Hi folks!

Here we are with another overview of what happened in the world of cybersecurity this week, and what I personally found the most interesting :-) Enjoy!

Dieter Van der Stock

Quick links

  • Microsoft to start killing off VBScript in second half of 2024: link.
  • Microsoft to start enforcing Azure multi-factor authentication in July: link.
  • Financial institutions have 30 days to disclose breaches under new rules: link.
  • NIST quantum-resistant algorithms to be published within weeks: link.
  • US Cyber Command conducted first ‘hunt forward’ mission in Zambia last year: link.
  • HHS offering $50 million for proposals to improve hospital cybersecurity: link.

Breaches and leaks

  • OmniVision discloses data breach after 2023 ransomware attack: link.
  • Western Sydney University data breach exposed student data: link.
  • Northern Ireland police faces £750k fine after exposing staff info: link.
  • SEC slaps $10 million penalty on owner of NY Stock Exchange over 2021 cyber intrusion: link.
  • WebTPA data breach impacts 2.4 million insurance policyholders: link.
  • American Radio Relay League cyberattack takes Logbook of the World offline: link.

Issues and fixes

  • Veeam warns of critical Backup Enterprise Manager auth bypass bug: link.
  • Critical Fluent Bit flaw impacts all major cloud providers: link.
  • High-severity GitLab flaw lets attackers take over accounts: link.
  • GitHub warns of SAML auth bypass flaw in Enterprise Server: link.
  • QNAP QTS zero-day in Share feature gets public RCE exploit: link.
  • Bitbucket artifact files can leak plaintext authentication secrets: link.
  • Rockwell Automation warns admins to take ICS devices offline: link.
  • JAVS courtroom recording software backdoored in supply chain attack: link.
  • GE HealthCare issues guidance for mitigating 11 security bugs in ultrasound devices: link.