News

Hi folks,

Happy Friday! I hope you're doing well. I'm enjoying a few days away from it all with friends, long overdue, and Monday it's back to the books :-)

Here's a good ol' fashion quick version of the newsletter, where I gather the news that was interesting to me but without digging deep into the summaries. Enjoy and have a good weekend!

Cheers,

Dieter

Quick stories

  • Google Cloud to mandate MFA for all users in 2025: link.
  • Germany drafts law to protect researchers who find security flaws: link.
  • Hackers increasingly use Winos4.0 post-exploitation kit in attacks: link.
  • TSA proposes cyber risk management programs for surface transportation, pipeline operators: link.
  • Host of House panels getting briefed on major Chinese hacker telecom breaches: link.
  • Hacking 700 million Electronic Arts accounts (ethically): link.

Breaches and leaks

  • Ransomware attack hits German pharmaceutical wholesaler, disrupts medicine supplies: link.
  • Texas-based oilfield supplier faces disruptions following ransomware attack: link.
  • Washington courts' systems offline following weekend cyberattack: link.
  • LA housing authority confirms breach claimed by Cactus ransomware: link.
  • Schneider Electric confirms dev platform breach after hacker steals data: link.
  • Nokia says hackers leaked third-party app source code: link.
  • Microchip Technology reports $21.4M expense from August cyberattack: link.
  • SelectBlinds says 200,000 customers impacted after hackers embed malware on site: link.

Issues and fixes

  • Synology hurries out patches for zero-days exploited at Pwn2Own: link.
  • Google fixes two Android zero-days used in targeted attacks: link.
  • HPE warns of critical RCE flaws in Aruba Networking access points: link.
  • CISA warns of critical Palo Alto Networks bug exploited in attacks: link.
  • Cisco bug lets hackers run commands as root on UWRB access points: link.