Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 20 Sept 2024

Jorge Laurel Β· Β·3 min read Β·Issue #44


It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.


Vulnerability Fixes and Threat Patches

πŸ”’ D-Link patches critical flaws in WiFi 6 routers, addressing vulnerabilities that allowed attackers to exploit hardcoded credentials and execute arbitrary code. (Published on 9/16/2024, BleepingComputer). Read More

πŸ”‘ Apple addresses major security flaws in iOS 18, warning that attackers could use Siri to access sensitive user data or control nearby devices. (Published on 9/16/2024, SecurityWeek). Read More

⚠️ VMware patches a critical remote code execution flaw identified during a Chinese hacking contest, with a CVSS score of 9.8/10. (Published on 9/17/2024, SecurityWeek). Read More

πŸ”“ GitLab releases a fix for a critical SAML authentication bypass vulnerability impacting self-managed CE and EE installations. (Published on 9/18/2024, BleepingComputer). Read More

Cybersecurity Incidents

🚨 Ivanti’s cloud vulnerability (CVE-2024-8190) is actively exploited by threat actors just days after the advisory was issued. (Published on 9/16/2024, Dark Reading). Read More

πŸ’₯ AT&T fined $13M for a data breach that exposed customer billing information, which was retained in the cloud for years. (Published on 9/17/2024, Ars Technica). Read More

πŸ“· A zero-click RCE bug in macOS Calendar allows attackers to bypass security and steal iCloud data, including photos. (Published on 9/17/2024, Dark Reading). Read More

πŸ›‘οΈ Dell investigates data breach claims after a hacker leaked personal information of over 10,000 employees. (Published on 9/20/2024, BleepingComputer). Read More

Botnets and Malware

πŸ•΅οΈβ€β™‚οΈ A new Raptor Train IoT botnet, likely run by a Chinese threat actor, compromises over 200,000 devices worldwide. (Published on 9/18/2024, The Hacker News). Read More

πŸ€– FBI leads the takedown of the Raptor Train botnet, impacting over 200,000 devices as part of the Flax Typhoon APT campaign. (Published on 9/19/2024, Dark Reading). Read More

Industry and Legislation

βš–οΈ California’s deepfake laws face a test of enforcement, aimed at curbing misinformation ahead of the U.S. presidential elections. (Published on 9/19/2024, InformationWeek). Read More

πŸ› οΈ Hackers are brute-forcing Foundation Accounting Software used by construction contractors, leading to significant compromises. (Published on 9/18/2024, SecurityWeek). Read More

πŸ“Š The future of cybersecurity may involve passwordless and keyless access management, transforming how companies handle privileged access. (Published on 9/20/2024, The Hacker News). Read More

πŸ’» GenAI poses new challenges for cybersecurity, despite limited data on AI-enabled attacks in existing threat reports. (Published on 9/20/2024, Dark Reading). Read More

🩺 Microsoft tracks Vanilla Tempest hackers who target U.S. healthcare organizations with INC ransomware attacks. (Published on 9/19/2024, BleepingComputer). Read More

and finally in non-cyber or tech news…

Entertainment and Industry Innovations

🎬 James Cameron hints at a new direction for the Terminator franchise, aiming for something entirely different from previous films. (Published on 9/19/2024, Gizmodo). Read More

πŸš— Lotus unveils a bold, wedge-shaped EV sportscar concept, showcasing a futuristic vision for the troubled automaker. (Published on 9/17/2024, Ars Technica). Read More


Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!