Essential Cyber Intel Brief: 11/20/2024

No one has time to sift through dozens of websites for critical cybersecurity insights. That’s why I developed a better solution-it’s automated, curated, and absolutely free.

Get the critical updates you need as a cybersecurity professional or business leader without the time drag or hassle.

As a Bayesian Cyber Risk Quantification Scientist, I specialize in quantifying cybersecurity risks into measurable, data-driven insights using advanced Bayesian statistics and Bayesian Network modeling. By applying rigorous probabilistic analysis, I help organizations quantify cyber threats in financial terms, prioritize resource allocation, model return on control investments, and make strategic decisions within a complex threat landscape. With thirty years of experience in the financial industry, I bridge compliance and regulatory requirements with actionable, data-driven intelligence, enabling leadership to make higher-resolution decisions and maximize the impact of their investments.

Designed for efficiency, I pinpoint the most critical cybersecurity events security professionals and business leaders need to know, and I publish them every business day by 9 AM CT for you.

In just one to two minutes, you’ll determine if the latest cybersecurity developments require further attention, allowing you to stay informed without losing valuable time.

Subscribe to receive automated notifications and stay ahead of key developments-no spam, just concise, relevant updates delivered directly to your inbox.

You can connect with me on LinkedIn and join my professional network.

11/20/2024 — New Cybersecurity Updates

Fintech Giant Finastra Investigating Data Breach — The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of a potential breach after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. Source

Apple fixes two zero-days used in attacks on Intel-based Macs — Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. Source

Apple Confirms Zero-Day Attacks Hitting macOS Systems — Apple rushes out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild. Source

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities — Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. Source

CISA tags Progress Kemp LoadMaster flaw as exploited in attacks — The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. Source

Ford investigates alleged breach following customer data leak — Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. Source

Ford Says Leaked Data Comes From Supplier and Is Not Sensitive — Ford has completed its investigation into recent data breach claims and determined that its systems and customer data have not been compromised. Source

Oracle warns of Agile PLM file disclosure flaw exploited in attacks — Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024–21287, which was actively exploited as a zero-day to download files. Source

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation — Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability tracked as CVE-2024–21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. Source

Oracle Patches Exploited Agile PLM Zero-Day — Oracle has patched a high-severity information disclosure zero-day in Agile PLM that has been exploited in the wild. Source

D-Link urges users to retire VPN routers impacted by unfixed RCE flaw — D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices. Source

Helldown ransomware exploits Zyxel VPN flaw to breach networks — The new ‘Helldown’ ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. Source

NHIs Are the Future of Cybersecurity: Meet NHIDR — The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. Source

Decades-Old Security Vulnerabilities Found in Ubuntu’s Needrestart Package — Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. Source

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks — A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection. Source

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices — The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. Source

Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts — Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools. Source

Employee Data Compromised in Hacker Attack on Space Technology Firm Maxar — Satellite maker Maxar Space Systems has disclosed a data breach impacting the personal information of its employees. Source

Russian Phobos Ransomware Operator Extradited to US — Evgenii Ptitsyn was extradited from South Korea to the US to face charges for his alleged involvement in administering the Phobos ransomware. Source

Get notified when I publish new articles so you don’t miss out on the latest cybersecurity updates. I never share your email address, and your subscription only sends you notifications when I publish new articles.

Privacy: Tim Layton & Associates, LLC respects your privacy and is committed to protecting your personal information. For more details, please review our Privacy Policy.

Copyright: Copyright ? 2024 Tim Layton & Associates, LLC. All rights reserved. All information and content on this website are protected by copyright and may not be reproduced, distributed, or transmitted in any form without prior written permission from Tim Layton & Associates, LLC.

Originally published at https://timlaytonllc.com on November 20, 2024.