Friday Wrap Up: 20 Sept 2024
It's been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.
Vulnerability Fixes and Threat Patches
?? D-Link patches critical flaws in WiFi 6 routers, addressing vulnerabilities that allowed attackers to exploit hardcoded credentials and execute arbitrary code. (Published on 9/16/2024, BleepingComputer). Read More
?? Apple addresses major security flaws in iOS 18, warning that attackers could use Siri to access sensitive user data or control nearby devices. (Published on 9/16/2024, SecurityWeek). Read More
?? VMware patches a critical remote code execution flaw identified during a Chinese hacking contest, with a CVSS score of 9.8/10. (Published on 9/17/2024, SecurityWeek). Read More
?? GitLab releases a fix for a critical SAML authentication bypass vulnerability impacting self-managed CE and EE installations. (Published on 9/18/2024, BleepingComputer). Read More
Cybersecurity Incidents
?? Ivanti's cloud vulnerability (CVE-2024-8190) is actively exploited by threat actors just days after the advisory was issued. (Published on 9/16/2024, Dark Reading). Read More
?? AT&T fined $13M for a data breach that exposed customer billing information, which was retained in the cloud for years. (Published on 9/17/2024, Ars Technica). Read More
?? A zero-click RCE bug in macOS Calendar allows attackers to bypass security and steal iCloud data, including photos. (Published on 9/17/2024, Dark Reading). Read More
??? Dell investigates data breach claims after a hacker leaked personal information of over 10,000 employees. (Published on 9/20/2024, BleepingComputer). Read More
Botnets and Malware
???♂? A new Raptor Train IoT botnet, likely run by a Chinese threat actor, compromises over 200,000 devices worldwide. (Published on 9/18/2024, The Hacker News). Read More
?? FBI leads the takedown of the Raptor Train botnet, impacting over 200,000 devices as part of the Flax Typhoon APT campaign. (Published on 9/19/2024, Dark Reading). Read More
领英推荐
Industry and Legislation
?? California’s deepfake laws face a test of enforcement, aimed at curbing misinformation ahead of the U.S. presidential elections. (Published on 9/19/2024, InformationWeek). Read More
??? Hackers are brute-forcing Foundation Accounting Software used by construction contractors, leading to significant compromises. (Published on 9/18/2024, SecurityWeek). Read More
Emerging Trends
?? The future of cybersecurity may involve passwordless and keyless access management, transforming how companies handle privileged access. (Published on 9/20/2024, The Hacker News). Read More
?? GenAI poses new challenges for cybersecurity, despite limited data on AI-enabled attacks in existing threat reports. (Published on 9/20/2024, Dark Reading). Read More
?? Microsoft tracks Vanilla Tempest hackers who target U.S. healthcare organizations with INC ransomware attacks. (Published on 9/19/2024, BleepingComputer). Read More
and finally in non-cyber or tech news...
Entertainment and Industry Innovations
?? James Cameron hints at a new direction for the Terminator franchise, aiming for something entirely different from previous films. (Published on 9/19/2024, Gizmodo). Read More
?? Lotus unveils a bold, wedge-shaped EV sportscar concept, showcasing a futuristic vision for the troubled automaker. (Published on 9/17/2024, Ars Technica). Read More
Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!
If you want to receive the Friday Wrap Up in your inbox when it is released, head over to the Friday Wrap Up on Substack and subscribe. Never miss a new edition of the Friday Wrap Up!
Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.