Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 11 October 2024

Jorge Laurel Β· Β·2 min read Β·Issue #47


It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.


Cybersecurity Breaches

🚨 ADT discloses a second breach within two months, with attackers gaining access using stolen credentials to exfiltrate employee account data. (Published on 10/7/2024, BleepingComputer). Read More

🚨 LEGO’s website was hacked by cryptocurrency scammers promoting a fake Lego token that could be purchased with Ethereum. (Published on 10/7/2024, BleepingComputer). Read More

🚨 Fidelity notifies 77,000 customers of a data breach, the company’s second major breach this year, after unauthorized access for two days. (Published on 10/10/2024, Dark Reading). Read More

Nation-State Threats

πŸ”’ Salt Typhoon APT infiltrated law enforcement wiretapping systems used in criminal investigations. (Published on 10/7/2024, Dark Reading). Read More

πŸ›‘οΈ GoldenJackal targeted embassies and governmental organizations, using custom malware to infiltrate air-gapped systems. (Published on 10/8/2024, The Hacker News). Read More

πŸ•΅οΈ Two never-before-seen tools created by GoldenJackal were used to infect air-gapped devices in recent cyberattacks. (Published on 10/9/2024, Ars Technica). Read More

Software Vulnerabilities

⚠️ A single HTTP request can exploit 6 million WordPress sites via a vulnerability in the LiteSpeed Cache plugin. (Published on 10/8/2024, Dark Reading). Read More

πŸ’» Ivanti Cloud Services vulnerabilities continue to be exploited in the wild, linked to critical flaws. (Published on 10/9/2024, Dark Reading). Read More

πŸ”§ Major security vulnerabilities have been found in industrial MMS protocol libraries, potentially allowing remote code execution. (Published on 10/9/2024, The Hacker News). Read More

Phishing and Malware Campaigns

🎣 Mamba 2FA bypass service targets Microsoft 365 accounts using sophisticated phishing-as-a-service attacks. (Published on 10/8/2024, BleepingComputer). Read More

πŸ“§ New phishing attacks abuse GitHub, Telegram bots, and QR codes to spread malware, targeting finance and insurance sectors. (Published on 10/10/2024, The Hacker News). Read More

πŸ›οΈ Cybercriminals hide a new Mongolian Skimmer in e-commerce platforms by using Unicode obfuscation techniques. (Published on 10/11/2024, The Hacker News). Read More

Emerging Cybersecurity Techniques

πŸ”‘ Hybrid password attacks, which combine multiple methods to accelerate cracking, are becoming a growing threat. (Published on 10/11/2024, The Hacker News). Read More

Privacy Concerns

πŸ“Ί Modern TVs now have unprecedented capabilities for surveillance and manipulation, tracking personal data through connected TV devices. (Published on 10/11/2024, Malware Analysis). Read More

Hacktivism

πŸ’» Hacktivists claim responsibility for taking down the Internet Archive, launching a DDoS attack to disrupt services. (Published on 10/10/2024, Gizmodo). Read More


Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!