Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 29 November 2024

Jorge Laurel ยท ยท3 min read ยทIssue #53


It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.


Cybersecurity Threats and Exploits

Key updates on critical vulnerabilities and sophisticated hacking campaigns targeting diverse platforms worldwide.

๐Ÿ”“ mySCADA patches critical vulnerabilities in myPRO systems, which allowed remote unauthenticated system takeovers. (Published on 11/25/2024, SecurityWeek). Read More

๐Ÿ›ก Malware leveraging BYOVD techniques uses Avastโ€™s anti-rootkit driver to disable antivirus protections. (Published on 11/25/2024, The Hacker News). Read More

๐ŸŒ Russian RomCom hackers exploit Firefox and Windows zero-days in recent attacks on European and North American users. (Published on 11/26/2024, BleepingComputer). Read More

๐Ÿ•ต๏ธ Chinese-linked GHOSTSPIDER malware breaches telecom firms in 12+ countries, targeting Southeast Asia. (Published on 11/26/2024, The Hacker News). Read More

๐Ÿ”‘ Rockstar 2FA phishing-as-a-service facilitates large-scale AiTM attacks to steal Microsoft 365 credentials. (Published on 11/29/2024, BleepingComputer). Read More

Malware Campaigns and Emerging Threats

Cybercriminals adopt creative tactics to exploit vulnerabilities and deploy malicious campaigns.

๐Ÿ‘พ Russian script kiddie builds a massive DDoS botnet using publicly available tools to target IoT devices. (Published on 11/27/2024, Dark Reading). Read More

๐ŸŽฎ Godot Engine exploited to spread malware on Windows, macOS, and Linux systems, impacting developers and users. (Published on 11/29/2024, Hackread). Read More

๐Ÿ“‚ Propertyrec data breach exposes over half a million background check records, raising significant privacy concerns. (Published on 11/28/2024, Hackread). Read More

Vulnerabilities in Critical Infrastructure

Critical vulnerabilities in widely used systems continue to pose significant risks.

๐Ÿ›  APT-C-60 uses StatCounter and Bitbucket services to deliver SpyGlace malware to Japanese organizations. (Published on 11/27/2024, The Hacker News). Read More

๐Ÿ’ป Microsoft patches AI, cloud, and ERP vulnerabilities, including an exploited privilege escalation flaw. (Published on 11/29/2024, The Hacker News). Read More

๐Ÿ“‰ T-Mobile reveals new details about a thwarted China-linked cyberattack, linked to Salt Typhoon. (Published on 11/28/2024, SecurityWeek). Read More

Regulators and companies respond to breaches with penalties and disclosure.

โš– Geico and Travelers fined $11.3M for inadequate data security during COVID-19, enabling scam unemployment claims. (Published on 11/26/2024, Dark Reading). Read More

๐ŸŒ Collective cybersecurity inaction continues to leave organizations vulnerable, impacting critical services. (Published on 11/28/2024, InformationWeek). Read More

Emerging APT Campaigns

Advanced Persistent Threat (APT) groups demonstrate sophisticated approaches in targeting global industries.

๐Ÿ“ก Chinese Earth Estries deploys GHOSTSPIDER malware, breaching telecom firms with cross-platform backdoors. (Published on 11/26/2024, The Hacker News). Read More

๐Ÿ” Russian RomRom hackers deploy backdoors exploiting Firefox and Windows vulnerabilities in ongoing campaigns. (Published on 11/27/2024, Hackread). Read More


Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!