Hi folks,

We're back to more or less normal service this week, except for this issue being a day early.

I've had another few days of training around incident response for real-world events, and it was incredibly interesting. As a direct result though, I am taking the day off tomorrow, and plan on spending a good portion of it lying on the couch, watching a movie, doing absolutely nothing productive.

I wish you either a very productive, or a very non-productive Friday, whichever is more appropriate for you ;-)

Have a good one friends!

Dieter Van der Stock

Breaches and leaks

  • Two-day water outage in remote Irish region caused by pro-Iran hackers: link.
  • Norton Healthcare ransomware attack exposes 2.5M people: link.
  • Toyota warns customers of data breach exposing personal, financial info: link.
  • Cold storage giant Americold discloses data breach after April malware attack: link.
  • Central Virginia transit system affected by cyber incident: link.
  • Credit union operations restored after tech supplier ransomware attack: link.
  • District court in Switzerland victim of a cyber attack: link.
  • Sony investigating potential ransomware attack on Insomniac Games unit: link.
  • Henry Schein says 29K people affected in September cyberattack: link.
Dieter Van der Stock

Issues and fixes

  • Microsoft patches 34 vulnerabilities, including one zero-day: link.
  • WordPress fixes POP chain exposing websites to RCE attacks: link.
  • 50K WordPress sites exposed to RCE attacks by critical bug in backup plugin: link.
  • Apple emergency updates fix recent zero-days on older iPhones: link.
  • Ledger dApp supply chain attack steals $600K from crypto wallets: link.
  • Russian hackers targetting TeamCity servers since September: link.
  • Counter-Strike 2 HTML injection bug exposes players’ IP addresses: link.
  • Over 1,450 pfSense servers exposed to RCE attacks via bug chain: link.
  • Sophos backports RCE fix after attacks on unsupported firewalls: link.
  • Hackers are exploiting critical Apache Struts flaw using public PoC: link.
Dieter Van der Stock