News
Hi folks,
Happy Friday! I hope you're doing well. I'm enjoying a few days away from it all with friends, long overdue, and Monday it's back to the books :-)
Here's a good ol' fashion quick version of the newsletter, where I gather the news that was interesting to me but without digging deep into the summaries. Enjoy and have a good weekend!
Cheers,
Quick stories
- Google Cloud to mandate MFA for all users in 2025: link.
- Germany drafts law to protect researchers who find security flaws: link.
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks: link.
- TSA proposes cyber risk management programs for surface transportation, pipeline operators: link.
- Host of House panels getting briefed on major Chinese hacker telecom breaches: link.
- Hacking 700 million Electronic Arts accounts (ethically): link.
Breaches and leaks
- Ransomware attack hits German pharmaceutical wholesaler, disrupts medicine supplies: link.
- Texas-based oilfield supplier faces disruptions following ransomware attack: link.
- Washington courts' systems offline following weekend cyberattack: link.
- LA housing authority confirms breach claimed by Cactus ransomware: link.
- Schneider Electric confirms dev platform breach after hacker steals data: link.
- Nokia says hackers leaked third-party app source code: link.
- Microchip Technology reports $21.4M expense from August cyberattack: link.
- SelectBlinds says 200,000 customers impacted after hackers embed malware on site: link.
Issues and fixes
- Synology hurries out patches for zero-days exploited at Pwn2Own: link.
- Google fixes two Android zero-days used in targeted attacks: link.
- HPE warns of critical RCE flaws in Aruba Networking access points: link.
- CISA warns of critical Palo Alto Networks bug exploited in attacks: link.
- Cisco bug lets hackers run commands as root on UWRB access points: link.
1Password for developers: secrets, SSH keys, and more
I don't think most developers realise how valuable 1Password can be. It doesn't just hold passwords, it also hold your SSH keys, signs your Git commits, injects token and other secrets in CLI scripts when you want, and much more. (Sponsored)