Nearly 400 US healthcare institutions hit with ransomware in the last year. New proposal for moving passkeys around. Also hacked robot vacuum cleaners turning racist.  

News

Hi friends,

Busy newsweek this week. Not so much pants-on-fire news, just a lot of interesting articles. I hope I digested them down to an interesting yet quick read for you :-) Enjoy and have a good one!

Cheers,

Dieter

Nearly 400 US healthcare institutions hit with ransomware over last year

That's what a report by Microsoft on cybertrends says. It has some interesting other tidbits, like the fact that they found ransomware incidents went up nearly 300% year-over-year, but fortunately also that less and less of them got to the encryption stage before being detected and blocked. You can read the full report (warning, it's 114 pages) here.

therecord.media

New FIDO proposal lets you securely move passkeys across platforms

This would be a major improvement. It's been a tricky thing to set up so far apparently, because it might also become an avenue to steal passkeys from someone in bulk. But the current vendor lock-in scenario isn't helping the ecosystem either.

Related, I was quite surprised to hear that Amazon reports a whopping 175 million customers now using passkeys to log in: link.

bleepingcomputer.com

Robot vacuums hacked to shout slurs at their owners

This is so horribl(y funny) that I had to share it ^^

vice.com

Quick links

  • Microsoft warns it lost some customer's security logs for a month: link.
  • 23andMe will retain your genetic information, even if you delete the account: link.
  • British intelligence services to protect all UK schools from ransomware attacks: link.
  • US disables Anonymous Sudan infrastructure linked to DDoS attack spree: link.
  • Google: 70% of exploited flaws disclosed in 2023 were zero-days: link.

Breaches and leaks

  • US healthcare org admits up to 400k people's data stolen: link.
  • BianLian ransomware claims attack on Boston Children's Health Physicians: link.
  • Insurance giant Globe Life facing extortion attempts after data theft from subsidiary: link.
  • Pokemon dev Game Freak confirms breach after stolen data leaks online: link.
  • Cisco investigates breach after stolen data for sale on hacking forum: link.
  • Japan's ruling political party hit by cyberattack from alleged pro-Russian hackers: link.

Issues and fixes

  • Critical Kubernetes Image Builder flaw gives SSH root access to VMs: link.
  • CISA adds SolarWinds flaw to exploited vulnerabilities catalog: link.
  • GitHub patches critical vulnerability in its Enterprise Servers: link.
  • Recently-patched Firefox bug exploited against Tor browser users: link.
  • Jetpack fixes critical information disclosure flaw existing since 2016: link.

1Password: the password manager with (to me) the best UX

I'm not going to write a long marketing-heavy paragraph on this one. I just love using 1Password. The UX, the support, the integrations, it all works wonderfully. Highly recommended. (Sponsored)

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.