Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 03 May 2024

Jorge Laurel Β· Β·3 min read Β·Issue #18

It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.


πŸ” Google thwarted 2.28 million malicious app attempts on Play Store in 2023, enhancing user security (Published on 4/29/2024, The Hacker News). Read More

🌐 ‘Muddling Meerkat’ linked to China, manipulates DNS to scan global internet networks (Published on 4/29/2024, The Hacker News). Read More

πŸ₯ Kaiser Permanente reveals data breach affecting 13.4 million, exposing personal details (Published on 4/29/2024, SecurityWeek). Read More

πŸ“ FCC imposes $200M fine on carriers for illicit sharing of user locations (Published on 4/29/2024, BleepingComputer). Read More

πŸ›‘οΈ Okta reports a surge in credential-stuffing attacks through proxy networks in 2024 (Published on 4/29/2024, Dark Reading). Read More

🐳 Docker Hub compromised by campaigns pushing malware and phishing via millions of repositories since 2021 (Published on 4/30/2024, BleepingComputer). Read More

πŸ’Ύ Hackers exploit USBs, old bugs, and malware to target Operational Technology systems effectively (Published on 4/30/2024, Dark Reading). Read More

πŸ›‘οΈ U.S. Government issues new AI security guidelines for protecting critical infrastructure (Published on 4/30/2024, The Hacker News). Read More

πŸ”„ Critical flaw in R programming language identified as a potential enabler for supply chain attacks (Published on 4/30/2024, SecurityWeek). Read More

πŸ”“ Judge0 vulnerabilities exposed: Attackers can escape sandbox and take over hosts (Published on 4/30/2024, SecurityWeek). Read More

πŸ”’ HPE Aruba Networking addresses four critical RCE flaws in ArubaOS, enhancing network security (Published on 5/1/2024, BleepingComputer). Read More

🚨 DropBox Sign breached: Hackers access customer data and authentication secrets (Published on 5/1/2024, BleepingComputer). Read More

πŸ•ΈοΈ Shadow APIs pose significant cyber risks due to poor management and security (Published on 5/1/2024, Dark Reading). Read More

πŸ”‘ Lack of multifactor authentication blamed for Change Healthcare cyberattack, says UnitedHealth CEO (Published on 5/1/2024, SecurityWeek). Read More

πŸ“± New Android malware ‘Wpeeper’ uses compromised WordPress sites to mask C2 traffic (Published on 5/1/2024, The Hacker News). Read More

⚠️ GitLab faces maximum-severity flaw allowing account hijacking, currently exploited in the wild (Published on 5/2/2024, Arc Technica). Read More

πŸ› οΈ Microsoft declines automated fix for 0x80070643 errors in Windows updates, manual resolution needed (Published on 5/2/2024, BleepingComputer). Read More

πŸ”— New ‘Goldoon’ botnet exploits decade-old flaw in D-Link routers for malicious attacks (Published on 5/2/2024, The Hacker News). Read More

πŸ“± Path traversal vulnerability threatens popular Android apps like Xiaomi and WPS Office (Published on 5/2/2024, The Hacker News). Read More

πŸ”— CEO sentenced to over 6 years for selling fake Cisco devices to US military, affecting key sectors (Published on 5/2/2024, BleepingComputer). Read More

πŸ”„ Google reverts reCaptcha update after bugs disrupt Firefox compatibility on Windows (Published on 5/3/2024, BleepingComputer). Read More

πŸ“§ NSA and FBI alert: North Korean hackers exploit weak DMARC policies in email attacks (Published on 5/3/2024, BleepingComputer). Read More

πŸ” Chinese threat actors likely behind ArcaneDoor campaign targeting Cisco firewalls (Published on 5/3/2024, SecurityWeek). Read More

πŸ”— Malicious use of Microsoft Graph API on the rise for stealthy malware communication, reports Symantec (Published on 5/3/2024, The Hacker News). Read More

🏟️ Paris Olympics’ cybersecurity challenged by persistent attack surface vulnerabilities (Published on 5/3/2024, Dark Reading). Read More


Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!


Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.