News Roundup — July 31st 2024 edition.

This week in cybersecurity, Google announced it will not remove third-party cookies from Chrome, sparking privacy concerns. A North Korean hacking group gained attention from Mandiant and the FBI, and KnowBe4 mistakenly hired a North Korean hacker. HealthEquity’s data breach affected 4.3 million people, and US senators called on the FTC to investigate car makers’ privacy practices.

Fake GitHub accounts spread malware, and companies struggled to recover from a crippling CrowdStrike Falcon update, with losses estimated at $5.4 billion. Millions of devices are vulnerable to the PKFail secure boot bypass issue, and a targeted PyPI package stole Google Cloud credentials from macOS developers.

ServiceNow RCE flaws were actively exploited to steal credentials, and a critical FBCS data breach impacted 4.2 million people. Meta dismantled a massive Instagram sextortion network, and French police pushed a self-destruct payload to clean PCs infected with PlugX malware.

The FBI, CISA, and partners released an advisory on North Korean cyber espionage. Senate introduced a bill to promote cybersecurity apprenticeships, and the India-linked SideWinder group pivoted to hacking maritime targets. Additionally, ongoing concerns about car software updates and cybersecurity regulations were highlighted in recent discussions.

Google Will Not Remove Third-Party Cookies From Chrome

North Korean hacking group makes waves to gain Mandiant, FBI spotlight

Cybersecurity Firm KnowBe4 Tricked into Hiring North Korean Hacker as IT Pro

HealthEquity says data breach impacts 4.3 million people

US senators ask FTC to investigate car makers' privacy practices | Malwarebytes

3,000 Fake GitHub Accounts Used to Spread Malware in Stargazers Ghost Scheme

Companies Struggle to Recover From CrowdStrike's Crippling Falcon Update

Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue

Targeted PyPi Package Steals Google Cloud Credentials from macOS Devs

CrowdStrike Outage Losses Estimated at a Staggering $5.4B

FBCS data breach impact now reaches 4.2 million people

Critical ServiceNow RCE flaws actively exploited to steal credentials

Researchers Claim Anyone Can Access Deleted, Private GitHub Repository Data

Meta nukes massive Instagram sextortion network of 63,000 accounts

Security Firm Accidentally Hires North Korean Hacker, Did Not KnowBe4

Banking, oil and IT industry reps call on Congress to harmonize cyber regulations ... again

FBI, CISA, and Partners Release Advisory Highlighting North Korean Cyber Espionage Activity | CISA

French police push PlugX malware self-destruct payload to clean PCs

Bipartisan Senate bill would promote cybersecurity apprenticeship programs

India-Linked SideWinder Group Pivots to Hacking Maritime Targets

Cars Are Rolling Computers Now. So What Happens When They Stop Getting Updates?