It's another quick version :-) I'm still caught up in work, travel and training. Normal service should resume next week, until then I'll use the default summaries provided by the newssites themselves.
(Worthy of an item on its own, y'all know this one triggers me).
Genetic testing company 23andMe revealed that its data breach was much worse than previously reported, hitting about half of its total customers.
Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory.
Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver bootkits.
You can't secure what you can't see, right? Explore Escape's powerful combination of agentless and automated API discovery and security scanning. Start uncovering business-logic flaws with the help of AI at scale. (Sponsored)
Microsoft announced a major shakeup of its security leadership and the hiring of a new Chief Information Security Officer.
The attorneys general of Connecticut, Illinois, New York and Pennsylvania signed a memorandum of understanding with the FCC.
Memory safety vulnerabilities need to be crushed with better code.
Organizations enrolled in the agency’s vulnerability scanning program are showing improved security, but the reduction in exploitable internet-facing services is incremental.
If you think doing a quick pentest every few quarters isn’t enough, you are correct. GlitchSecure combines continuous vulnerability assessments with real-time pentesting - all verified by highly skilled (and wonderful) humans in a user friendly platform. (Sponsored)
Gmail's spam filters can now understand "adversarial text manipulations."
Eight months ago, ChatGPT wrote ugly, broken ransomware code (with much offense). Today, that's all changed.
A decade ago to the day, I published a tweet launching what would surely become yet another pet project that scratched an itch, was kinda useful to a few people but other than that, would shortly fade away into the same obscurity as all the other ones I'd launched over
Breaches and leaks
- Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks: link.
- New Relic security breach: link.
- HHS warns of ‘Citrix Bleed’ attacks after hospital outages: link.
- DePauw University warns of data breach as ransomware attacks on colleges surge: link.
- Hershey warns of data breach following phishing attack: link.
- US Navy shipbuilder Austal says cyber incident had ‘no impact on operations’: link.
- Nissan investigates cyberattack in Australia and New Zealand: link.
- Schools in Maine, Indiana and Georgia contend ransomware attacks: link.
- Stanley Steemer says nearly 68,000 people affected by data breach in March: link.
- HTC Global Services confirms cyberattack after data leaked online: link.
- Payments processor Tipalti investigating ransomware attack: link.
Issues and fixes
- Adobe Coldfusion vulnerability used in attacks on government servers: link.
- Atlassian patches critical RCE flaws across multiple products: link.
- "Sierra:21" vulnerabilities impact critical infrastructure routers: link.
- Multiple NFT collections at risk by flaw in open-source library: link.
- Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks: link.
- VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks: link.
- Dangerous vulnerability in fleet management software seemingly ignored by vendor: link.
1Password is now available to use as a shell plugin, so you no longer need to copy-paste access keys from the browser into your cli, only to have them then be stored insecurely. There are already plugins for AWS, Github, Gitlab, Okta, Stripe, CircleCI, and many more. (Sponsored)