Threat Post

1. SonicWall ‘Botches’ October Patch for Critical VPN Bug

   Company finally rolls out the complete fix this week for an RCE flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.

2. BEC Losses Top $1.8B as Tactics Evolve

   BEC attacks getting are more dangerous, and smart users are the ones who can stop it.

3. Cryptominers Slither into Python Projects in Supply-Chain Campaign

   These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers' applications.

4. Email Bug Allows Message Snooping, Credential Theft

   A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.

5. Kids’ Apps on Google Play Rife with Privacy Violations

   One in five of the most-popular apps for kids under 13 on Google Play don't comply with COPPA regulations on how children's information is collected and used.

6. Lexmark Printers Open to Arbitrary Code-Execution Zero-Day

   “No remedy available as of June 21, 2021," according to the researcher who discovered the easy-to-exploit, no-user-action-required bug.

7. Six Flags to Pay $36M Over Collection of Fingerprints

   Illinois Supreme Court rules in favor of class action against company’s practice of scanning people’s fingers when they enter amusement parks.

8. Wegmans Exposes Customer Data in Misconfigured Databases

   Cleanup in aisle "Oops": The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny.

9. Bugs in NVIDIA’s Jetson Chipset Open Door to DoS Attacks, Data Theft

   Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.

10. Embryology Data Breach Follows Fertility Clinic Ransomware Hit

    Approximately 38,000 of RBA's customers had their embryology data stolen by a ransomware gang.