Hi folks,

I hope you all had a wonderful and productive week. Nothing too Earth-shattering in this issue, although it could have been if I read the article on supply-chain attacks on iOS and Mac apps right. And plenty of other interesting stuff to read and learn about. Enjoy!

Dieter Van der Stock

Quick links

  • Latest Intel CPUs impacted by new Indirector side-channel attack: link.
  • Google now pays $250,000 for KVM zero-day vulnerabilities: link.
  • Stolen credentials could unmask thousands of darknet child abuse website users: link.
  • UN urges Russia to ‘immediately’ cease interference in European satellites: link.
  • Google Chrome to let Isolated Web App access sensitive USB devices: link.

Breaches and leaks

  • LockBit claims cyberattack on Croatia’s largest hospital: link.
  • Chicago children's hospital says nearly 800,000 affected by January ransomware attack: link.
  • TeamViewer: Hackers copied employee directory data and encrypted passwords: link.
  • Ticketmaster sends notifications about recent massive data breach: link.
  • Hackers abused API to verify millions of Authy MFA phone numbers: link.
  • Formula 1 governing body discloses data breach after email hacks: link.
  • OVHcloud blames record-breaking DDoS attack on MikroTik botnet: link.
  • Dairy giant Agropur says data breach exposed customer info: link.
  • Prudential Financial now says 2.5 million impacted by data breach: link.
  • Affirm says cardholders impacted by Evolve Bank data breach: link.
  • Patelco shuts down banking systems following ransomware attack: link.
  • HealthEquity data breach exposes protected health information: link.
  • Ransomware attack on Patelco Credit Union causes confusion ahead of holiday weekend: link.
  • Ethereum mailing list breach exposes 35,000 to crypto draining attack: link.

Issues and fixes

  • Juniper releases out-of-cycle fix for max severity auth bypass flaw: link.
  • Cisco warns of NX-OS zero-day exploited to deploy custom malware: link.