News
Hi friends,
It's a minimal issue this week I'm afraid. I need to focus on finishing up a busy assignment before taking time off next week.
As an experiment though, instead of only sharing the titles without any summaries like my usual minimal versions, I'll use the summaries that (most) web articles provide themselves. If you feel that this is a particularly good or bad experience, please let me know :-)
Cheers!
Compromised Microsoft key: more impactful than we thought
Wiz' investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impact.
GlitchSecure: real-time and continuous security testing
If you feel like doing a quick pentest every few quarters isn't enough, you are correct. Take a look at the combination of continuous vulnerability assessments and real-time pentesting that GlitchSecure offers. Every finding is verified by highly skilled (and wonderful) humans. (Sponsored)
Clop gang to earn over $75 million from MOVEit extortion attacks
The Clop ransomware gang is expected to earn between $75-100 million from extorting victims of their massive MOVEit data theft campaign.
ALPHV ransomware adds data leak API
The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their attacks.
JumpCloud hack linked to North Korea after OPSEC mistake
A hacking unit of North Korea's Reconnaissance General Bureau (RGB) was linked to the JumpCloud breach after the attackers made an operational security (OPSEC) mistake, inadvertently exposing their real-world IP addresses.
SEC votes to require companies to disclose cyberattacks in 4 days
After a fierce debate, the agency voted to require companies to come clean on material breaches and attacks within four business days of determination.
Microsoft previews Defender for IoT firmware analysis service
Microsoft announced the public preview of a new Defender for IoT feature that helps analyze the firmware of embedded Linux devices like routers for security vulnerabilities and common weaknesses.
Flipper Zero now has an app store to install third-party apps
The Flipper Zero team has launched its very own 'Flipper Apps' mobile app store, allowing mobile users to install 3rd-party apps and extend the functionality of the popular wireless pen-testing tool.
Researchers find ‘backdoor’ in encrypted police and military radios
The TETRA standard is used in radios worldwide. Security researchers have found multiple vulnerabilities in the underlying cryptography and its implementation, including issues that allow for the decryption of traffic.
Virustotal introduces YARA Netloc, extending rules to network IoCs
YARA Netloc is a powerful new hunting feature that extends YARA supported entities from traditional files to network infrastructure, including domains, URLs and IP addresses.
1Password is adding support for passkeys
There's a big update over at 1Password, namely, soon you will no longer need even that single password. Passkeys are essentially the combination of a device and a biometric, like a fingerprint, and would make passwords unnecessary. Check it out to learn more. (Sponsored)