Hi folks!

I hope you're all having a wonderfull end of the week. It has once again been exhausting but so awesome on my end. The non-stop learning on the new job is intense, but very satisfying.

It's a quick version today, and that might be the case a few more times until I get my weekly routine in order. I'll take it as it comes, if I have time I'll write more, if I don't I'll write less :-)

Have a good one friends!

Dieter Van der Stock

Quick links

  • Congressional leaders concerned by NYPD's use of Chinese-made drones: link.
  • FCC might require telecoms to report on securing internet's BGP technology: link.
  • Apple blocked $7 billion in fraudulent App Store purchases in 4 years: link.
  • Norway recommends replacing SSL VPN to prevent breaches: link.
  • Southeast Asian scam syndicates stealing $64 billion annually, researchers find: link.
  • Vermont passes data privacy law allowing consumers to sue companies: link.

Breaches and leaks

  • Europol confirms web portal breach, says no operational data stolen: link.
  • Ascension redirects ambulances after suspected ransomware attack: link.
  • Singing River Health System: Data of 895,000 stolen in ransomware attack: link.
  • Dell API abused to steal 49 million customer records in data breach: link.
  • Largest non-bank lender in Australia warns of a data breach: link.
  • British Columbia investigating cyberattacks on government networks: link.
  • Ohio Lottery ransomware attack impacts over 538,000 individuals: link.
  • The Post Millennial hack leaked data impacting 26 million people: link.
  • Helsinki suffers data breach after hackers exploit unpatched flaw: link.
  • Banco Santander warns of a data breach exposing customer info: link.
  • Nissan North America data breach impacts over 53,000 employees: link.
  • MediSecure e-script firm hit by ‘large-scale’ ransomware data breach: link.
  • Law enforcement data stolen in Wichita ransomware attack: link.
  • Christie's takes website offline after cyberattack, delays live auction: link.

Issues and fixes

  • Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws: link.
  • Apple backports fix for zero-day exploited in attacks to older iPhones: link.
  • Citrix warns admins to manually mitigate PuTTY SSH client bug: link.
  • Widely used modems in industrial IoT devices open to SMS attack: link.
  • Google fixes third actively exploited Chrome zero-day in a week: link.
  • VMware fixes three zero-day bugs exploited at Pwn2Own 2024: link.
  • Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own: link.
  • PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers: link.