Essential Cyber Intel Brief: 10/27/2024
In today’s connected world, cyber threats are escalating rapidly, making it critical to stay informed. On October 26, 2024, I launched a Python-powered tracking program to quickly compile the most important cybersecurity events and breaches from trusted sources like Krebs on Security, The Hacker News, Security Week, and others.
No one has time to sift through dozens of websites for critical insights. That’s why I developed a better solution-automated, curated and absolutely free. Stay ahead with concise updates pulled from trusted sources without the hassle.
Designed for efficiency, my new program pinpoints the most critical cybersecurity events security professionals and business leaders need to know today. In just one to two minutes, you’ll determine if the latest developments require further attention, allowing you to stay informed and focused without disruption.
I have a dedicated page for 2024 cybersecurity breach news that you can quickly review.
You can connect with me on LinkedIn and join my professional network.
Get notified when I publish new articles so you don’t miss out on the latest cybersecurity updates. I never share your email address, and your subscription only sends you notifications when I publish new articles.
10/27/2024 — New Cybersecurity Updates
ID: 24
Summary: Sudanese Brothers Arrested in ‘AnonSudan’ Takedown — The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. One of the brothers is facing life in prison for allegedly seeking to kill people with his attacks.
Date: 2024–10–17
URL: https://krebsonsecurity.com/2024/10/sudanese-brothers-arrested-in-anonsudan-takedown/
ID: 25
Summary: This Windows PowerShell Phish Has Scary Potential — Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user.
Date: 2024–09–19
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/
ID: 26
Summary: Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland — The fourth day of Pwn2Own Ireland 2024 marked the end of the hacking competition with more than $1 million in prizes for over 70 unique zero-day vulnerabilities in fully patched devices. […]
Date: 2024–10–26
ID: 27
Summary: QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3 — The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875. […]
Date: 2024–10–25
ID: 28
Summary: CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities — The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities.
“The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust architecture,” CERT-UA said. “These emails contain attachments in the form of Remote Desktop Protocol (‘.rdp’
Date: 2024–10–26
URL: https://thehackernews.com/2024/10/cert-ua-identifies-malicious-rdp-files.html
ID: 29
Summary: Researchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test Suite — A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges.
The CERT Coordination Center (CERT/CC) said the vulnerability, tracked as CVE-2024–41992, said the susceptible code from the Wi-Fi Alliance has been found deployed on Arcadyan FMIMG51AX000J routers.
Date: 2024–10–25
URL: https://thehackernews.com/2024/10/researchers-discover-command-injection.html
Get notified when I publish new articles so you don’t miss out on the latest cybersecurity updates. I never share your email address, and your subscription only sends you notifications when I publish new articles.
ID: 30
Summary: AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks — Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances.
Date: 2024–10–24
URL: https://thehackernews.com/2024/10/aws-cloud-development-kit-vulnerability.html
ID: 31
Summary: Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack — Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition.
The vulnerability, tracked as CVE-2024–20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software.
Date: 2024–10–24
URL: https://thehackernews.com/2024/10/cisco-issues-urgent-fix-for-asa-and-ftd.html
ID: 32
Summary: Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA — Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them.
When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, issues a cybersecurity warning and prescribes specific action, it’s a pretty good idea to at least read the
Date: 2024–10–24
URL: https://thehackernews.com/2024/10/why-phishing-resistant-mfa-is-no-longer.html
ID: 33
Summary: Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices — The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices.
Cybersecurity vendor Kaspersky said it discovered a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor.
Date: 2024–10–24
URL: https://thehackernews.com/2024/10/lazarus-group-exploits-google-chrome.html
ID: 34
Summary: Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation — Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild.
Tracked as CVE-2024–47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol.
Date: 2024–10–24
URL: https://thehackernews.com/2024/10/fortinet-warns-of-critical.html
Get notified when I publish new articles so you don’t miss out on the latest cybersecurity updates. I never share your email address, and your subscription only sends you notifications when I publish new articles.
ID: 35
Summary: New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection — New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation.
Date: 2024–10–23
URL: https://thehackernews.com/2024/10/new-grandoreiro-banking-malware.html
ID: 36
Summary: CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024–38094) — A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation.
Date: 2024–10–23
URL: https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html
ID: 37
Summary: Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans — Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT.
Date: 2024–10–22
URL: https://thehackernews.com/2024/10/gophish-framework-used-in-phishing.html
ID: 38
Summary: Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers — Details have emerged about a now-patched security flaw in Styra’s Open Policy Agent (OPA) that, if successfully exploited, could have led to leakage of New Technology LAN Manager (NTLM) hashes.
Date: 2024–10–22
URL: h ttps://thehackernews.com/2024/10/security-flaw-in-styras-opa-exposes.html
ID: 39
Summary: VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability — VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution.
The vulnerability, tracked as CVE-2024–38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC protocol.
Date: 2024–10–22
URL: https://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html
ID: 40
Summary: CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day.
The vulnerability in question, tracked as CVE-2024–9537 (CVSS v4 score: 9.3), refers to a bug involving an unspecified third-party component.
Date: 2024–10–22
URL: https://thehackernews.com/2024/10/cisa-adds-sciencelogic-sl1.html
Get notified when I publish new articles so you don’t miss out on the latest cybersecurity updates. I never share your email address, and your subscription only sends you notifications when I publish new articles.
