News
Hi folks,
I hope you're all doing well. It's been quite the week for me. I've spent most of it in bed, enjoying a bout of covid, of all things. Today is the first day that I feel somewhat better, but it's still going to be a quick version where I don't write extensive summaries. Enjoy and have a great rest of the weekend!
Chinese hackers breached 20,000 FortiGate systems worldwide
The Dutch Military Intelligence and Security Service (MIVD) warned today that the impact of a Chinese cyber-espionage campaign unveiled earlier this year is "much larger than previously known."
Malicious VSCode extensions with millions of installs discovered
A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.
Microsoft president promises significant culture changes geared towards security
Brad Smith detailed plans to tie compensation to security, as lawmakers raised new questions about the company’s commitment to transparency.
Two arrested in Britain over homemade mobile antenna used for SMS blasting
Police say it appears to be the first case of its kind in Britain. An illegal telephone mast was used to send phishing messages that were able to “bypass mobile phone networks’ systems” for blocking suspicious traffic.
The teenager who lived a secret double life as a millionaire crypto bandit
Joel Ortiz, a socially isolated college student, stole millions of dollars in crypto by hijacking his victims’ mobile phones.
Quick links
- Microsoft delays Windows Recall amid privacy and security concerns: link.
- CISA warns of criminals impersonating its employees in phone calls: link.
- AWS adds passkeys support, warns root users must enable MFA: link.
- Former IT employee gets 2.5 years for wiping 180 virtual servers: link.
- CISA leads first tabletop exercise for AI cybersecurity: link.
- “Simulation of keyboard activity” leads to firing of Wells Fargo employees: link.
Breaches and leaks
- London hospitals cancel over 800 operations after ransomware attack: link.
- 23andMe data breach under investigation in UK and Canada: link.
- DDoS attacks target EU political parties as elections begin: link.
- New York Times source code stolen using exposed GitHub token: link.
- Cylance confirms data breach linked to 'third-party' platform: link.
- Pure Storage confirms data breach after Snowflake account hack: link.
- City of Cleveland shuts down IT systems after cyberattack: link.
- Panera warns of employee data breach after March ransomware attack: link.
- Toronto District School Board hit by a ransomware attack: link.
- Ascension hacked after employee downloaded malicious file: link.
- Truist Bank confirms breach after stolen data shows up on hacking forum: link.
- Insurance giant Globe Life investigating web portal breach: link.
- Keytronic confirms data breach after ransomware gang leaks stolen files: link.
- Vietnam’s state postal service claims to restore its systems after cyberattack: link.
- Japanese video-sharing website Niconico suspends services following cyberattack: link.
Issues and fixes
- Exploit for critical Veeam auth bypass available, patch now: link.
- PHP fixes critical RCE flaw impacting all versions for Windows: link.
- Google patches exploited Android zero-day on Pixel devices: link.
- JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens: link.
- Netgear WNR614 flaws allow device takeover, no fix available: link.
1Password: the password manager with (to me) the best UX
I'm not going to write a long marketing-heavy paragraph on this one. I just love using 1Password. The UX, the support, the integrations, it all works wonderfully. Highly recommended. (Sponsored)