Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 18 October 2024

Jorge Laurel Β· Β·2 min read Β·Issue #48


It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.


Cybersecurity Updates

  • πŸ” Supply chain attacks exploit entry points in open-source ecosystems like Python and npm, posing a widespread risk. (Published on 10/14/2024, The Hacker News). Read More

  • πŸ–₯️ Iranian cyberspies are exploiting a recent Windows kernel vulnerability, targeting Gulf region organizations. (Published on 10/14/2024, SecurityWeek). Read More

  • πŸ“± TrickMo malware variants on Android steal PINs through fake lock screens, posing serious risks to banking users. (Published on 10/14/2024, BleepingComputer). Read More

  • ⚠️ US organizations are warned of election-related cyber activity, threatening the integrity of the upcoming election. (Published on 10/15/2024, Dark Reading). Read More

  • 🚨 EDRSilencer tool is used in attacks to bypass security defenses by muting alerts on management consoles. (Published on 10/15/2024, BleepingComputer). Read More

  • 🌐 Finland seizes servers of the ‘Sipultie’ dark web drug market, cracking down on illegal narcotics sales. (Published on 10/15/2024, BleepingComputer). Read More

  • πŸ” Sidewinder cyber-threat group launches attacks across multiple regions, using the new tool StealerBot. (Published on 10/16/2024, Dark Reading). Read More

  • πŸ›‘οΈ Iranian hackers use brute force tactics to target critical infrastructure in the US, Australia, and Canada. (Published on 10/17/2024, SecurityWeek). Read More

  • πŸ–₯️ F5 patches a high-severity vulnerability in BIG-IP, addressing potential privilege escalation risks. (Published on 10/17/2024, SecurityWeek). Read More

  • πŸ›‘οΈ North Korean APT exploited an Internet Explorer zero-day in a supply chain attack, targeting specific organizations. (Published on 10/18/2024, SecurityWeek). Read More

Data Breaches

  • πŸ›οΈ Varsity Brands data breach exposed the personal information of 65,000 people. (Published on 10/16/2024, SecurityWeek). Read More

Regulatory News

  • 🚨 The FTC’s β€œclick to cancel” rule aims to curb free trial traps and sneaky auto-enrollments. (Published on 10/16/2024, Ars Technica). Read More

Software Vulnerabilities

  • βš™οΈ A critical Kubernetes Image Builder flaw could allow root access under specific conditions, now fixed in version 0.1.38. (Published on 10/16/2024, The Hacker News). Read More

  • πŸ”§ Intel and AMD CPUs on Linux are vulnerable to new Spectre bypass attacks, impacting a wide range of processors. (Published on 10/18/2024, BleepingComputer). Read More

  • πŸ” Iranian hackers are targeting Microsoft 365 and Citrix Systems using MFA push bombing in critical infrastructure attacks. (Published on 10/18/2024, Hackread). Read More


Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!