Friday Wrap Up: 11 October 2024

It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.
Cybersecurity Breaches
π¨ ADT discloses a second breach within two months, with attackers gaining access using stolen credentials to exfiltrate employee account data. (Published on 10/7/2024, BleepingComputer). Read More
π¨ LEGOβs website was hacked by cryptocurrency scammers promoting a fake Lego token that could be purchased with Ethereum. (Published on 10/7/2024, BleepingComputer). Read More
π¨ Fidelity notifies 77,000 customers of a data breach, the companyβs second major breach this year, after unauthorized access for two days. (Published on 10/10/2024, Dark Reading). Read More
Nation-State Threats
π Salt Typhoon APT infiltrated law enforcement wiretapping systems used in criminal investigations. (Published on 10/7/2024, Dark Reading). Read More
π‘οΈ GoldenJackal targeted embassies and governmental organizations, using custom malware to infiltrate air-gapped systems. (Published on 10/8/2024, The Hacker News). Read More
π΅οΈ Two never-before-seen tools created by GoldenJackal were used to infect air-gapped devices in recent cyberattacks. (Published on 10/9/2024, Ars Technica). Read More
Software Vulnerabilities
β οΈ A single HTTP request can exploit 6 million WordPress sites via a vulnerability in the LiteSpeed Cache plugin. (Published on 10/8/2024, Dark Reading). Read More
π» Ivanti Cloud Services vulnerabilities continue to be exploited in the wild, linked to critical flaws. (Published on 10/9/2024, Dark Reading). Read More
π§ Major security vulnerabilities have been found in industrial MMS protocol libraries, potentially allowing remote code execution. (Published on 10/9/2024, The Hacker News). Read More
Phishing and Malware Campaigns
π£ Mamba 2FA bypass service targets Microsoft 365 accounts using sophisticated phishing-as-a-service attacks. (Published on 10/8/2024, BleepingComputer). Read More
π§ New phishing attacks abuse GitHub, Telegram bots, and QR codes to spread malware, targeting finance and insurance sectors. (Published on 10/10/2024, The Hacker News). Read More
ποΈ Cybercriminals hide a new Mongolian Skimmer in e-commerce platforms by using Unicode obfuscation techniques. (Published on 10/11/2024, The Hacker News). Read More
Emerging Cybersecurity Techniques
π Hybrid password attacks, which combine multiple methods to accelerate cracking, are becoming a growing threat. (Published on 10/11/2024, The Hacker News). Read More
Privacy Concerns
πΊ Modern TVs now have unprecedented capabilities for surveillance and manipulation, tracking personal data through connected TV devices. (Published on 10/11/2024, Malware Analysis). Read More
Hacktivism
π» Hacktivists claim responsibility for taking down the Internet Archive, launching a DDoS attack to disrupt services. (Published on 10/10/2024, Gizmodo). Read More
Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!