Essential Cyber Intel Brief: 11/18/2024
No one has time to sift through dozens of websites for critical cybersecurity insights. That’s why I developed a better solution-it’s automated, curated, and absolutely free.
Get the critical updates you need as a cybersecurity professional or business leader without the time drag or hassle.
Designed for efficiency, I pinpoint the most critical cybersecurity events security professionals and business leaders need to know and I publish them every business day by 9 AM CT for you.
In just one to two minutes, you’ll determine if the latest cybersecurity developments require further attention, allowing you to stay informed without losing your valuable time.
Subscribe to receive automated notifications and stay ahead of key developments-no spam, just concise, relevant updates delivered directly to your inbox.
You can connect with me on LinkedIn and join my professional network.
11/18/2024 — New Cybersecurity Updates
Phishing emails increasingly use SVG attachments to evade detection — Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection. Source
Security plugin flaw in millions of WordPress sites gives admin access — A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin ‘Really Simple Security’ (formerly ‘Really Simple SSL’), including both free and Pro versions. Source
Fake AI video generators infect Windows, macOS with infostealers — Fake AI image and video generators infect Windows and macOS with the Lumma Stealer and AMOS information-stealing malware, used to steal credentials and cryptocurrency wallets from infected devices. Source
T-Mobile confirms it was hacked in the recent wave of telecom breaches — T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by Chinese threat actors to gain access to private communications, call records, and law enforcement information requests. Source
NSO Group used another WhatsApp zero-day after being sued, court docs say — Israeli surveillance firm NSO Group reportedly used multiple zero-day exploits, including an unknown one named “Erised,” that leveraged WhatsApp vulnerabilities to deploy Pegasus spyware in zero-click attacks, even after getting sued. Source
Botnet exploits GeoVision zero-day to install Mirai malware — A malware botnet exploits a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or crypto-mining attacks. Source
Bitfinex hacker gets 5 years in prison for 120,000 bitcoin heist — A hacker responsible for stealing 119,754 Bitcoin in a 2016 hack on the Bitfinex cryptocurrency exchange was sentenced to five years in prison by U.S. authorities. Source
Palo Alto Networks warns of critical RCE zero-day exploited in attacks — Palo Alto Networks is warning that a critical zero-day vulnerability on Next-Generation Firewalls (NGFW) management interfaces, currently tracked as ‘PAN-SA-2024–0015,’ is actively being exploited in attacks. Source
Fake Discount Sites Exploit Black Friday to Hijack Shopper Information — A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season. Source
NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta’s Lawsuit — Legal documents released as part of an ongoing legal tussle between Meta’s WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so. Source
Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites — A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability tracked as CVE-2024–10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. Source
PAN-OS Firewall Vulnerability Under Active Exploitation — IoCs Released — Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. Source
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials — A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet’s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Source
Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations — Cybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands. Source
Researchers Warn of Privilege Escalation Risks in Google’s Vertex AI ML Platform — Cybersecurity researchers have disclosed two security flaws in Google’s Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud. Source
Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia — A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer. Source
Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report — The DeepData malware framework was seen exploiting a Fortinet VPN client for Windows zero-day that remains unpatched. Source
AnnieMac Data Breach Impacts 171,000 People — AnnieMac Home Mortgage is informing over 171,000 individuals that their data has been compromised in a hacker attack. Source
Library of Congress Says an Adversary Hacked Some Emails — The Library of Congress has notified lawmakers of a “cyber breach” of its IT system by an adversary and a hack of emails. Source
Glove Stealer Malware Bypasses Chrome’s App-Bound Encryption — The Glove Stealer malware leverages a recently disclosed App-Bound encryption bypass method in attacks. Source
Security experts respond to the Amazon employee data breach — Security leaders weigh in on the Amazon data breach, offering insights on the cause, ramifications, and potential preventative measures. Source
Get notified when I publish new articles so you don’t miss out on the latest cybersecurity updates. I never share your email address, and your subscription only sends you notifications when I publish new articles.
Privacy: Tim Layton & Associates, LLC respects your privacy and is committed to protecting your personal information. For more details, please review our Privacy Policy.
Copyright: Copyright © 2024 Tim Layton & Associates, LLC. All rights reserved. All information and content on this website are protected by copyright and may not be reproduced, distributed, or transmitted in any form without prior written permission from Tim Layton & Associates, LLC.
Originally published at https://timlaytonllc.com on November 18, 2024.
