Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 6 September 2024

Jorge Laurel ยท ยท3 min read ยทIssue #42

It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.


Data Breaches & Security Failures

๐Ÿ”“ Verkada will pay $2.95M after security lapses allowed hackers to access live feeds from 150,000 cameras. (Published on 9/2/2024, BleepingComputer). Read More

๐Ÿ” CBIZ disclosed a data breach involving unauthorized access to client information stored in specific databases. (Published on 9/2/2024, BleepingComputer). Read More

๐Ÿ›ก๏ธ Microchip Technology confirmed a ransomware attack that exposed employee contact information and other personal data. (Published on 9/5/2024, SecurityWeek). Read More

Ransomware & Cyberattack Campaigns

๐Ÿšจ RansomHub ransomware group has impacted 210 victims across critical sectors like healthcare, IT, and government since February 2024. (Published on 9/2/2024, The Hacker News). Read More

๐Ÿ‘พ Cyberattackers spoof Palo Alto VPNs to spread the WikiLoader malware variant using SEO poisoning campaigns. (Published on 9/3/2024, Dark Reading). Read More

๐Ÿ‘ฟ Malware attackers employ MacroPack to distribute malicious payloads like Havoc and PhantomCore through penetration testing tools. (Published on 9/5/2024, The Hacker News). Read More

๐Ÿ“ฑ FBI warns of North Korean threat actors preparing targeted crypto theft and malware campaigns using sophisticated social engineering tactics. (Published on 9/4/2024, Dark Reading). Read More

Vulnerabilities & Exploits

๐Ÿ”ง VMware patched a high-severity vulnerability in its Fusion hypervisor, preventing potential remote code execution attacks. (Published on 9/3/2024, SecurityWeek). Read More

โš ๏ธ Cisco removed a backdoor admin account from the Smart Licensing Utility that allowed unauthorized access to unpatched systems. (Published on 9/4/2024, BleepingComputer). Read More

๐Ÿ”’ SonicWall has issued warnings about a recently patched SSLVPN flaw (CVE-2024-40766) that is now being exploited in the wild. (Published on 9/6/2024, BleepingComputer). Read More

๐Ÿ”„ Apache released a patch for a remote code execution vulnerability in OFBiz, targeting an exploit that bypassed a previous fix. (Published on 9/6/2024, SecurityWeek). Read More

Supply Chain & Hardware Threats

๐Ÿงฉ Researchers have found over 22,000 removed PyPI packages at risk of being hijacked, posing major security risks for downstream organizations. (Published on 9/4/2024, The Hacker News). Read More

๐Ÿ”‘ YubiKeys are vulnerable to cloning attacks due to a newly discovered side-channel exploit, compromising the security of FIDO keys. (Published on 9/3/2024, Ars Technica). Read More

Government & Nation-State Threats

๐Ÿ›ฐ๏ธ Sailors hid an unauthorized Starlink dish aboard a U.S. warship, discovered after Wi-Fi network “STINKY” was detected. (Published on 9/5/2024, Ars Technica). Read More

๐Ÿ“ฑ Commercial spyware is on the rise again, with vendors evading sanctions to supply tools to nation-states for citizen surveillance. (Published on 9/6/2024, Dark Reading). Read More

and finally in non-cyber or tech news…

Automotive & Electric Vehicles

๐Ÿš— Two Cybertrucks drove from Florida to the Arctic Circle, revealing challenges with North America’s inadequate charging infrastructure. (Published on 9/2/2024, Gizmodo). Read More

๐Ÿ”‹ Hyundai updates its Ioniq 5 with a bigger battery and Tesla-style charging ports, introducing an off-road variant called the Ioniq 5 XLT. (Published on 9/3/2024, Ars Technica). Read More

Science & Environment

๐ŸŒฟ Arctic lifeforms discovered photosynthesizing under snow-capped ice, challenging previous notions of uninhabitable ocean environments. (Published on 9/6/2024, Gizmodo). Read More


Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!


Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.