Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 14 June 2024

Jorge Laurel ยท ยท4 min read ยทIssue #26

It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.


๐Ÿšจ Exploit for critical Veeam auth bypass flaw CVE-2024-29849 available. Admins urged to patch now. (Published on 6/10/2024, BleepingComputer). Read More

๐Ÿ“ฑ Apple’s AI promise: “Your data is never stored or accessible to Apple.” Server code is publicly reviewable for verification. (Published on 6/10/2024, Ars Technica). Read More

๐Ÿ“ง More_eggs malware disguised as resumes targets recruiters in phishing attack. (Published on 6/10/2024, The Hacker News). Read More

๐Ÿ” Mandiant links Snowflake data breaches to infostealer infections. (Published on 6/10/2024, SecurityWeek). Read More

๐Ÿ–ผ๏ธ Christieโ€™s ransomware attack impacts 45,000 people. (Published on 6/10/2024, SecurityWeek). Read More

๐Ÿ Apple Intelligence: new generative AI integrated into iOS, macOS, and VisionOS. (Published on 6/10/2024, TechCrunch). Read More

๐Ÿšจ JetBrains alerts users to a critical IntelliJ IDE bug exposing GitHub access tokens. Patch immediately! (Published on 6/11/2024, BleepingComputer). Read More

๐Ÿ’ป Forced-labor camps in Southeast Asia drive billions in cyber scams. Greater collaboration is needed to dismantle these networks. (Published on 6/11/2024, Dark Reading). Read More

๐Ÿ”’ Snowflake rushes to enforce MFA as breaches increase, affecting major companies like Advance Auto Parts and Lending Tree. (Published on 6/11/2024, InformationWeek). Read More

โš ๏ธ Critical MSMQ RCE bug in Microsoft’s June 2024 update could lead to server takeovers. Prompt action required. (Published on 6/11/2024, Dark Reading). Read More

๐ŸŒ Chinese actor SecShow conducts extensive DNS probing on a global scale since June 2023. (Published on 6/11/2024, The Hacker News). Read More

๐ŸŽฏ China-backed hackers exploit Fortinet flaw, impacting 20,000 systems globally between 2022 and 2023. (Published on 6/12/2024, The Hacker News). Read More

๐Ÿ›ก๏ธ Black Basta ransomware may have used a Windows zero-day flaw (CVE-2024-26169) for privilege escalation. (Published on 6/12/2024, The Hacker News). Read More

๐Ÿ” New phishing toolkit uses progressive web apps (PWAs) to steal login credentials via convincing corporate login forms. (Published on 6/12/2024, BleepingComputer). Read More

โš ๏ธ Google warns of Pixel firmware zero-day (CVE-2024-32896) under limited, targeted exploitation. (Published on 6/12/2024, SecurityWeek). Read More

๐Ÿšจ Truist Bank confirms a breach after stolen data appears on a hacking forum. Stay alert! (Published on 6/13/2024, BleepingComputer). Read More

โณ Microsoft delayed addressing a DNSSEC zero-day flaw while others acted swiftly. Why the hold-up? (Published on 6/13/2024, Dark Reading). Read More

๐Ÿ” New York Times’ internal data taken from GitHub repositories, including source code. Details pending. (Published on 6/13/2024, InformationWeek). Read More

โš ๏ธ Google warns of a Pixel firmware flaw exploited as a zero-day vulnerability. Users, be cautious! (Published on 6/13/2024, The Hacker News). Read More

๐Ÿ” Microsoft shifts focus to prioritize security over AI, with CEO Satya Nadella now overseeing security flaws personally. (Published on 6/14/2024, Ars Technica). Read More

๐Ÿ–ฑ๏ธ Wells Fargo fires over a dozen employees for simulating keyboard activity as worker surveillance increases. (Published on 6/14/2024, Ars Technica). Read More

โ˜๏ธ Scattered Spider hackers shift focus to cloud apps, stealing data from SaaS applications and creating new virtual machines. (Published on 6/14/2024, BleepingComputer). Read More

๐Ÿ›ก๏ธ Highly regulated industries are adopting military-grade cyber defenses to combat significant cyber threats. (Published on 6/14/2024, The Hacker News). Read More

โš–๏ธ Former IT employee sentenced to 2.5 years for wiping 180 virtual servers after being fired from National Computer Systems. (Published on 6/14/2024, BleepingComputer). Read More

and finally in non-cyber or tech news…

๐ŸŽฌ Steven Spielberg’s new sci-fi blockbuster stars Emily Blunt, adding another genre to her impressive resume. Exciting times ahead! (Published on 6/13/2024, Gizmodo). Read More

๐ŸŽฎ Gaming historians preserve whatโ€™s likely Nintendoโ€™s first US commercial, showcasing the Game & Watch handhelds. A nostalgic gem! (Published on 6/13/2024, Ars Technica). Read More

๐Ÿ˜ Elephants may refer to each other by name, responding more actively to calls including their “name.” Fascinating discovery! (Published on 6/11/2024, Ars Technica). Read More


Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!


Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.