth
I don't think I had heard of Proxyjacking yet, interesting article that explains what it is.
15 million public-facing services vulnerable to CISA KEV flaws
Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalog.
New FDA policy on medical device security seems to be an improvement
The physical and cyber safety issues surrounding medical devices like IV pumps is finally being meaningfully addressed by a new policy taking effect this week.
Vatican adopts MDM suite
Look, if there is an article about the Pope adopting an MDM solution, I'm reading it.
Looking at cybercrime gangs as corporations
Very interesting read and thought excercise, with the hypothesis that cybercrime gangs, especially the more lucrative ones, will inevitably resemble regular companies with management structures and such.
The UX of 1Password is getting even better with passkeys
It's rare that increased security goes hand in hand with better user experience. Password managers have always fallen under that category for me. 1Password is working on going one step further on both the security and the UX front though, by supporting the use of passkeys. No more passwords to remember, not even a single one, and being much more secure as a result. (Sponsored)