News
Hi everyone,
Many thanks to everyone who gave feedback on issue length and curation. The general theme seemed to be that most of you don't mind a lengthy issue, as long as it's easy to skim through. And that it might be a good idea to have a separate section with "quick links that were interesting too". Going to give this some more thought.
Meanwhile, as a testament to our skimming skills, this week has given us 15 entries in the "breaches and leaks" section, goodness.
The rest of this issue is a minimal version I'm afraid. I took a few days off to go to a sort of crisis management training, and loved it. But I'm also exhausted :-) So I'll share interesting articles but without writing the summary myself, instead using the one that the news site itself presents.
Have a good one friends!
Breaches and leaks
- Sri Lankan government loses months of data following ransomware attack: link.
- Canadian Nurses Association confirms data theft after group dumps stolen info: link.
- MGM still responding to wide-ranging cyberattack as rumors run rampant: link.
- Caesars Entertainment confirms ransom payment, customer data theft: link.
- Nearly 15,000 accounts raided at automaker sites to harvest vehicle IDs, report says: link.
- Save the Children International hit with cyberattack, but says operations weren’t impacted: link.
- Airbus investigates data leak allegedly involving thousands of suppliers: link.
- Royal Dutch Football Association confirms it paid ransom for hacked employee data: link.
- Hackers steal $53 million worth of cryptocurrency from CoinEx: link.
- US-Canada water commission investigating cyberattack: link.
- Manchester police officers’ data stolen following ransomware attack on supplier: link.
- Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack: link.
- Dymocks Booksellers suffers data breach impacting 836k customers: link.
- Rollbar discloses data breach after hackers stole access tokens: link.
- Auckland transport authority hit by suspected ransomware attack: link.
New WiKI-Eve attack can steal numerical passwords over WiFi
A new attack dubbed 'WiKI-Eve' can intercept the cleartext transmissions of smartphones connected to modern WiFi routers and deduce individual numeric keystrokes at an accuracy rate of up to 90%, allowing numerical passwords to be stolen.
Facebook Messenger phishing wave targets 100K business accounts per week
Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware.
Google is enabling Chrome real-time phishing protection for everyone
Google announced today that it is bringing additional security to the Google Chrome standard Safe Browsing feature by enabling real-time phishing protection for all users.
CISA offers free security scans for public water utilities
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has announced it is offering free security scans for critical infrastructure facilities, such as water utilities, to help protect these crucial units from hacker attacks.
White House pledges renewed support for open source security
CISA released a roadmap for open source software security as industry officials convened to map out additional steps to protect federal agencies and the larger ecosystem.
North Korean hackers target security researchers with new zero-day
State-backed North Korean hackers are reportedly targeting security researchers using at least one zero-day vulnerability, Google researchers have discovered.
GlitchSecure: real-time and continuous security testing
If you feel like doing a quick pentest every few quarters isn't enough, you are correct. Take a look at the combination of continuous vulnerability assessments and real-time pentesting that GlitchSecure offers. Every finding is verified by highly skilled (and wonderful) humans. (Sponsored)
Issues and fixes
- Microsoft Patch Tuesday fixes 2 zero-days, 59 flaws: link
- Adobe warns of critical Acrobat and Reader zero-day exploited in attacks: link.
- Google patches critical vulnerability which is exploited in the wild: link.
- Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks: link.
- Apple backports BLASTPASS zero-day fix to older iPhones: link.
The ‘game-changing’ attitude behind a very creative dark web takedown
The takedown of the Hansa market showed how old-school policing can play a role in cybercrime cases. The Click Here podcast team talks with the head of the Netherlands’ High Tech Crimes Unit about the legacy of that operation.
Who pulled off a $41M online casino heist? North Korea, FBI says.
North Korea's state-sponsored hackers have executed another major online theft as Kim Jong-un is expected to discuss supplying weapons to Russia.
1Password open-sources the library that powers its passkey authentication
1Password is open-sourcing passkey-rs crates to enable developers to build a WebAuthn client or authenticator. They go into deep technical detail in the blogpost as to what, how and why they built it. You can find the Github repo here. (Sponsored)