Hi folks,

It's quite a lengthy one this week, but I tried to summarize as best as I could to make it easy for you :-)

Enjoy and have a great day!

Dieter Van der Stock

Breaches and leaks

  • Western Digital confirms that customer data was stolen during March attack: link.
  • NextGen Healthcare, a provider of cloud-based healthcare technology, disclosed that a database containing information of over 1 million people was stolen: link.
  • Sysco, a food distribution company, disclosed a breach: link.
  • Outsourcing firm Capita had an exposed s3 bucket: link.
  • Dragos, a Industrial cybersecurity company, had attackers access its Sharepoint data: link.
  • Twitter had an incident that exposed private Circle tweets: link.
  • A scam site that pretends to offer jobs for the US Postal Service had a database with 900.000 victim's records exposed, including credit card data. Times are weird when scam site security starts to matter to everyone. link.
Dieter Van der Stock

Small updates by big corps

Small is relative at their scale of course. There were a few of these this week, so I'm going to wrap them into a single list:

  • Gmail brings dark web monitoring to all US-based users, very impressive: link.
  • Gmail also launches a blue checkmark, because who doesn't like those. More seriously, it's an extension to the Brand Indicators for Message Identification (BIMI) standard: link.
  • Twitter rolls out e2e encrypted DM's for paying users: link.
  • Microsoft enforces number matching for 2fa prompts to combat fatigue attacks: link.
  • Google will be replacing the lock icon in Chrome with something that doesn't seem to indicate that everything is 100% secure: link.
Dieter Van der Stock