News
Hi folks,
I hope you're all enjoying the lethargy that comes after lot's of food and lot's of family.
It's a rather quiet newsweek, for obvious reasons, so I'm keeping it short. I just want to make sure you didn't miss anything big during the holidays. Fortunately, nothing big seems to have broken out. Yet. Tam-tam-taaaam.
Ahum. On to the newsletter. Enjoy :-)
Breaches and leaks
- Health care giant Ascension says 5.6 million patients affected in cyberattack: link.
- Nearly half a million people had data stolen after cyberattack on American Addiction Centers: link.
- Cyberattack on Ukraine’s state registers disrupts marriage registration, real estate deals: link.
- Defense giant General Dynamics says employees targeted in phishing attack: link.
- Japan Airlines resumes operations after cyberattack delays flights: link.
- FBI links North Korean hackers to $308 million crypto heist: link.
- European Space Agency's official store hacked to steal payment cards: link.
- FTC orders Marriott and Starwood to implement strict data security: link.
- Flagstar fined $3.5M for ‘misleading’ after 2021 cyberattack: link.
Issues and fixes
- Sophos discloses critical Firewall remote code execution flaw: link.
- Apache fixes remote code execution bypass in Tomcat web server: link.
- Researchers warn of active exploitation of critical Apache Struts 2 flaw: link.
- Apache warns of critical flaws in MINA, HugeGraph, Traffic Control: link.
- Premium WPLMS WordPress plugins address seven critical flaws: link.
- Adobe warns of critical ColdFusion bug with PoC exploit code: link.
1Password for developers: secrets, SSH keys, and more
I don't think most developers realise how valuable 1Password can be. It doesn't just hold passwords, it also hold your SSH keys, signs your Git commits, injects token and other secrets in CLI scripts when you want, and much more. (Sponsored)