Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 26 April 2024

Jorge Laurel Β· Β·4 min read Β·Issue #17

It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.


🌐 MITRE, renowned for its cybersecurity frameworks, was compromised using MITRE techniques and Ivanti bugs (Published on 4/22/2024, Dark Reading). Read More

πŸ–¨οΈ Russia’s APT28 targeted Windows Print Spooler to introduce ‘GooseEgg’ malware, unknown until now (Published on 4/22/2024, The Hacker News). Read More

πŸ•΅οΈβ™‚οΈ ToddyCat hackers exploit advanced tools to steal data from governments on an industrial scale (Published on 4/22/2024, The Hacker News). Read More

πŸ›‘οΈ CrushFTP addresses a zero-day flaw allowing attackers to access system files (Published on 4/22/2024, SecurityWeek). Read More

πŸ”“ Ransomware victims often face repeat attacks, highlighting persistent cybersecurity threats (Published on 4/22/2024, The Hacker News). Read More

πŸ’½ North Korean hackers manipulate eScan antivirus updates to deploy GuptiMiner malware across major networks (Published on 4/23/2024, BleepingComputer). Read More

🌐 CoralRaider campaign leverages CDN cache to distribute info-stealing malware in multiple countries (Published on 4/23/2024, BleepingComputer). Read More

πŸ”— Hackers exploit Git CDNs to create phishing links using ghost comments, eluding detection (Published on 4/23/2024, Dark Reading). Read More

πŸ”₯ Siemens industrial products affected by an exploited Palo Alto Networks firewall vulnerability (Published on 4/23/2024, SecurityWeek). Read More

πŸ’΅ US offers a $10 million bounty for information on Iranian hackers targeting government and defense sectors (Published on 4/23/2024, SecurityWeek). Read More

let’s take a break from cyber and tech news….

🌌 Study reveals bioluminescence dates back over half a billion years, shedding light on its evolution (Published on 4/23/2024, Gizmodo). Read More

πŸš€ Voyager 1 sends first clear message in months, signaling a restoration of data communication with NASA (Published on 4/23/2024, Inverse). Read More

now back to cyber and tech news

🚨 Public exploit released for critical Flowmon vulnerability in Progress Flowmon. Patch urgently recommended (Published on 4/24/2024, BleepingComputer). Read More

πŸ•΅οΈβ™‚οΈ Iranian hackers orchestrate a multi-year cyber espionage campaign against US military and government entities (Published on 4/24/2024, Dark Reading). Read More

πŸ”₯ Cisco alerts about ‘ArcaneDoor’ zero-days in ASA firewalls, impacting telecom and energy sectors (Published on 4/24/2024, SecurityWeek). Read More

πŸ’» eScan antivirus update mechanism exploited to install backdoors and miners, potentially linked to North Korean hackers (Published on 4/24/2024, The Hacker News). Read More

πŸ”’ Ring users receive $5.6 million settlement from FTC for privacy breaches involving unauthorized video access (Published on 4/24/2024, BleepingComputer). Read More

πŸ”“ New Android malware, “Brokewell,” captures all user interactions on devices, posing severe security threats. (Published on 4/25/2024, BleepingComputer). Read More

🚨 Over 1,400 CrushFTP servers are at risk due to a critical bug being actively exploited. (Published on 4/25/2024, BleepingComputer). Read More

πŸ”Š Most Chinese keyboard apps are vulnerable to eavesdropping, affecting 1 billion users. (Published on 4/25/2024, Dark Reading). Read More

🎣 New phishing attacks use Autodesk Drive to target corporate users with malicious PDFs. (Published on 4/25/2024, SecurityWeek). Read More

πŸ•΅οΈβ™‚οΈ North Korea’s Lazarus Group launches new Kaolin RAT malware through fake job offers. (Published on 4/25/2024, The Hacker News). Read More

πŸ” Palo Alto Networks shares urgent remediation for the critical PAN-OS flaw, CVE-2024-3400, now under active attack. (Published on 4/26/2024, The Hacker News). Read More

πŸ”„ Final phase of digital transformation emphasizes data modernization with new tools and technologies. (Published on 4/26/2024, informationweek). Read More

πŸ“‘ Telegram currently down globally, showing “Connecting” errorβ€”users unable to access services. (Published on 4/26/2024, BleepingComputer). Read More

🚨 Kaiser Permanente announces data breach potentially impacting 13.4 million U.S. patients. (Published on 4/26/2024, BleepingComputer). Read More

πŸ”Œ Over 90k IP addresses hit by self-spreading PlugX USB drive malware. (Published on 4/26/2024, SecurityWeek). Read More


Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!


Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.