Here are this week’s highlights in cybersecurity:
- Slack leaked password hashes for years. When a user created or revoked a shared invitation link for their workspace, Slack transmitted a hashed version of their password to other workspace members. More
- A recent cyber-espionage operation aimed at industrial enterprises and public institutions in Eastern Europe was linked to a threat actor that is likely sponsored by the Chinese government. Six different backdoor malware families were used in the attacks, most of which were previously linked to TA428. More
- Twilio suffers data breach after employees fall victim to SMS phishing attack. Same attack was attempted without success on Cloudflare employees. More
- Former Twitter employee was found guilty of spying for Saudi Arabia. He abused his access to obtain information such as email addresses, phone numbers, IP addresses, and dates of birth, which he handed over to the officials in return for $300,000 in cash and a Hublot Unico Big Bang King Gold Ceramic watch valued at $40,000. More
- The US offers $10 million reward for information on the hacker groups Conti, Trickbot and Wizard Spider that would help confirm that they are associated with a foreign government. More
- A researcher was able to hack Starlink and run code on the satellite via a fault injection attack and a Raspberry Pi . More
Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.