Hey passbolt community!
Welcome to the July edition of the “This Month in Cybersecurity.” 
Our mission with these series is to keep you informed about the latest happenings. From major breaches to new vulnerabilities and important updates, we’ve curated the key stories that impact all of us. Let’s dive into the top stories that you need to know about this month.
1. Twilio says hackers identified cell phone numbers of two-factor app Authy users
Twilio confirmed that hackers identified the phone numbers of 33 million users of its Authy two-factor authentication app due to an exposed endpoint. Although there is no evidence of access to Twilio’s systems or other sensitive data, users are advised to update their Authy apps and remain vigilant against phishing attacks. This breach allows attackers to craft convincing phishing attempts by impersonating Authy or Twilio. Previously, Twilio experienced a significant data breach in 2022, affecting over 100 customers and leading to a major phishing campaign.
| Date: | Jul 3, 2024 |
|---|---|
| Source: | Tech Crunch |
| Author: | Lorenzo Franceschi-Bicchierai |
2. RockYou2024: 10 billion passwords leaked in the largest compilation of all time
The largest password compilation leak, RockYou2024, containing nearly ten billion unique plaintext passwords, was posted on a popular hacking forum. This massive dataset, revealed by forum user ObamaCare, combines old and new data breaches, significantly increasing the risk of credential stuffing attacks. The leak heightens the danger for users who reuse passwords, making them vulnerable to unauthorized access. Cybernews researchers recommend resetting passwords, enabling multi-factor authentication, and using password managers to mitigate risks. This leak follows the 2021 RockYou compilation and highlights ongoing threats to cybersecurity.
| Date: | Jul 4, 2024 |
|---|---|
| Source: | Cybernews |
| Author: | Vilius Petkauskas |
3. AT&T confirms data breach affecting nearly all wireless customers
AT&T has confirmed a data breach affecting nearly all its wireless customers and mobile virtual network operators (MVNO) users, with threat actors accessing customer call and text interaction records from a third-party cloud platform between April 14 and April 25, 2024. The breached data includes phone numbers, interaction counts, call durations, and cell site IDs, potentially enabling location triangulation. The hackers exploited vulnerabilities in Snowflake’s storage accounts, and AT&T paid a $370,000 ransom for data deletion proof. The breach, part of a larger cybercrime spree affecting multiple companies, has led to an ongoing investigation by the FCC.
| Date: | Jul 13, 2024 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
4. CrowdStrike update crashes Windows systems, causes outages worldwide
A faulty component in CrowdStrike Falcon’s latest update is causing widespread crashes of Windows systems globally, affecting numerous organizations including airports, TV stations, hospitals, and emergency services. The update has resulted in massive outages, with users reporting Blue Screen of Death (BSOD) errors and systems stuck in boot loops. CrowdStrike identified and reverted the problematic update component and provided a workaround to delete a specific file to resolve the issue. Despite the fix, many large organizations are still grappling with the aftermath, leading to significant disruptions in operations and services worldwide. For more details, the Preliminary Post Incident Review is available here: Falcon Content Update Remediation and Guidance Hub | CrowdStrike
| Date: | Jul 19, 2024 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Ionut Ilascu |
5. Switzerland federal government requires releasing its software as open source
Switzerland has enacted the “Federal Law on the Use of Electronic Means for the Fulfillment of Government Tasks” (EMBAG), mandating that all government software be open source unless restricted by third-party rights or security concerns. This “public money, public code” initiative aims to enhance transparency, security, and efficiency in government operations. The law also requires the release of non-personal and non-security-sensitive government data as Open Government Data (OGD). This move, led by Professor Dr. Matthias Stürmer, is expected to reduce vendor lock-in, lower IT costs, and improve services, serving as a model for other countries.
| Date: | Jul 23, 2024 |
|---|---|
| Source: | ZD Net |
| Author: | Steven Vaughan-Nichols |
6. Crooks bypassed Google’s email verification to create workspace accounts, access 3rd-party services
Google recently fixed an authentication vulnerability that allowed criminals to bypass email verification and create Google Workspace accounts, which they then used to impersonate domain holders at third-party services using the “Sign in with Google” feature. This issue, discovered through a small-scale abuse campaign, was resolved within 72 hours. The attackers circumvented the verification process by using a specifically constructed request, enabling them to create Workspace accounts without domain verification. Google emphasized that none of the affected domains had previously been associated with Workspace accounts, and no Google services were abused directly. Instead, the attackers aimed to impersonate domain holders to access third-party services like Dropbox.
| Date: | Jul 26, 2024 |
|---|---|
| Source: | Krebs on Security |
| Author: | Brian Krebs |
7. WhatsApp for Windows lets Python, PHP scripts execute with no warning
A security vulnerability in the latest version of WhatsApp for Windows allows Python (.pyz, .pyzw) and PHP (.php) scripts to be executed without any warning when recipients open them. This issue, discovered by security researcher Saumyajeet Das, persists because WhatsApp does not block these file types, despite blocking others like .EXE and .BAT. Meta, WhatsApp’s parent company, dismissed the report, stating they do not plan to fix the issue, advising users to be cautious with files from unknown sources. The flaw poses a risk of remote code execution, especially if an account is hijacked, enabling attackers to send malicious scripts easily.
| Date: | Jul 27, 2024 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Bill Toulas |
8. Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update
Google experienced a significant outage affecting its password manager for millions of Windows users using the M127 version of Chrome, coinciding with the fallout from the faulty CrowdStrike update. The issue, lasting nearly 18 hours and fixed by July 25, resulted from a configuration change without proper feature guard, rendering saved passwords inaccessible for around 2% of impacted users. Google has since apologized for the disruption, emphasizing the scale and global nature of the issue.
| Date: | Jul 29, 2024 |
|---|---|
| Source: | The Register |
| Author: | Richard Speed |
Conclusion
Thanks for joining us for this month’s cybersecurity roundup!
As most of us know by now the CrowdStrike update causing widespread system crashes has been a major event—did it impact you or your organization? And what do you think about Switzerland’s new open source law for government software? Should other countries follow this lead? 
Head over to the Passbolt community forum to share your experiences and join the discussion. If there’s any important news that was missed, feel free to post it in the “In the News” section: In the news - Passbolt community forum.
Share your thoughts and experiences below. Until next month!