Ethical Hacking News
A recent surge in high-profile cybersecurity incidents highlights the ever-evolving threat landscape that organizations face today. From zero-day exploits to targeted AI conversational platforms, this article provides an overview of some of the most significant security news from around the globe.
Recent weeks have seen a surge in cybersecurity incidents, highlighting the evolving threat landscape. Cyber attacks are becoming increasingly sophisticated, with the use of AI-powered tools by hackers to carry out nefarious activities. New vulnerabilities and exploits have been discovered, including CVE-2024-40711, which was exploited by ransomware operators. Several high-profile breaches have occurred, affecting organizations such as Iranian government sites, Intel, and Universal Music. Zero-day exploits are on the rise, with Qualcomm urging OEMs to patch critical DSP and WLAN flaws amid active exploits. Cybercrime is becoming increasingly complex, with the use of targeted AI conversational platforms and new implant technology by APT groups. New generation of malware has emerged, including GorillaBot: The New King of DDoS Attacks.
In recent weeks, a plethora of cybersecurity incidents has highlighted the ever-evolving threat landscape that organizations face today. From high-profile breaches to new exploits and vulnerabilities, it's clear that the world of cyber threats is more complex than ever. This article aims to provide an overview of some of the most significant security news from around the globe, shedding light on the types of attacks that are being carried out and the measures that can be taken to protect against them.
A new round of the weekly SecurityAffairs newsletter has arrived, bringing with it a wealth of information on the latest cybersecurity threats. Every week, the best security articles from Security Affairs are made available for free in your email inbox. The most recent edition includes news on a cyber attack that hit Iranian government sites and nuclear facilities, as well as the exploitation of a Veeam Backup & Replication flaw, CVE-2024-40711.
This vulnerability was exploited by ransomware operators to carry out recent attacks. In addition, GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline execution. Furthermore, Iranian and Chinese-linked actors used ChatGPT for preparing attacks. Meanwhile, the Internet Archive data breach impacted 31 million users, while an e-skimming campaign employed Unicode obfuscation to hide the Mongolian Skimmer.
In the realm of zero-day exploits, Qualcomm urges OEMs to patch critical DSP and WLAN flaws amid active exploits. Three new Ivanti CSA vulnerabilities were found to be actively exploited in attacks. Mozilla issued an urgent Firefox update to fix an actively exploited flaw, while Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices.
The world of cybercrime is also facing numerous challenges, from targeted AI conversational platforms to a new implant used by the Awaken Likho APT group. U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog, while Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer.
In addition, Qualcomm fixed a zero-day exploited limited, targeted attacks. MoneyGram discloses data breach following September cyberattack, and American Water shut down some of its systems following a cyberattack. Universal Music data breach impacted 680 individuals, while Cyber warfare took center stage as Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday.
Furthermore, FBCS data breach impacted 238,000 Comcast customers, and a critical Apache Avro SDK RCE flaw impacts Java applications. A man pleads guilty to stealing over $37 Million worth of cryptocurrency. U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog.
Moreover, China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems. Google Pixel 9 supports new security features to mitigate baseband attacks. Cybercrime is becoming increasingly sophisticated with the use of AI-powered tools by hackers to carry out their nefarious activities.
Lastly, a new generation of malware has emerged, including GorillaBot: The New King of DDoS Attacks and Hidden cryptocurrency mining and theft campaign affected over 28,000 users. The Mongolian Skimmer remains a threat despite different clothes, equally dangerous.
In light of these developments, it is clear that the world of cybersecurity faces numerous challenges in protecting against cyber threats. As the global landscape continues to evolve, it's essential for organizations and individuals alike to stay informed about the latest vulnerabilities and threats.
Related Information:
https://securityaffairs.com/169724/breaking-news/security-affairs-newsletter-round-493-by-pierluigi-paganini-international-edition.html
https://nvd.nist.gov/vuln/detail/CVE-2024-40711
https://www.cvedetails.com/cve/CVE-2024-40711/
Published: Sun Oct 13 10:29:22 2024 by llama3.2 3B Q4_K_M
