Here are this week’s highlights in cybersecurity:

  • BidenCash, a carding marketplace, leaked a free database of 2,1 million debit and credit cards in celebration of its first anniversary. Besides payment details like card expiration and CVV, the leak contains names, emails, phone numbers and addresses. More
  • A proof of concept for CVE-2023-21716 has been published over the weekend. This critical vulnerability in Microsoft Word allows remote code execution by opening or previewing a .RTF file. More
  • The Clínic de Barcelona hospital was breached by the RansomHouse ransomware gang, affecting day to day activities. More
  • Veeam patched a high-severity Backup Service security vulnerability that impacts its Backup & Replication software. The flaw ( CVE-2023-27532) allows unauthenticated attackers to access backup infrastructure hosts after obtaining encrypted credentials stored in the VeeamVBR configuration database accessible via TCP port 9401. More
  • The latest Microsoft Windows 11 build rolling out in the Canary channel enables Local Security Authority (LSA) protection by default. LSA protection defends against theft of login credentials (like mimikatz performs) by blocking code injection into the LSA process as well as process memory dumping. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.