top of page
  • hayleywade1

Cyber Weekly Digest - 2024 Week #19



👋 Welcome to the 19th edition Cyber Weekly Digest of 2024.


How is it Friday already?! Fun fact of the day... did you know that The Killers' Mr Brightside has become the biggest song to never top the charts? It's spent 408 weeks (7 whole years) in the top 100, but never got to number 1. A big reminder to us all that, on occasion, it's OK to come second.


New and noteworthy this week:

 

🟣 Heading to the Evanta UK & Ireland CISO Exec Summit on June 11th in London? Don't miss ThreatAware, joined by the CISO and Director of Data Governance at Sainsbury's, sharing their experience in fortifying the supermarket's security defences and protecting 77,000 devices from potential attacks. Check out the agenda here

 

🟣 Sticking with ThreatAware, these guys are on fire with the awards right now... No second place here. They've only gone and won 🏆 Best Cyber Asset Management Solution 🏆 at the 2024 Cybersecurity Excellence Awards! Huge congratulations team, so well deserved!

 

🟣 Abnormal has launched AI Security Mailbox, a new AI-powered coworker that promotes security awareness through real-time conversations between employees and an AI security analyst, while also automating the triage and remediation of user-reported emails. Pretty cool huh!?


 Last but not least...


🟣 Cequence has been recognized by Cyber Defense Magazine as the winner of the 2024 #InfoSec 🏆 API Security and Bot Management 🏆 Trailblazing awards! Gaining unmatched visibility into your API landscape and managing #APISecurity throughout the lifecycle never looked so good!

 

Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.

 

🚨 This week Dell warns of a significant data breach, we heard about full device takeovers through F5 and that it's not just optic neuritis that causes tunnel vision #medicalbants

 

Keep reading to stay up to date on the latest cyber security news.

 


Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News. Since January 2022, multiple nation-state-aligned hacking groups have been observed using Microsoft Graph API for C&C. This includes threat actors tracked as APT28, REF2924, Red Stinger, Flea, APT29, and OilRig.

 


Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 (CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and has support for DHCP option 121 routes. At its core, TunnelVision involves the routing of traffic without encryption through a VPN by means of an attacker-configured DHCP server using the classless static route option 121 to set a route on the VPN user's routing table.

 

Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence. The remotely exploitable flaws "can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next Central Manager," security firm Eclypsium said in a new report. A description of the two issues is as follows...

 


Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. The computer maker began emailing data breach notifications to customers yesterday, stating that a Dell portal containing customer information related to purchases was breached. "We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell," reads a Dell data breach notification shared with BleepingComputer.

 


Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key. XenCenter helps manage Citrix Hypervisor environments from a Windows desktop, including deploying and monitoring virtual machines. The security flaw (tracked as CVE-2024-31497) impacts multiple versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR, which bundle and use PuTTY to make SSH connections from XenCenter to guest VMs when clicking the "Open SSH Console" button.




12 views0 comments

Comments


bottom of page