ID: 41
Summary: Hackers are using new tricks to break into systems we thought were secure-like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe.
Date: 2024–10–21
URL: https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats_21.html
ID: 42
Summary: Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers — Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data.
Date: 2024–10–21
URL: https://thehackernews.com/2024/10/researchers-discover-severe-security.html
ID: 43
Summary: Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials — Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials.
Date: 2024–10–20
URL: https://thehackernews.com/2024/10/hackers-exploit-roundcube-webmail-xss.html
ID: 44
Summary: Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign — Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems.
“This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems,”
Date: 2024–10–18
URL: https://thehackernews.com/2024/10/beware-fake-google-meet-pages-deliver.html
ID: 45
Summary: Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser — Microsoft has disclosed details about a now-patched security flaw in Apple’s Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user’s privacy preferences and access data.
The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024–44133 (CVSS score: 5.5). It was addressed by Apple as part of macOS Sequoia 15.
Date: 2024–10–18
URL: https://thehackernews.com/2024/10/microsoft-reveals-macos-vulnerability.html
ID: 46
Summary: U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks — Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft’s services in June 2023.
Date: 2024–10–17
URL: https://thehackernews.com/2024/10/us-charges-two-sudanese-brothers-for.html
ID: 47
Summary: Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk — A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances.
The vulnerability, tracked as CVE-2024–9486 (CVSS score: 9.8), has been addressed in version 0.1.38. The project maintainers acknowledged Nicolai Rybnikar for discovering and reporting the vulnerability.
Date: 2024–10–17
URL: https://thehackernews.com/2024/10/critical-kubernetes-image-builder.html
Get notified when I publish new articles so you don’t miss out on the latest cybersecurity updates. I never share your email address, and your subscription only sends you notifications when I publish new articles.
ID: 48
Summary: Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity — Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity.
Trend Micro said it detected “threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading detection.”
Date: 2024–10–16
URL: https://thehackernews.com/2024/10/hackers-abuse-edrsilencer-tool-to.html
ID: 49
Summary: North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware — The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT.
The vulnerability in question is CVE-2024–38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode.
Date: 2024–10–16
URL: https://thehackernews.com/2024/10/north-korean-scarcruft-exploits-windows.html
ID: 50
Summary: 5 Techniques for Collecting Cyber Threat Intelligence — To defend your organization against cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge about new and ongoing threats.
There are many techniques analysts can use to collect crucial cyber threat intelligence. Let’s consider five that can greatly improve your threat investigations.
Date: 2024–10–16
URL: https://thehackernews.com/2024/10/5-techniques-for-collecting-cyber.html
ID: 51
Summary: In Other News: CVE Turns 25, Henry Schein Data Breach, Reward for Shahid Hemmat Hackers — Noteworthy stories that might have slipped under the radar: CVE Program celebrates 25th anniversary, one year after ransomware attack Henry Schein says 160,000 are impacted, US offering rewards for Shahid Hemmat hackers.
Date: 2024–10–25
ID: 52
Summary: Over $1 Million Paid Out at Pwn2Own Ireland 2024 — Pwn2Own Ireland 2024 participants have earned over $1 million for camera, printer, NAS device, smart speaker and smartphone exploits.
Date: 2024–10–25
URL: https://www.securityweek.com/over-1-million-paid-out-at-pwn2own-ireland-2024/
ID: 53
Summary: Landmark Admin Discloses Data Breach Impacting 800,000 People — Insurance administrator Landmark Admin says personal information stolen in a ransomware attack earlier this year.
Date: 2024–10–25
URL: https://www.securityweek.com/landmark-admin-discloses-data-breach-impacting-800000-people/
ID: 54
Summary: Change Healthcare Ransomware Attack Impacts 100 Million People — UnitedHealth told the US health department that hackers stole the information of 100 million people in a February ransomware attack.
Date: 2024–10–25
URL: https://www.securityweek.com/change-healthcare-ransomware-attack-impacts-100-million-people/
ID: 55
Summary: AWS Seizes Domains Used by Russia’s APT29 — AWS announced the seizure of domains used by Russian hacker group APT29 in phishing attacks targeting Ukraine and other countries.
Date: 2024–10–25
URL: https://www.securityweek.com/aws-seizes-domains-used-by-russias-apt29/
ID: 56
Summary: OnePoint Patient Care Data Breach Impacts Nearly 800,000 People — OnePoint Patient Care has disclosed a data breach impacting the personal information of nearly 800,000 individuals.
Date: 2024–10–25
URL: https://www.securityweek.com/onepoint-patient-care-data-breach-impacts-nearly-800000-people/
You can connect with me on LinkedIn and join my professional network.
Privacy: Tim Layton & Associates, LLC respects your privacy and is committed to protecting your personal information. For more details, please review our Privacy Policy.
Copyright: Copyright © 2024 Tim Layton & Associates, LLC. All rights reserved. All information and content on this website are protected by copyright and may not be reproduced, distributed, or transmitted in any form without prior written permission from Tim Layton & Associates, LLC.
Originally published at https://timlaytonllc.com on October 27, 2024.
