Hi folks,

There weren't a lot of articles that jumped out to me this week, so for once this should be a quick read :-)
But there were a lot of stories that fell under the "issues" category, so make sure to skim that list to see if you use any of the affected software.

Enjoy your Friday!

Dieter Van der Stock

Breaches and leaks

  • Taiwanese semiconductor company hit by ransomware attack: link.
  • Ransomware gang targets nonprofit providing clean water to world’s poorest: link.
  • Kansas State University cyberattack disrupts IT network and services: link.
  • Ransomware gang demands €10 million after attacking Spanish council: link.
  • British Library restores access to online collection following ransomware attack: link.
  • Ransomware attack on US Navy shipbuilder leaked information of nearly 17,000 people: link.
  • Have I Been Pwned adds 71 million emails from Naz.API stolen account list: link.
Dieter Van der Stock

Issues and fixes

  • Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks: link.
  • Ivanti Connect Secure zero-days now under mass exploitation: link.
  • Atlassian warns of critical RCE flaw in older Confluence versions: link.
  • Google fixes first actively exploited Chrome zero-day of 2024: link.
  • Citrix warns of new Netscaler zero-days exploited in attacks: link.
  • Juniper warns of critical RCE bug in its firewalls and switches: link.
  • GitLab warns of critical zero-click account hijacking vulnerability: link.
  • Critical Microsoft SharePoint bug now actively exploited: link.
  • Joomla! vulnerability is being actively exploited: link.
  • GitHub rotates keys to mitigate impact of credential-exposing flaw: link.
Dieter Van der Stock