Friday Wrap Up: 03 May 2024
It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.
π Google thwarted 2.28 million malicious app attempts on Play Store in 2023, enhancing user security (Published on 4/29/2024, The Hacker News). Read More
π ‘Muddling Meerkat’ linked to China, manipulates DNS to scan global internet networks (Published on 4/29/2024, The Hacker News). Read More
π₯ Kaiser Permanente reveals data breach affecting 13.4 million, exposing personal details (Published on 4/29/2024, SecurityWeek). Read More
π FCC imposes $200M fine on carriers for illicit sharing of user locations (Published on 4/29/2024, BleepingComputer). Read More
π‘οΈ Okta reports a surge in credential-stuffing attacks through proxy networks in 2024 (Published on 4/29/2024, Dark Reading). Read More
π³ Docker Hub compromised by campaigns pushing malware and phishing via millions of repositories since 2021 (Published on 4/30/2024, BleepingComputer). Read More
πΎ Hackers exploit USBs, old bugs, and malware to target Operational Technology systems effectively (Published on 4/30/2024, Dark Reading). Read More
π‘οΈ U.S. Government issues new AI security guidelines for protecting critical infrastructure (Published on 4/30/2024, The Hacker News). Read More
π Critical flaw in R programming language identified as a potential enabler for supply chain attacks (Published on 4/30/2024, SecurityWeek). Read More
π Judge0 vulnerabilities exposed: Attackers can escape sandbox and take over hosts (Published on 4/30/2024, SecurityWeek). Read More
π HPE Aruba Networking addresses four critical RCE flaws in ArubaOS, enhancing network security (Published on 5/1/2024, BleepingComputer). Read More
π¨ DropBox Sign breached: Hackers access customer data and authentication secrets (Published on 5/1/2024, BleepingComputer). Read More
πΈοΈ Shadow APIs pose significant cyber risks due to poor management and security (Published on 5/1/2024, Dark Reading). Read More
π Lack of multifactor authentication blamed for Change Healthcare cyberattack, says UnitedHealth CEO (Published on 5/1/2024, SecurityWeek). Read More
π± New Android malware ‘Wpeeper’ uses compromised WordPress sites to mask C2 traffic (Published on 5/1/2024, The Hacker News). Read More
β οΈ GitLab faces maximum-severity flaw allowing account hijacking, currently exploited in the wild (Published on 5/2/2024, Arc Technica). Read More
π οΈ Microsoft declines automated fix for 0x80070643 errors in Windows updates, manual resolution needed (Published on 5/2/2024, BleepingComputer). Read More
π New ‘Goldoon’ botnet exploits decade-old flaw in D-Link routers for malicious attacks (Published on 5/2/2024, The Hacker News). Read More
π± Path traversal vulnerability threatens popular Android apps like Xiaomi and WPS Office (Published on 5/2/2024, The Hacker News). Read More
π CEO sentenced to over 6 years for selling fake Cisco devices to US military, affecting key sectors (Published on 5/2/2024, BleepingComputer). Read More
π Google reverts reCaptcha update after bugs disrupt Firefox compatibility on Windows (Published on 5/3/2024, BleepingComputer). Read More
π§ NSA and FBI alert: North Korean hackers exploit weak DMARC policies in email attacks (Published on 5/3/2024, BleepingComputer). Read More
π Chinese threat actors likely behind ArcaneDoor campaign targeting Cisco firewalls (Published on 5/3/2024, SecurityWeek). Read More
π Malicious use of Microsoft Graph API on the rise for stealthy malware communication, reports Symantec (Published on 5/3/2024, The Hacker News). Read More
ποΈ Paris Olympics’ cybersecurity challenged by persistent attack surface vulnerabilities (Published on 5/3/2024, Dark Reading). Read More
Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!
Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.