News

Hi friends,

Here we are with this week's newsletter. Some interesting research, some nice opinion pieces, and unfortunately also a list of breaches and issues. I hope you enjoy the read!

Also, a random extra shoutout to 1Password for making this newsletter possible, I'm really grateful to them for the support. Thanks 1Password!

Cheers,

Dieter Van der Stock





Quick links

  • Google Advanced Protection Program gets passkeys for high-risk users: link.
  • Cloudflare blames recent outage on BGP hijacking incident: link.
  • Europol says Home Routing mobile encryption feature aids criminals: link.
  • US disrupts AI-powered bot farm pushing Russian propaganda on X: link.
  • CISA urges devs to weed out OS command injection vulnerabilities: link.
  • Critical infrastructure organizations want CISA to dial back cyber reporting: link.

Breaches and leaks

  • RansomHub says it published Florida health department data: link.
  • Roblox vendor data breach exposes dev conference attendee info: link.
  • Evolve Bank says data breach impacts 7.6 million Americans: link.
  • City of Philadelphia says over 35,000 hit in May 2023 breach: link.
  • Fujitsu confirms customer data exposed in March cyberattack: link.
  • Neiman Marcus data breach: 31 million email addresses found exposed: link.
  • Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events: link.
  • Computer maker Zotac exposed customers' RMA info on Google Search: link.
  • Hacktivists release two gigabytes of Heritage Foundation data: link.
  • Debt collection agency says data breach affected more than 4 million people: link.
  • ‘Serious hacker attack’ forces Frankfurt university to shut down IT systems: link.
  • Shopify denies it was hacked, links stolen data to third-party app: link.

Issues and fixes

  • GitLab: Critical bug lets attackers run pipelines as other users: link.
  • Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days: link.
  • New Eldorado ransomware targets Windows, VMware ESXi VMs: link.
  • RCE bug in widely used Ghostscript library now exploited in attacks: link.
  • Windows MSHTML zero-day used in malware attacks for over a year: link.
  • Hackers target WordPress calendar plugin used by 150,000 sites: link.