I hope you're all doing great. I personally had some health issues this week, so I might be a bit less thorough on summaries and deep dives to save energy. I hope you still enjoy it!
I am however very happy to welcome SecAlerts as a new sponsor, it's a beautiful service that lets you subscribe to vulnerability alerts tailored to your software. Thank you for your support!
Breaches and leaks
- Law firm working for Uber lost driver data in breach: link.
- Western Digital discloses network breach, My Cloud service down: link.
- British outsourcing services provider Capita was attacked: link.
- Several cryptocurrency companies were backdoored in 3CX supply chain attack: link.
- eFile.com tax return software breached to serve JS malware: link.
- The Open University of Cyprus was hit by ransomware: link.
- Ukrainians hack Russian fighter’s account and buy $25k worth of sex toys. Hey, it's a breach so I'm putting it here: link
SecAlerts matches vulnerabilities to your software. Choose the frequency and severity of the vulnerability alerts you wish to receive, and it's all sent in one easy-to-understand email. You can even get news specifically matched to your software. (Sponsored)
To complete the image of the cliché remote control vendor, they don't seem to respond to the disclosure.
The hacks are happening through a cross-site scripting flaw exploited in the Zimbra Collaboration software.
This put "Another one bites the dust" in my head and now in yours too.
From the article: The release of thousands of pages of confidential documents has exposed Russian military and intelligence agencies' grand plans for using their cyberwar capabilities in disinformation campaigns, hacking operations, critical infrastructure disruption, and control of the Internet.
I don't think I had heard of Proxyjacking yet, interesting article that explains what it is.
Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalog.
The physical and cyber safety issues surrounding medical devices like IV pumps is finally being meaningfully addressed by a new policy taking effect this week.
Look, if there is an article about the Pope adopting an MDM solution, I'm reading it.
Very interesting read and thought excercise, with the hypothesis that cybercrime gangs, especially the more lucrative ones, will inevitably resemble regular companies with management structures and such.
It's rare that increased security goes hand in hand with better user experience. Password managers have always fallen under that category for me.
1Password is working on going one step further on both the security and the UX front though, by supporting the use of passkeys. No more passwords to remember, not even a single one, and being much more secure as a result. (Sponsored)