Google Cloud MFA mandated. Hacking 700 million EA accounts ethically. Quick version.  8th November 2024

Hi folks,

Happy Friday! I hope you're doing well. I'm enjoying a few days away from it all with friends, long overdue, and Monday it's back to the books :-)

Here's a good ol' fashion quick version of the newsletter, where I gather the news that was interesting to me but without digging deep into the summaries. Enjoy and have a good weekend!

Cheers,

Quick stories

• Google Cloud to mandate MFA for all users in 2025: link.
• Germany drafts law to protect researchers who find security flaws: link.
• Hackers increasingly use Winos4.0 post-exploitation kit in attacks: link.
• TSA proposes cyber risk management programs for surface transportation, pipeline operators: link.
• Host of House panels getting briefed on major Chinese hacker telecom breaches: link.
• Hacking 700 million Electronic Arts accounts (ethically): link.

Breaches and leaks

• Ransomware attack hits German pharmaceutical wholesaler, disrupts medicine supplies: link.
• Texas-based oilfield supplier faces disruptions following ransomware attack: link.
• Washington courts' systems offline following weekend cyberattack: link.
• LA housing authority confirms breach claimed by Cactus ransomware: link.
• Schneider Electric confirms dev platform breach after hacker steals data: link.
• Nokia says hackers leaked third-party app source code: link.
• Microchip Technology reports $21.4M expense from August cyberattack: link.
• SelectBlinds says 200,000 customers impacted after hackers embed malware on site: link.

Issues and fixes

• Synology hurries out patches for zero-days exploited at Pwn2Own: link.
• Google fixes two Android zero-days used in targeted attacks: link.
• HPE warns of critical RCE flaws in Aruba Networking access points: link.
• CISA warns of critical Palo Alto Networks bug exploited in attacks: link.
• Cisco bug lets hackers run commands as root on UWRB access points: link.