Friday Wrap Up: 16 Aug 2024
It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.
๐จ The FBI has successfully disrupted the Dispossessor ransomware operation, seizing servers after a global investigation. (Published on 8/12/2024, BleepingComputer). Read More
๐ค CrowdStrike addresses concerns at Black Hat and DEF CON, engaging directly with cybersecurity professionals. (Published on 8/12/2024, Dark Reading). Read More
โ ๏ธ Multiple vulnerabilities found in Googleโs Quick Share, potentially allowing remote code execution on Windows systems. (Published on 8/12/2024, SecurityWeek). Read More
๐ Ewon Cosy+ remote access tool exposed to root access attacks, risking encrypted data and firmware security. (Published on 8/12/2024, The Hacker News). Read More
๐ก๏ธ FreeBSD issues a patch for a critical OpenSSH vulnerability that could enable remote code execution with root privileges. (Published on 8/12/2024, Malware News). Read More
๐ง Microsoft resolves an issue that caused PCs to enter BitLocker recovery mode after a recent security update. (Published on 8/13/2024, BleepingComputer). Read More
๐ NIST finalizes post-quantum encryption standards for general encryption and digital signatures. (Published on 8/13/2024, Dark Reading). Read More
๐ฉบ Vulnerabilities in Microsoft’s Azure Health Bot Service could have exposed sensitive patient data, but have now been patched. (Published on 8/13/2024, The Hacker News). Read More
๐จ FBI dismantles Dispossessor ransomware group’s servers across the U.S., U.K., and Germany. (Published on 8/13/2024, The Hacker News). Read More
โ ๏ธ Adobe alerts users to 72 critical security vulnerabilities, urging immediate patching. (Published on 8/13/2024, SecurityWeek). Read More
๐ GitHub Actions artifacts in major projects were found leaking authentication tokens, impacting open-source projects from Google, Microsoft, AWS, and Red Hat. (Published on 8/14/2024, BleepingComputer). Read More
๐ก๏ธ Compromised DNC credentials were discovered on a Telegram bot, raising concerns ahead of the party’s presidential convention. (Published on 8/14/2024, Malware News). Read More
๐ป Ransomware attackers add a new EDR killer tool, EDRKillShifter, to their arsenal, heightening the threat landscape. (Published on 8/14/2024, Malware News). Read More
๐ฃ Black Basta-linked attackers are using SystemBC malware in social engineering campaigns to steal credentials and deploy malware. (Published on 8/14/2024, The Hacker News). Read More
๐ DDoS attacks surged by 46% in the first half of 2024, according to Gcoreโs latest report, highlighting evolving threat trends. (Published on 8/14/2024, The Hacker News). Read More
๐จ RansomHub ransomware gang deploys new malware to disable EDR security software using BYOVD attacks. Stay alert! (Published on 8/15/2024, BleepingComputer). Read More
โ ๏ธ Unfixed Microsoft Entra ID authentication bypass threatens hybrid cloud environments, affecting organizations with multiple synced domains. (Published on 8/15/2024, Dark Reading). Read More
๐ฏ Google warns of Iran’s Charming Kitten targeting U.S. presidential elections and Israeli military with phishing and social engineering campaigns. (Published on 8/15/2024, Dark Reading). Read More
๐ก๏ธ GitHub vulnerability ‘ArtiPACKED’ exposes repositories to potential takeover, risking unauthorized access to cloud environments. (Published on 8/15/2024, The Hacker News). Read More
๐ง Urgent patching needed for a wormable zero-click exploit in Windows TCP/IP stack. Security experts raise the alarm. (Published on 8/15/2024, SecurityWeek). Read More
๐ Microsoft warns Entra global admins to enable MFA by October 15 or risk losing access to admin portals. Donโt delay! (Published on 8/16/2024, BleepingComputer). Read More
๐พ New Windows 11 build finally removes the outdated 32GB size limit for FAT32 disks, but the disk formatting UI remains unchanged. (Published on 8/16/2024, Ars Technica). Read More
๐ก๏ธ New Banshee Stealer malware targets 100+ browser extensions on macOS, sold for $3,000 a month on cybercrime forums. (Published on 8/16/2024, The Hacker News). Read More
๐ฑ Google Pixel devices shipped since 2017 contain a vulnerable pre-installed app, leaving millions at risk of malware attacks. (Published on 8/16/2024, The Hacker News). Read More
and finally in non-cyber or tech news…
๐ Ford warns owners who have ignored a 9-year-old airbag recall to stop driving their vehicles immediately. (Published on 8/13/2024, Ars Technica). Read More
โ๏ธ Disney argues that a man whose wife died at their resort cannot sue because he had a Disney+ subscription, raising legal and ethical concerns. (Published on 8/14/2024, Gizmodo). Read More
๐ฎ Game developers have reportedly been informed not to expect the Nintendo Switch 2 before April 2025, contrary to earlier predictions. (Published on 8/14/2024, Gizmodo). Read More
Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!
Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.