Hi folks,

A day early, but plenty of news to fill an issue. The xz backdoor was definitely the biggest item this week, and it was fascinating to read up on. I've tried to summarise as best as I can, but definitely feel free to dig into the extra links. The burning report that Microsoft received is worth a conversation or two as well around the watercooler. Plenty to read, I hope you enjoy it :-) Cheers!

Dieter Van der Stock

Quick links

  • FTC: Americans lost $1.1 billion to impersonation scams in 2023: link.
  • Google now blocks spoofed emails for better phishing protection: link.
  • Water woes: A federal push for cyber mitigation is highlighting the sector’s fault lines: link.
  • Progress Software continues to cooperate with SEC probe into MOVEit exploitation: link.
  • CISA faces resource challenge in implementing cyber reporting rules: link.
  • India rescues 250 citizens enslaved by Cambodian cybercrime gang: link.

Breaches and leaks

  • AT&T faces lawsuits over data breach affecting 73 million customers: link.
  • Jackson County in state of emergency after ransomware attack: link.
  • OWASP discloses data breach caused by wiki misconfiguration: link.
  • Shopping platform PandaBuy data leak impacts 1.3 million users: link.
  • Omni Hotels confirms cyberattack behind ongoing IT outage: link.
  • Hosting firm's VMware ESXi servers hit by new SEXi ransomware: link.
  • SurveyLama data breach exposes info of 4.4 million users: link.
  • Yacht retailer MarineMax discloses data breach after cyberattack: link.
  • CISA asserts no data stolen during Ivanti-linked attack on the agency: link.
  • Nearly 1M medical records feared stolen from City of Hope: link.
  • State Department investigating reports of data theft allegedly involving federal tech consulting firm: link.
  • Prudential Insurance says data of 36,000 exposed during February cyberattack: link.

Issues and fixes

  • Google fixes one more Chrome zero-day exploited at Pwn2Own: link.
  • Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks: link.
  • Critical flaw in LayerSlider WordPress plugin impacts 1 million sites: link.
  • Google fixes two Pixel zero-day flaws exploited by forensics firms: link.