Minimal mode

Unfortunately I couldn't spend as much time on this issue as usual, because my wife and daughter fell ill this week. It's all hands on deck here, family comes first :-)

I included the most interesting links, but with less filtering and summarizing than usual. I hope you still get value out of it!

Dieter Van der Stock

Breaches and leaks

  • British Airways: personal and payment information of 380.000 customers was stolen. Likely executed by the Magecart group, through a malicious Javascript include. More details here.
  • Feedify: customer engagement service. It seems that the Javascript they ask their customers to include was infected with credit card stealing code, again by the Magecart group.
  • Veeam: data management and disaster recovery firm (ow, the irony). Exposed more than 440 million names and e-mails of a marketing database.
  • US government site that deals with data transparency requests. After a site upgrade it started showing sensitive personal data, like social security numbers, that were previously masked.
  • mSpy: another spyware maker, leaking millions of call logs, screenshots, location information and what have you.
  • Schneider Electric: shipped USB's infected with malware with some of its products.
  • NPower: energy company, sent personal and payment information of 5.000 customers to the wrong people.
Dieter Van der Stock


  • Microsoft had its Patch Tuesday, fixing 61 vulnerabilities, 17 of which are critical remote-code execution bugs.
  • Cisco released a host of fixes for critical vulnerabilities.
  • Adobe pushed security updates for Flash and Coldfusion.
  • Mozilla patched nine security issues in Firefox 62, including one arbitrary code execution bug.
Dieter Van der Stock