Friday Wrap Up: 6 September 2024
It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.
Data Breaches & Security Failures
๐ Verkada will pay $2.95M after security lapses allowed hackers to access live feeds from 150,000 cameras. (Published on 9/2/2024, BleepingComputer). Read More
๐ CBIZ disclosed a data breach involving unauthorized access to client information stored in specific databases. (Published on 9/2/2024, BleepingComputer). Read More
๐ก๏ธ Microchip Technology confirmed a ransomware attack that exposed employee contact information and other personal data. (Published on 9/5/2024, SecurityWeek). Read More
Ransomware & Cyberattack Campaigns
๐จ RansomHub ransomware group has impacted 210 victims across critical sectors like healthcare, IT, and government since February 2024. (Published on 9/2/2024, The Hacker News). Read More
๐พ Cyberattackers spoof Palo Alto VPNs to spread the WikiLoader malware variant using SEO poisoning campaigns. (Published on 9/3/2024, Dark Reading). Read More
๐ฟ Malware attackers employ MacroPack to distribute malicious payloads like Havoc and PhantomCore through penetration testing tools. (Published on 9/5/2024, The Hacker News). Read More
๐ฑ FBI warns of North Korean threat actors preparing targeted crypto theft and malware campaigns using sophisticated social engineering tactics. (Published on 9/4/2024, Dark Reading). Read More
Vulnerabilities & Exploits
๐ง VMware patched a high-severity vulnerability in its Fusion hypervisor, preventing potential remote code execution attacks. (Published on 9/3/2024, SecurityWeek). Read More
โ ๏ธ Cisco removed a backdoor admin account from the Smart Licensing Utility that allowed unauthorized access to unpatched systems. (Published on 9/4/2024, BleepingComputer). Read More
๐ SonicWall has issued warnings about a recently patched SSLVPN flaw (CVE-2024-40766) that is now being exploited in the wild. (Published on 9/6/2024, BleepingComputer). Read More
๐ Apache released a patch for a remote code execution vulnerability in OFBiz, targeting an exploit that bypassed a previous fix. (Published on 9/6/2024, SecurityWeek). Read More
Supply Chain & Hardware Threats
๐งฉ Researchers have found over 22,000 removed PyPI packages at risk of being hijacked, posing major security risks for downstream organizations. (Published on 9/4/2024, The Hacker News). Read More
๐ YubiKeys are vulnerable to cloning attacks due to a newly discovered side-channel exploit, compromising the security of FIDO keys. (Published on 9/3/2024, Ars Technica). Read More
Government & Nation-State Threats
๐ฐ๏ธ Sailors hid an unauthorized Starlink dish aboard a U.S. warship, discovered after Wi-Fi network “STINKY” was detected. (Published on 9/5/2024, Ars Technica). Read More
๐ฑ Commercial spyware is on the rise again, with vendors evading sanctions to supply tools to nation-states for citizen surveillance. (Published on 9/6/2024, Dark Reading). Read More
and finally in non-cyber or tech news…
Automotive & Electric Vehicles
๐ Two Cybertrucks drove from Florida to the Arctic Circle, revealing challenges with North America’s inadequate charging infrastructure. (Published on 9/2/2024, Gizmodo). Read More
๐ Hyundai updates its Ioniq 5 with a bigger battery and Tesla-style charging ports, introducing an off-road variant called the Ioniq 5 XLT. (Published on 9/3/2024, Ars Technica). Read More
Science & Environment
๐ฟ Arctic lifeforms discovered photosynthesizing under snow-capped ice, challenging previous notions of uninhabitable ocean environments. (Published on 9/6/2024, Gizmodo). Read More
Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!
Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.