Friday Wrap Up: 19 April 2024
It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.
๐ Roku steps up security with mandatory 2FA after a credential-stuffing incident, assuring no financial data was compromised. (Published on 4/15/2024, Dark Reading). Read More
๐ Palo Alto Networks releases hotfixes for a zero-day exploit targeting PAN-OS firewalls since March 26. (Published on 4/15/2024, BleepingComputer). Read More
๐จ Cisco Duo’s Multifactor Authentication compromised via a third-party telephony service; vigilance urged against phishing. (Published on 4/15/2024, Dark Reading). Read More
๐ฑ Renewed cyber espionage in South Asia with LightSpy iOS spyware, targeting iPhone users. (Published on 4/15/2024, The Hacker News). Read More
๐ง Juniper Networks updates security with new advisories for Junos OS and related products. (Published on 4/15/2024, SecurityWeek). Read More
๐ Delinea responds to a security flaw after a researcher’s public disclosure, addressing long-ignored reports (Published on 4/16/2024, Dark Reading). Read More
๐ Global networks hit by massive login attempts from nearly 4,000 IP addresses targeting VPNs and more (Published on 4/16/2024, Ars Technica). Read More
๐ PuTTY SSH client vulnerability may allow private key recovery from cryptographic signatures (Published on 4/16/2024, BleepingComputer). Read More
๐ฑ FBI warns of a growing smishing scam across the US using fake unpaid-toll notices (Published on 4/16/2024, Dark Reading). Read More
๐ท TA558 hackers employ steganography in images to launch malware attacks worldwide (Published on 4/16/2024, The Hacker News). Read More
๐ Multiple botnets exploit a year-old flaw in TP-Link routers. Check your settings! (Published on 4/17/2024, BleepingComputer). Read More
โ๏ธ Ongoing Kubernetes cryptomining attacks target OpenMetadata apps. Beware of vulnerabilities! (Published on 4/17/2024, BleepingComputer). Read More
๐ Kubernetes RCE attack exploits known OpenMetadata vulnerabilities for severe impact. Stay alert! (Published on 4/17/2024, Dark Reading). Read More
๐ฅ๏ธ New hacking campaign targets Fortinet with Metasploit and ScreenConnect via critical flaw. Update immediately! (Published on 4/17/2024, The Hacker News). Read More
๐ต๏ธโ๏ธ Russia’s Sandworm group, now known as APT44, linked to recent OT and espionage attacks. Stay informed! (Published on 4/17/2024, SecurityWeek). Read More
๐ Meta debuts Llama 3 AI, boasting powerful capabilities and innovation. Stay tuned for more updates! (Published on 4/18/2024, TechCrunch). Read More
๐ LastPass users beware! Sophisticated phishing attacks are tricking even the experts. Protect your passwords! (Published on 4/18/2024, Ars Technica). Read More
๐ซ Major takedown: LabHost phishing service with 40,000 domains disrupted, 37 arrests. Cybersecurity wins! (Published on 4/18/2024, BleepingComputer). Read More
โ ๏ธ CISA warns: Critical ICS network controllers at risk with no patches available. Urgent attention needed! (Published on 4/18/2024, Dark Reading). Read More
๐ FIN7 cybercrime group targets U.S. auto industry, spreading Carbanak backdoor via spear-phishing. Stay alert! (Published on 4/18/2024, The Hacker News). Read More
๐ Frontier Communications takes drastic action, shutting down systems after a cyberattack compromises user data. Stay secure! (Published on 4/19/2024, SecurityWeek). Read More
๐ BlackTech escalates cyberattacks on tech, research, and government sectors in Asia-Pacific, deploying sophisticated Deuterbear tool. (Published on 4/19/2024, The Hacker News). Read More
๐ป Akira ransomware gang claims $42 million from over 250 entities, now targeting Linux servers. Be vigilant! (Published on 4/19/2024, The Hacker News). Read More
๐ฑ HelloKitty ransomware rebrands as HelloGookie, releases sensitive data from CD Projekt and Cisco. (Published on 4/19/2024, BleepingComputer). Read More
๐ MITRE Corporation reports breach by state hackers using Ivanti VPN zero-days in January 2024. (Published on 4/19/2024, BleepingComputer). Read More
and finally in non-cyber or tech news…
๐ฌ Zack Snyder’s Rebel Moon - Part Two: The Scargiver outshines its predecessor with a more compelling narrative. (Published on 4/19/2024, Gizmodo). Read More
๐ A legendary rocket bids farewell amidst a week of spectacular space events. (Published on 4/19/2024, Gizmodo). Read More
Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!
Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.