Friday Wrap Up: 18 October 2024

It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.
Cybersecurity Updates
π Supply chain attacks exploit entry points in open-source ecosystems like Python and npm, posing a widespread risk. (Published on 10/14/2024, The Hacker News). Read More
π₯οΈ Iranian cyberspies are exploiting a recent Windows kernel vulnerability, targeting Gulf region organizations. (Published on 10/14/2024, SecurityWeek). Read More
π± TrickMo malware variants on Android steal PINs through fake lock screens, posing serious risks to banking users. (Published on 10/14/2024, BleepingComputer). Read More
β οΈ US organizations are warned of election-related cyber activity, threatening the integrity of the upcoming election. (Published on 10/15/2024, Dark Reading). Read More
π¨ EDRSilencer tool is used in attacks to bypass security defenses by muting alerts on management consoles. (Published on 10/15/2024, BleepingComputer). Read More
π Finland seizes servers of the ‘Sipultie’ dark web drug market, cracking down on illegal narcotics sales. (Published on 10/15/2024, BleepingComputer). Read More
π Sidewinder cyber-threat group launches attacks across multiple regions, using the new tool StealerBot. (Published on 10/16/2024, Dark Reading). Read More
π‘οΈ Iranian hackers use brute force tactics to target critical infrastructure in the US, Australia, and Canada. (Published on 10/17/2024, SecurityWeek). Read More
π₯οΈ F5 patches a high-severity vulnerability in BIG-IP, addressing potential privilege escalation risks. (Published on 10/17/2024, SecurityWeek). Read More
π‘οΈ North Korean APT exploited an Internet Explorer zero-day in a supply chain attack, targeting specific organizations. (Published on 10/18/2024, SecurityWeek). Read More
Data Breaches
- ποΈ Varsity Brands data breach exposed the personal information of 65,000 people. (Published on 10/16/2024, SecurityWeek). Read More
Regulatory News
- π¨ The FTCβs βclick to cancelβ rule aims to curb free trial traps and sneaky auto-enrollments. (Published on 10/16/2024, Ars Technica). Read More
Software Vulnerabilities
βοΈ A critical Kubernetes Image Builder flaw could allow root access under specific conditions, now fixed in version 0.1.38. (Published on 10/16/2024, The Hacker News). Read More
π§ Intel and AMD CPUs on Linux are vulnerable to new Spectre bypass attacks, impacting a wide range of processors. (Published on 10/18/2024, BleepingComputer). Read More
π Iranian hackers are targeting Microsoft 365 and Citrix Systems using MFA push bombing in critical infrastructure attacks. (Published on 10/18/2024, Hackread). Read More
Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!