Friday Wrap Up: 14 June 2024
It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.
๐จ Exploit for critical Veeam auth bypass flaw CVE-2024-29849 available. Admins urged to patch now. (Published on 6/10/2024, BleepingComputer). Read More
๐ฑ Apple’s AI promise: “Your data is never stored or accessible to Apple.” Server code is publicly reviewable for verification. (Published on 6/10/2024, Ars Technica). Read More
๐ง More_eggs malware disguised as resumes targets recruiters in phishing attack. (Published on 6/10/2024, The Hacker News). Read More
๐ Mandiant links Snowflake data breaches to infostealer infections. (Published on 6/10/2024, SecurityWeek). Read More
๐ผ๏ธ Christieโs ransomware attack impacts 45,000 people. (Published on 6/10/2024, SecurityWeek). Read More
๐ Apple Intelligence: new generative AI integrated into iOS, macOS, and VisionOS. (Published on 6/10/2024, TechCrunch). Read More
๐จ JetBrains alerts users to a critical IntelliJ IDE bug exposing GitHub access tokens. Patch immediately! (Published on 6/11/2024, BleepingComputer). Read More
๐ป Forced-labor camps in Southeast Asia drive billions in cyber scams. Greater collaboration is needed to dismantle these networks. (Published on 6/11/2024, Dark Reading). Read More
๐ Snowflake rushes to enforce MFA as breaches increase, affecting major companies like Advance Auto Parts and Lending Tree. (Published on 6/11/2024, InformationWeek). Read More
โ ๏ธ Critical MSMQ RCE bug in Microsoft’s June 2024 update could lead to server takeovers. Prompt action required. (Published on 6/11/2024, Dark Reading). Read More
๐ Chinese actor SecShow conducts extensive DNS probing on a global scale since June 2023. (Published on 6/11/2024, The Hacker News). Read More
๐ฏ China-backed hackers exploit Fortinet flaw, impacting 20,000 systems globally between 2022 and 2023. (Published on 6/12/2024, The Hacker News). Read More
๐ก๏ธ Black Basta ransomware may have used a Windows zero-day flaw (CVE-2024-26169) for privilege escalation. (Published on 6/12/2024, The Hacker News). Read More
๐ New phishing toolkit uses progressive web apps (PWAs) to steal login credentials via convincing corporate login forms. (Published on 6/12/2024, BleepingComputer). Read More
โ ๏ธ Google warns of Pixel firmware zero-day (CVE-2024-32896) under limited, targeted exploitation. (Published on 6/12/2024, SecurityWeek). Read More
๐จ Truist Bank confirms a breach after stolen data appears on a hacking forum. Stay alert! (Published on 6/13/2024, BleepingComputer). Read More
โณ Microsoft delayed addressing a DNSSEC zero-day flaw while others acted swiftly. Why the hold-up? (Published on 6/13/2024, Dark Reading). Read More
๐ New York Times’ internal data taken from GitHub repositories, including source code. Details pending. (Published on 6/13/2024, InformationWeek). Read More
โ ๏ธ Google warns of a Pixel firmware flaw exploited as a zero-day vulnerability. Users, be cautious! (Published on 6/13/2024, The Hacker News). Read More
๐ Microsoft shifts focus to prioritize security over AI, with CEO Satya Nadella now overseeing security flaws personally. (Published on 6/14/2024, Ars Technica). Read More
๐ฑ๏ธ Wells Fargo fires over a dozen employees for simulating keyboard activity as worker surveillance increases. (Published on 6/14/2024, Ars Technica). Read More
โ๏ธ Scattered Spider hackers shift focus to cloud apps, stealing data from SaaS applications and creating new virtual machines. (Published on 6/14/2024, BleepingComputer). Read More
๐ก๏ธ Highly regulated industries are adopting military-grade cyber defenses to combat significant cyber threats. (Published on 6/14/2024, The Hacker News). Read More
โ๏ธ Former IT employee sentenced to 2.5 years for wiping 180 virtual servers after being fired from National Computer Systems. (Published on 6/14/2024, BleepingComputer). Read More
and finally in non-cyber or tech news…
๐ฌ Steven Spielberg’s new sci-fi blockbuster stars Emily Blunt, adding another genre to her impressive resume. Exciting times ahead! (Published on 6/13/2024, Gizmodo). Read More
๐ฎ Gaming historians preserve whatโs likely Nintendoโs first US commercial, showcasing the Game & Watch handhelds. A nostalgic gem! (Published on 6/13/2024, Ars Technica). Read More
๐ Elephants may refer to each other by name, responding more actively to calls including their “name.” Fascinating discovery! (Published on 6/11/2024, Ars Technica). Read More
Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!
Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.