Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 19 April 2024

Jorge Laurel ยท ยท4 min read ยทIssue #16

It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.


๐Ÿ” Roku steps up security with mandatory 2FA after a credential-stuffing incident, assuring no financial data was compromised. (Published on 4/15/2024, Dark Reading). Read More

๐Ÿ”’ Palo Alto Networks releases hotfixes for a zero-day exploit targeting PAN-OS firewalls since March 26. (Published on 4/15/2024, BleepingComputer). Read More

๐Ÿšจ Cisco Duo’s Multifactor Authentication compromised via a third-party telephony service; vigilance urged against phishing. (Published on 4/15/2024, Dark Reading). Read More

๐Ÿ“ฑ Renewed cyber espionage in South Asia with LightSpy iOS spyware, targeting iPhone users. (Published on 4/15/2024, The Hacker News). Read More

๐Ÿ”ง Juniper Networks updates security with new advisories for Junos OS and related products. (Published on 4/15/2024, SecurityWeek). Read More

๐Ÿ” Delinea responds to a security flaw after a researcher’s public disclosure, addressing long-ignored reports (Published on 4/16/2024, Dark Reading). Read More

๐ŸŒ Global networks hit by massive login attempts from nearly 4,000 IP addresses targeting VPNs and more (Published on 4/16/2024, Ars Technica). Read More

๐Ÿ”‘ PuTTY SSH client vulnerability may allow private key recovery from cryptographic signatures (Published on 4/16/2024, BleepingComputer). Read More

๐Ÿ“ฑ FBI warns of a growing smishing scam across the US using fake unpaid-toll notices (Published on 4/16/2024, Dark Reading). Read More

๐Ÿ“ท TA558 hackers employ steganography in images to launch malware attacks worldwide (Published on 4/16/2024, The Hacker News). Read More

๐Ÿ”“ Multiple botnets exploit a year-old flaw in TP-Link routers. Check your settings! (Published on 4/17/2024, BleepingComputer). Read More

โ›๏ธ Ongoing Kubernetes cryptomining attacks target OpenMetadata apps. Beware of vulnerabilities! (Published on 4/17/2024, BleepingComputer). Read More

๐ŸŒ Kubernetes RCE attack exploits known OpenMetadata vulnerabilities for severe impact. Stay alert! (Published on 4/17/2024, Dark Reading). Read More

๐Ÿ–ฅ๏ธ New hacking campaign targets Fortinet with Metasploit and ScreenConnect via critical flaw. Update immediately! (Published on 4/17/2024, The Hacker News). Read More

๐Ÿ•ต๏ธโ™‚๏ธ Russia’s Sandworm group, now known as APT44, linked to recent OT and espionage attacks. Stay informed! (Published on 4/17/2024, SecurityWeek). Read More

๐Ÿš€ Meta debuts Llama 3 AI, boasting powerful capabilities and innovation. Stay tuned for more updates! (Published on 4/18/2024, TechCrunch). Read More

๐Ÿ”’ LastPass users beware! Sophisticated phishing attacks are tricking even the experts. Protect your passwords! (Published on 4/18/2024, Ars Technica). Read More

๐Ÿšซ Major takedown: LabHost phishing service with 40,000 domains disrupted, 37 arrests. Cybersecurity wins! (Published on 4/18/2024, BleepingComputer). Read More

โš ๏ธ CISA warns: Critical ICS network controllers at risk with no patches available. Urgent attention needed! (Published on 4/18/2024, Dark Reading). Read More

๐Ÿš— FIN7 cybercrime group targets U.S. auto industry, spreading Carbanak backdoor via spear-phishing. Stay alert! (Published on 4/18/2024, The Hacker News). Read More

๐Ÿ”’ Frontier Communications takes drastic action, shutting down systems after a cyberattack compromises user data. Stay secure! (Published on 4/19/2024, SecurityWeek). Read More

๐ŸŒ BlackTech escalates cyberattacks on tech, research, and government sectors in Asia-Pacific, deploying sophisticated Deuterbear tool. (Published on 4/19/2024, The Hacker News). Read More

๐Ÿ’ป Akira ransomware gang claims $42 million from over 250 entities, now targeting Linux servers. Be vigilant! (Published on 4/19/2024, The Hacker News). Read More

๐Ÿฑ HelloKitty ransomware rebrands as HelloGookie, releases sensitive data from CD Projekt and Cisco. (Published on 4/19/2024, BleepingComputer). Read More

๐Ÿ”“ MITRE Corporation reports breach by state hackers using Ivanti VPN zero-days in January 2024. (Published on 4/19/2024, BleepingComputer). Read More

and finally in non-cyber or tech news…

๐ŸŽฌ Zack Snyder’s Rebel Moon - Part Two: The Scargiver outshines its predecessor with a more compelling narrative. (Published on 4/19/2024, Gizmodo). Read More

๐Ÿš€ A legendary rocket bids farewell amidst a week of spectacular space events. (Published on 4/19/2024, Gizmodo). Read More


Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!


Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.