Apparently was not related to a cyber attack, as stated in status page (https://status.proton.me/)

We have resolved all service outages, and the situation has been stable for some time. We have identified the root cause of the problem, implemented a fix, and are now monitoring the results. Jan 09, 2025 - 19:27 CET

A better summary:

The text discusses a series of cybersecurity breaches affecting Microsoft, involving sensitive data theft from US government officials and organizations, attributed to Chinese hackers. Microsoft's delayed response to discovered security flaws, including a 90-day wait for a partial fix, is criticized. Senator Ron Wyden has called for Microsoft's accountability. The breaches underscore the growing issue of security vulnerabilities in tech companies, leading to expectations that the US government will require companies to promptly disclose security incidents within a strict timeframe.

Please note that the attack can only be carried out if the local network itself is compromised.

Kudos to SOC team.

From the article:

Microsoft locked down a server last month that exposed Microsoft employee passwords, keys and credentials to the open Internet, as the company faces growing pressure to strengthen the security of its software. Microsoft was notified of the vulnerability on February 6th and the block on March 5th. It is unclear whether anyone accessed the exposed server during this period.

Hackers 10 - 1 LastPass

Update: Israel Planted Explosives in Pagers Sold to Hezbollah, Officials Say (https://www.nytimes.com/2024/09/17/world/middleeast/israel-hezbollah-pagers-explosives.html)

This one does not spark joy.

Instance Rules

Be respectful. Everyone should feel welcome here.

In this particular case, the method of infection of the router was not disclosed. However, typically, the most common methods involve an open administration port to the internet (user interface or TR-069) or through the internal interface, in case a network host has been compromised.

They often perform brute-force password attacks, and once access is obtained, they look for typical Linux administrative tools (such as bash, etc.) and proceed to compromise the router.

So I understand that a router with custom firmware can be compromised if it has a weak password and resources to maintain the infection, or of course, a vulnerability that is exploitable.

Depends of the country. Disrupt with Internet/communications may be a crime in some countries.

Very nice approach!

Some points about the article:

Nature of the Vulnerability: The vulnerability is a security flaw that allows leaking the email associated with a YouTube channel by exploiting endpoints from both YouTube and Google Pixel Recorder.

Impact: It allows an attacker to obtain the email associated with any YouTube channel, which can lead to phishing attacks, privacy invasion, and other malicious activities. This potentially affects all YouTube users who own a channel.

Fix Status: The vulnerability has been fixed by Google. Both parts of the exploit were resolved by 02/09/2025, and the report was disclosed on 02/12/2025.

The first vulnerability, CVE-2025-5054, affects Ubuntu’s Apport crash reporting system, while the second, CVE-2025-4598, impacts systemd-coredump, the default core dump handler used across Red Hat Enterprise Linux 9 and 10, as well as Fedora distributions.

Stop giving me your toughest battles

Looks like it: https://haveibeenpwned.com/Breach/Udemy

You can use https://tails.net/ booting from another flash drive in memory only.

Post from Coinbase: https://www.coinbase.com/en-gb/blog/protecting-our-customers-standing-up-to-extortionists

Noted!

Honestly, I didn't think about vulnerability in SyncThing when I read the article. But I wondered why defense forces would have p2p open on their networks.

Nevertheless: https://www.crowdstrike.com/en-us/blog/crowdstrike-fortinet-partnership-unifies-endpoint-firewall-protection/