Hi folks!

I'm back from a lovely snowboarding trip, and enjoying a few days off to catch up on some sleep :-)

Nothing Earth-shattering this week in security world, which is a good thing. But plenty of interesting articles to read and learn from. Enjoy!

P.S.: I'm looking around for a new sponsor. If your company wants to be featured next to the awesome 1Password, give me a shout.

Dieter Van der Stock

Quick links

  • GitHub enables push protection by default to stop secrets leak: link.
  • Germany takes down cybercrime market with over 180,000 users: link.
  • NSA shares zero-trust guidance to limit adversaries on the network: link.
  • CISA, NSA share best practices for securing cloud services: link.
  • Americans lost a record $12.5 billion to online fraud last year: link.
  • Cloudflare announces Firewall for AI: link.
  • A beginner's guide to tracking malware infrastructure: link.
Dieter Van der Stock

Breaches and leaks

  • North Korea hacks two South Korean chip firms to steal engineering data: link.
  • Ukraine claims it hacked Russian Ministry of Defense servers: link.
  • PetSmart warns of credential stuffing attacks trying to hack accounts (see, 23AndMe, you -can- actually detect and defend against credential stuffing attacks. Kudos PetSmart): link.
  • Stormous ransomware gang takes credit for attack on Belgian brewer Duvel: link.
  • Play ransomware leaked 65,000 Swiss government documents, investigation finds: link.
  • Iowa electric, water utility says info of nearly 37,000 leaked in January ransomware attack: link.
  • 20 million Cutout.Pro user records leaked on data breach forum: link.
  • Golden Corral restaurant chain data breach impacts 183,000 people: link.
  • Canada's anti-money laundering agency offline after cyberattack: link.
  • Switzerland: Play ransomware leaked 65,000 government documents: link.
  • Amex cardholder data exposed in merchant processor hack: link.
  • Capita says cyberattack contributed to annual loss of more than £106 million: link.
  • Fulton County services coming back on ‘rolling basis’ after LockBit attack: link.
  • Law firm reports data breach affecting more than 325,000 people: link.
Dieter Van der Stock

Issues and fixes

  • Critical TeamCity flaw now widely exploited to create admin accounts: link
  • VMware sandbox escape bugs are so critical, patches are released for end-of-life products: link.
  • CISA cautions against using hacked Ivanti VPN gateways even after factory resets: link.
  • CISA warns of Microsoft Streaming bug exploited in malware attacks: link.
  • Apple fixes two new iOS zero-days exploited in attacks on iPhones: link.
  • AnyCubic fixes exploited 3D printer zero day flaw with new firmware: link.
Dieter Van der Stock

Sponsorship slots available

If you want to be featured in the newsletter, like 1Password is every week, just reply to this e-mail and let me know.

Dieter Van der Stock