Hi folks,

I hope you're all doing well. It's been quite the week for me. I've spent most of it in bed, enjoying a bout of covid, of all things. Today is the first day that I feel somewhat better, but it's still going to be a quick version where I don't write extensive summaries. Enjoy and have a great rest of the weekend!

Dieter Van der Stock

Quick links

  • Microsoft delays Windows Recall amid privacy and security concerns: link.
  • CISA warns of criminals impersonating its employees in phone calls: link.
  • AWS adds passkeys support, warns root users must enable MFA: link.
  • Former IT employee gets 2.5 years for wiping 180 virtual servers: link.
  • CISA leads first tabletop exercise for AI cybersecurity: link.
  • “Simulation of keyboard activity” leads to firing of Wells Fargo employees: link.

Breaches and leaks

  • London hospitals cancel over 800 operations after ransomware attack: link.
  • 23andMe data breach under investigation in UK and Canada: link.
  • DDoS attacks target EU political parties as elections begin: link.
  • New York Times source code stolen using exposed GitHub token: link.
  • Cylance confirms data breach linked to 'third-party' platform: link.
  • Pure Storage confirms data breach after Snowflake account hack: link.
  • City of Cleveland shuts down IT systems after cyberattack: link.
  • Panera warns of employee data breach after March ransomware attack: link.
  • Toronto District School Board hit by a ransomware attack: link.
  • Ascension hacked after employee downloaded malicious file: link.
  • Truist Bank confirms breach after stolen data shows up on hacking forum: link.
  • Insurance giant Globe Life investigating web portal breach: link.
  • Keytronic confirms data breach after ransomware gang leaks stolen files: link.
  • Vietnam’s state postal service claims to restore its systems after cyberattack: link.
  • Japanese video-sharing website Niconico suspends services following cyberattack: link.

Issues and fixes

  • Exploit for critical Veeam auth bypass available, patch now: link.
  • PHP fixes critical RCE flaw impacting all versions for Windows: link.
  • Google patches exploited Android zero-day on Pixel devices: link.
  • JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens: link.
  • Netgear WNR614 flaws allow device takeover, no fix available: link.