Essential Cyber Intel Brief: 11/21/2024

No one has time to sift through dozens of websites for critical cybersecurity insights. That’s why I developed a better solution-it’s automated, curated, and FREE.

Get the critical updates you need as a cybersecurity professional or business leader without the time drag or hassle.

As a Bayesian Cyber Risk Quantification Scientist, I specialize in quantifying cybersecurity risks into measurable, data-driven insights using advanced Bayesian statistics and Bayesian Network modeling. By applying rigorous probabilistic analysis, I help organizations quantify cyber threats in financial terms, prioritize resource allocation, model return on control investments, and make strategic decisions within a complex threat landscape. With thirty years of experience in the financial industry, I bridge compliance and regulatory requirements with actionable, data-driven intelligence, enabling leadership to make higher-resolution decisions and maximize the impact of their investments.

Designed for efficiency, I pinpoint the most critical cybersecurity events security professionals and business leaders need to know, and I publish them every business day by 9 AM CT for you.

In just one to two minutes, you’ll determine if the latest cybersecurity developments require further attention, allowing you to stay informed without losing valuable time.

Subscribe to receive automated notifications and stay ahead of critical developments - NO SPAM, just concise, relevant updates delivered directly to your inbox.

You can connect with me on LinkedIn and join my professional network.

11/21/2024 — New Cybersecurity Updates

Cyberattack at French hospital exposes health data of 750,000 patients — A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. Source

Fintech giant Finastra investigates data breaches after the SFTP hack. Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum. Source

Ford investigates alleged breach following customer data leak — Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. Source

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments — Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim’s funds at scale. The method, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relay NFC traffic. Source

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity — Microsoft has announced a new Windows Resiliency Initiative to improve security and reliability and ensure that system integrity is not compromised. Source

D-Link Warns of RCE Vulnerability in Legacy Routers — Six discontinued D-Link router models are affected by a remote code execution (RCE) vulnerability that will not be patched. Source

CISA Warns of Progress Kemp LoadMaster Vulnerability Exploitation — CISA warns organizations that CVE-2024–1212, a Progress Kemp LoadMaster OS command injection vulnerability, is being exploited in attacks. Source

FlipaClip — 892,854 breached accounts — In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server . The impacted data included name, email address, country, and date of birth. FlipaClip advised the issue has since been rectified. Source

Get notified when I publish new articles so you don’t miss the latest cybersecurity updates. I never share your email address; your subscription only sends you notifications when I publish new articles.

Copyright: Copyright ? 2024 Tim Layton & Associates, LLC. All rights reserved. All information and content on this website are protected by copyright and may not be reproduced, distributed, or transmitted in any form without prior written permission from Tim Layton & Associates, LLC.

Originally published at https://timlaytonllc.com on November 21, 2024.