News
Hi friends,
It's a quick version today, I simply ran out of time this week :-) Enjoy and have a good weekend!
New HTTP/2 DoS attack can crash web servers with a single connection
Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.
New Spectre v2 attack impacts Linux systems on Intel CPUs
Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors.
Apple warns people of mercenary attacks via threat notification system
Apple has sent alerts to people in 92 nations to say it's detected that they may have been a victim of a mercenary attack.
LastPass: Hackers targeted employee in failed deepfake CEO call
LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer.
Quick links
- Congress sounds alarm on lax dam cybersecurity: link.
- Germany to launch cyber military branch to combat Russian threats: link.
- Hackable Intel and Lenovo hardware that went undetected for 5 years won’t ever be fixed: link.
- Google Workspace rolls out multi-admin approval feature for risky changes: link.
- Chrome Enterprise gets Premium security but you have to pay for it: link.
- Ivanti CEO pledges to “fundamentally transform” its hard-hit security model: link.
Breaches and leaks
- US cancer center data breach exposes info of 827,000 patients: link.
- AT&T: Data breach affects 73 million or 51 million customers. No, we won’t explain.: link.
- Panera Bread week-long IT outage caused by ransomware attack: link.
- Acuity confirms hackers stole non-sensitive govt data from GitHub repos: link.
- Home Depot confirms third-party data breach exposed employee info: link.
- Cyberattack on UK’s CVS Group disrupts veterinary operations: link.
- Optics giant Hoya hit with $10 million ransomware demand: link.
- Universities in New Mexico, Oklahoma respond to ransomware attacks: link.
- After failed ransomware attack, hackers stole data on 533k people from Wisconsin insurance company: link.
- German database company Genios confirms ransomware attack: link.
- Computer accessory giant Targus says cyberattack interrupting business operations: link.
- French football club PSG says ticketing system targeted by cyberattack: link.
- DOJ data on 341,000 people leaked in cyberattack on consulting firm: link.
- Pacific Guardian Life Insurance says 165,000 had financial info stolen in 2023 attack: link.
- Thousands of staff, students have sensitive data stolen in University of Winnipeg hack: link.
Issues and fixes
- Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation: link.
- New Ivanti RCE flaw may impact 16,000 exposed VPN gateways: link.
- Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks: link.
- Over 90,000 LG Smart TVs may be exposed to remote attacks: link.
- Microsoft fixes two Windows zero-days exploited in malware attacks: link.
- Critical Rust flaw enables Windows command injection attacks: link.
- New SharePoint flaws help hackers evade detection when stealing files: link.
What 1Password can do for developers
If you're an engineer, it's really worth checking out 1Password's developer tools. It can manage secrets for your infrastructure and CI/CD pipeline, manage SSH keys, and inject tokens into CLI scripts. Play around with it and see how it can fit in your development flow. (Sponsored)