SecurityDigest: Cybersecurity News and Updates 07.10.2024-14.10.2024

Microsoft Addresses Five Zero-Day Vulnerabilities in October Patch Tuesday Update

Microsoft has released security updates for five Zero-Day vulnerabilities. Two of these vulnerabilities have been actively exploited by attackers. One of them is CVE-2024-43572, which is an arbitrary code execution vulnerability in the 微软 Management Console. This vulnerability could lead to system compromise via phishing or privilege escalation attacks.

The second vulnerability, CVE-2024-43573, allows attackers to trick users into visiting a fake site to collect data or inject malware.

The other three vulnerabilities have not yet been exploited, but they pose potential risks such as privilege escalation and Hyper-V attacks.

Recommendations

Organizations are encouraged to install Microsoft's October security updates as soon as possible to protect systems from exploiting these critical vulnerabilities.

Internet Archive Data Leak: 31 Million Users at Risk

The Internet Archive, best known for its "The Wayback Machine," has experienced a significant data breach. Hackers gained access to the authentication database, which contains 31 million unique records. The database includes email addresses, aliases, password change icons, hashed passwords (bcrypt), and other internal data.

The leak occurred in late September 2024, and now users can verify whether their data was stolen through the "Have I Been Pwned" service.

In addition, the Internet Archive also recognized the DDoS attacks that were immediately affecting their websites.

Recommendations

Users whose data may have been compromised are advised to immediately change their passwords, activate two-factor authentication, and verify their account on the "Have I Been Pwned" service.

Mozilla Patches Critical Vulnerability CVE-2024-9680 in Firefox

Mozilla has released an update for Firefox version 131 that addresses the CVE-2024-9680 vulnerability, which was actively exploited in real-world attacks. This use-after-free vulnerability allows attackers to execute remote code via a bug in browser animation timelines.

The fix also applies to Firefox ESR versions. The vulnerability was first documented in 2024 and was actively used for attacks in Firefox.

Recommendations

Users are advised to immediately update their Firefox browser to the latest version (131.0.2 or ESR) to protect against this threat.

Fidelity Investments: Data breach impacts more than 77,000 clients

富达 , one of the largest financial companies in the world, reported that the personal data of more than 77,000 customers was leaked in a cyber attack in August.

The attackers accessed information via two customer accounts between August 17 and 19.

The company immediately terminated access and began an investigation involving external experts.

The leak did not affect customer accounts, but personal data such as names and other identifiers were stolen.

Fidelity is offering affected customers free credit monitoring from TransUnion for two years.

Recommendations

Fidelity customers are encouraged to check their financial accounts and credit reports regularly and to immediately report any suspicious activity to financial institutions or the appropriate authorities.

Follow our weekly updates to stay up-to-date with recommendations on how to protect your data from cyber-attacks.

Best Regards,

FS Group Team