Microsoft update breaks dual boot. Solarwinds hardcoded password issue.  

News

Hi folks,

I hope you're having a great day! This week seems to have been a slow one in terms of cybersecurity news. I'm tempted to drag in some articles that I would otherwise not include, just to fill this issue. But I figure it makes much more sense to celebrate this occasion and just let you get back to your day quicker :-)

Enjoy the short read and have a wonderful weekend!

Cheers,

Dieter

Microsoft confirms August updates break Linux boot in dual-boot systems

This caused quite a bit of anger. Microsoft pushed an update with more strict settings for the Secure Boot mechanism, which caused a bunch of Linux installs to suddenly not boot anymore.

Also a good explanation of what happened if you want to dig a little deeper:
"What the fuck is an SBAT and why does everyone suddenly care": link.

bleepingcomputer.com

SolarWinds fixes hardcoded credentials flaw in Web Help Desk

I'm calling this one out just to show that Solarwinds still hasn't learned their lesson, apparently.

bleepingcomputer.com

Breaches and leaks

  • Background-check giant confirms security incident leaked millions of SSNs: link.
  • Toyota confirms third-party data breach impacting customers: link.
  • Oregon Zoo warns visitors their credit card details were stolen: link.
  • Microchip Technology discloses cyberattack impacting operations: link.
  • CannonDesign confirms Avos Locker ransomware data breach: link.
  • Halliburton responding to suspected cyber incident, some systems impacted: link.
  • Shareholder-tracking company Equiniti shells out $850K to SEC over breaches: link.

Issues and fixes

  • CISA warns of Jenkins RCE bug exploited in ransomware attacks: link.
  • GitHub Enterprise Server vulnerable to critical auth bypass flaw: link.
  • Litespeed Cache bug exposes millions of WordPress sites to takeover attacks: link.
  • Google fixes ninth Chrome zero-day exploited in attacks this year: link.
  • Major backdoor in millions of RFID cards allows instant cloning: link.
  • Vulnerabilities in Microsoft’s macOS apps could help hackers access microphones and cameras: link.

1Password: the password manager with (to me) the best UX

I'm not going to write a long marketing-heavy paragraph on this one. I just love using 1Password. The UX, the support, the integrations, it all works wonderfully. Highly recommended. (Sponsored)

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.