📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #06/2024 is out! It includes the following and much more:
➝ 🔓 #Juniper Support Portal Exposed Customer Device Info
➝ 🔓 🇹🇭 Major #DataBreach in #Thailand Exposes Personal Data of 20 Million Elderly Citizens
➝ 🔓 🇫🇷 Millions at risk of fraud after massive health data hack in #France
➝ 🔓 🇺🇸 #Verizon employee inadvertently leaks data of 63 thousand colleagues
➝ 🔓 🖥️ #AnyDesk Hacked: Revokes Passwords, Certificates in Response
➝ 🔓 🇺🇸 #Clorox says #cyberattack caused $49 million in expenses
➝ 💸 📈 #Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline
➝ 🇺🇸 💰 US offers $10 million for tips on #Hive ransomware leadership
➝ 🇨🇳 🇺🇸 #China-backed Volt Typhoon hackers have lurked inside US #criticalinfrastructure for ‘at least five years’
➝ 🇨🇳 🇳🇱 Chinese Hackers Exploited #FortiGate Flaw to Breach Dutch #Military Network
➝ 🇮🇷 🇮🇱 #Iran accelerates cyber ops against #Israel from chaotic start
➝ 🇧🇾 🇺🇸 Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion #Crypto Money Laundering
➝ 🇭🇰 💸 #Finance worker pays out $25 million after video call with #deepfake ‘chief financial officer’
➝ 🇺🇦 #ukraine is Creating a ‘Cyber Diplomat’ Post
➝ 🇩🇰 #Denmark orders schools to stop sending student data to #Google
➝ 🇪🇺 ⚖️ #EU proposes criminalizing AI-generated child sexual abuse and deepfakes
➝ 🇳🇱 💰 #Uber Fined 10 Million Euros by Dutch Data Regulator
➝ 🇺🇸 🛂 US to Roll Out Visa Restrictions on People Who Misuse #Spyware to Target Journalists, Activists
➝ 🦠 💬 Raspberry Robin #Malware Upgrades with #Discord Spread and New Exploits
➝ 🦠 🍎 New #macOS Backdoor Linked to Prominent Ransomware Groups
🦠 🪥 Surprising 3 Million Hacked #Toothbrushes Story Goes Viral—Is It True?
➝ 🇨🇦 🐬 #Canada declares #FlipperZero public enemy No. 1 in car-theft crackdown
➝ 🩹 #Ivanti: Patch new Connect Secure auth bypass bug immediately
➝ 🐛 📍 Security flaw in a popular smart helmet allowed silent location tracking
➝ 🩹 Critical Patches Released for New Flaws in #Cisco, #Fortinet, #VMware Products
➝ 🐛 🐧 Critical Boot Loader #Vulnerability in Shim Impacts Nearly All #Linux Distros
➝ 🐛 ✈️ #Airbus App Vulnerability Introduced Aircraft Safety Risk
➝ 🩹 #QNAP Patches High-Severity Bugs in QTS, Qsync Central
--
📚 This week's recommended reading is: "x86 Software Reverse-Engineering, Cracking, and Counter-Measure" by Stephanie Domas & Christopher Domas
--
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Mozilla has introduced Mozilla Monitor Plus, a paid privacy service, to automatically remove user data from data broker sites, expanding its initial breach alert functions. The service offers a free one-time scan for exposed data and a subscription for ongoing protection, covering over 190 data broker sites.
Millions of people are at risk of fraud after a data breach at a company that manages the third-party payments for #France 84 top-up insurance providers.
"We are aware of the claims and are investigating their veracity," HPE's Sr. Director for Global Communications Adam R. Bauer told BleepingComputer on Thursday.
"At this time we have not found evidence of an intrusion, nor any impact to HPE products or services. There has not been an extortion attempt."
AnyDesk confirmed that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. #databreach@BleepingComputer
Was BrightStar Care attacked by two different groups — or was there only one breach?
It would help if BrightStar Care responded to inquiries. They didn't, but I'm confident they would like us all to know that they take privacy and security very seriously, right?
The #FTC went after #Blackbaud for its poor security, #databreach in 2020, and incident response. A ton of provisions in the proposed order, but no monetary penalty.
I like how they included that after paying $250k to the threat actors to get them to delete the data, "The company never verified, however, that the hacker actually deleted the stolen data, according to the complaint."
Proving once again what lying bastards they are, #LockBit hit St. Anthony Hospital (Chicago) on December 18 and exfiltrated some patient data. The hospital hasn't confirmed how much yet, and they make no mention of any #encryption of files. LockBit seems to be demanding $800k ransom/extortion to delete the files.
"The Wall Street Journal recently reported that #23andMe once had a market cap of $6 billion. That has dropped to $350 million. "
Here we go again: how do we figure out how much of 23andMe's woes is due to a #databreach and their pretty deplorable #incidentresponse that blamed their users, and how much is due to other financial issues involving their investments?