ActZero

🚀 Cybersecurity Round-Up: November 27th Update 🛡️ Happy Thanksgiving.... ☁️ Cloud: Snowflake breach exposed 165 customers in a $3M ransomware scam. Arrests in Canada link one attacker to a U.S. soldier. Even Ticketmaster data got caught in the crossfire! 🎟️🔓 🌐 Network: Palo Alto CVE-2024-00012 keeps firewall teams on high alert! 🔥🛠️ Novice setups in cloud environments remain particularly vulnerable. 🦊 Endpoint: Russian hacker group RomCom strikes Firefox with a zero-click vulnerability (CVE-2024-9680). Update to version 131.0.2+ to stay safe! 🖥️💥 🤖 AI Bug Bounty: Microsoft puts up $4M for AI zero-days! 🤑💡 Highlights from Cyberwarcon include major exploits in NTLM authentication and global threat actor tactics. 🎭 Threat Actors: • North Korea: Fake LinkedIn recruiters + zero-day exploits = cryptocurrency theft for weapons programs. 💼💸 • China: Storm-2077 targets industries worldwide, stealing credentials through cloud-based e-Discovery. 🕵️♂️🌩️ 📱 Mobile: Keep Android 12-15 & iOS/macOS up to date! New Webkit flaws could mean trouble for outdated devices. 📲⚙️ Patch up and power on! 💻🔒 #CyberSecurity #ThreatIntelligence #PatchManagement #CloudSecurity

🌐 November 20th Cybersecurity Update 🔒 Network Security: • Palo Alto Networks has released a critical update for a flaw in their web management interface, tracked as CVE-2024-0012. This is separate from the vulnerability disclosed in June and emphasizes the importance of securing remote interfaces on firewalls. #PaloAltoNetworks • CISA has flagged a vulnerability in Progress Software’s Kemp LoadMaster (CVE-2024-1212), reportedly being exploited in the wild. Organizations using LoadMaster should prioritize patching. #ProgressSoftware #KempLoadMaster ☁️ Cloud Security: • WordPress has disclosed an authentication bypass vulnerability in the Really Simple Security plugin (CVE-2024-10924), which could allow full administrative access to a site. • Google announced earlier this month that Multi-Factor Authentication (MFA) will become mandatory for all users by late 2025, aligning with existing MFA requirements from AWS and Microsoft Azure. #WordPress #GoogleCloud #AWS #MicrosoftAzure 💻 Endpoint Security: • Microsoft has released an update addressing a Kerberos remote code execution vulnerability (CVE-2024-43639) affecting millions of servers. Immediate patching is recommended. #Microsoft • VMware ESX updates address two vulnerabilities: CVE-2024-38812 (remote code execution) and CVE-2024-38813 (privilege escalation). Organizations should ensure their systems are patched promptly. #VMware 📱 Mobile Security: • Apple’s iOS 18.1.1 and macOS 15.1.1 address vulnerabilities in JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309), which are actively being exploited. Users are encouraged to update immediately. #Apple • Samsung’s Galaxy S24 November update resolves 52 vulnerabilities in its software, highlighting the importance of maintaining mobile security updates. #Samsung 📌 Ensuring systems are up-to-date is critical to mitigating risks. Organizations should monitor vendor advisories and prioritize patches based on active exploit reports. #CyberSecurity #NetworkSecurity #CloudSecurity #EndpointSecurity #MobileSecurity

🚨 November 15th Cybersecurity Update 🚨 Endpoint Shenanigans: VEILDrive is sneaking around Microsoft endpoints, using SharePoint & Teams to hide malware like a pro. Traditional detection tools? Totally outsmarted. Admins, lock down your app registrations before things get spicy! QEMU Linux VMs on Windows are now feeling the heat from CRON#TRAP because, let’s face it, who actually deploys EDR there? Crypto lovers, APT37 is back, targeting MacOS users. Hold onto your digital coins! Network Hijinks: The FBI is hot on the trail of APT31, APT41, and Volt Typhoon for playing dirty with Sophos firewalls. It’s been a constant CVE patch battle—so make sure you’re keeping up! And Salt Typhoon? They’ve been busy infiltrating telecoms, even spooking the government enough to rethink phone security. Who knew eavesdropping was so 2020? Mobile Madness: ToxicPanda Banking Trojan has infected 1,500 Android devices in Europe & Latin America, swiping bank accounts and crypto wallets. U.S. Android users, breathe easy (for now), but Bitcoin bros, watch your wallets! 🤖💸 Compliance Corner: TSA wants to make post-Colonial Pipeline attack guidelines permanent for rail and pipelines. Meanwhile, in the EU, the NIS2 Regulation is looming—with massive fines for non-compliance. Greece, you’re on the clock! Stay cyber-safe and keep it patched, folks! #ActZero #MDR #CyberSec #PatchItUp #Microsoft #APT #ComplianceComedy