Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 16 Aug 2024

Jorge Laurel ยท ยท4 min read ยทIssue #38

It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.


๐Ÿšจ The FBI has successfully disrupted the Dispossessor ransomware operation, seizing servers after a global investigation. (Published on 8/12/2024, BleepingComputer). Read More

๐Ÿค CrowdStrike addresses concerns at Black Hat and DEF CON, engaging directly with cybersecurity professionals. (Published on 8/12/2024, Dark Reading). Read More

โš ๏ธ Multiple vulnerabilities found in Googleโ€™s Quick Share, potentially allowing remote code execution on Windows systems. (Published on 8/12/2024, SecurityWeek). Read More

๐Ÿ”“ Ewon Cosy+ remote access tool exposed to root access attacks, risking encrypted data and firmware security. (Published on 8/12/2024, The Hacker News). Read More

๐Ÿ›ก๏ธ FreeBSD issues a patch for a critical OpenSSH vulnerability that could enable remote code execution with root privileges. (Published on 8/12/2024, Malware News). Read More

๐Ÿ”ง Microsoft resolves an issue that caused PCs to enter BitLocker recovery mode after a recent security update. (Published on 8/13/2024, BleepingComputer). Read More

๐Ÿ” NIST finalizes post-quantum encryption standards for general encryption and digital signatures. (Published on 8/13/2024, Dark Reading). Read More

๐Ÿฉบ Vulnerabilities in Microsoft’s Azure Health Bot Service could have exposed sensitive patient data, but have now been patched. (Published on 8/13/2024, The Hacker News). Read More

๐Ÿšจ FBI dismantles Dispossessor ransomware group’s servers across the U.S., U.K., and Germany. (Published on 8/13/2024, The Hacker News). Read More

โš ๏ธ Adobe alerts users to 72 critical security vulnerabilities, urging immediate patching. (Published on 8/13/2024, SecurityWeek). Read More

๐Ÿ”‘ GitHub Actions artifacts in major projects were found leaking authentication tokens, impacting open-source projects from Google, Microsoft, AWS, and Red Hat. (Published on 8/14/2024, BleepingComputer). Read More

๐Ÿ›ก๏ธ Compromised DNC credentials were discovered on a Telegram bot, raising concerns ahead of the party’s presidential convention. (Published on 8/14/2024, Malware News). Read More

๐Ÿ’ป Ransomware attackers add a new EDR killer tool, EDRKillShifter, to their arsenal, heightening the threat landscape. (Published on 8/14/2024, Malware News). Read More

๐ŸŽฃ Black Basta-linked attackers are using SystemBC malware in social engineering campaigns to steal credentials and deploy malware. (Published on 8/14/2024, The Hacker News). Read More

๐Ÿ“ˆ DDoS attacks surged by 46% in the first half of 2024, according to Gcoreโ€™s latest report, highlighting evolving threat trends. (Published on 8/14/2024, The Hacker News). Read More

๐Ÿšจ RansomHub ransomware gang deploys new malware to disable EDR security software using BYOVD attacks. Stay alert! (Published on 8/15/2024, BleepingComputer). Read More

โš ๏ธ Unfixed Microsoft Entra ID authentication bypass threatens hybrid cloud environments, affecting organizations with multiple synced domains. (Published on 8/15/2024, Dark Reading). Read More

๐ŸŽฏ Google warns of Iran’s Charming Kitten targeting U.S. presidential elections and Israeli military with phishing and social engineering campaigns. (Published on 8/15/2024, Dark Reading). Read More

๐Ÿ›ก๏ธ GitHub vulnerability ‘ArtiPACKED’ exposes repositories to potential takeover, risking unauthorized access to cloud environments. (Published on 8/15/2024, The Hacker News). Read More

๐Ÿ”ง Urgent patching needed for a wormable zero-click exploit in Windows TCP/IP stack. Security experts raise the alarm. (Published on 8/15/2024, SecurityWeek). Read More

๐Ÿ” Microsoft warns Entra global admins to enable MFA by October 15 or risk losing access to admin portals. Donโ€™t delay! (Published on 8/16/2024, BleepingComputer). Read More

๐Ÿ’พ New Windows 11 build finally removes the outdated 32GB size limit for FAT32 disks, but the disk formatting UI remains unchanged. (Published on 8/16/2024, Ars Technica). Read More

๐Ÿ›ก๏ธ New Banshee Stealer malware targets 100+ browser extensions on macOS, sold for $3,000 a month on cybercrime forums. (Published on 8/16/2024, The Hacker News). Read More

๐Ÿ“ฑ Google Pixel devices shipped since 2017 contain a vulnerable pre-installed app, leaving millions at risk of malware attacks. (Published on 8/16/2024, The Hacker News). Read More

and finally in non-cyber or tech news…

๐Ÿš— Ford warns owners who have ignored a 9-year-old airbag recall to stop driving their vehicles immediately. (Published on 8/13/2024, Ars Technica). Read More

โš–๏ธ Disney argues that a man whose wife died at their resort cannot sue because he had a Disney+ subscription, raising legal and ethical concerns. (Published on 8/14/2024, Gizmodo). Read More

๐ŸŽฎ Game developers have reportedly been informed not to expect the Nintendo Switch 2 before April 2025, contrary to earlier predictions. (Published on 8/14/2024, Gizmodo). Read More


Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!


Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.