Cybersecurity Digest for week of 12 July 2024
Description
This week we talk about
- Microsoft patches 140+ vulnerabilities including 2 zero days, in Patch Tuesday;
- Adobe patches critical issues in several of its products,
- 10 Billion Passwords leaked,
- 39,000 Ticket master tickets leaked,
- Chinese APT 40 hiijack routers
- Hackers are Targeting Wordpress plugins,
- A new attack bypasses RADIUS authentication
- CISA adds 3 new CVEs to its KEV
- and more in this episode
Articles Mentioned In Order they appear in the Show:
July 2024 Security Updates - Release Notes - Security Update Guide - Microsoft
Windows MSHTML zero-day used in malware attacks for over a year (bleepingcomputer.com)
Whispers of Atlantida: Safeguarding Your Digital Treasure | Rapid7 Blog
Adobe Product Security Incident Response Team (PSIRT)
RockYou2024: 10 billion passwords leaked in the largest compilation of all time | Cybernews
Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events (bleepingcomputer.com)
Advance Auto Parts data breach impacts 2.3 million people (bleepingcomputer.com)
APT40 Advisory | Cyber.gov.au
VU#456537 - RADIUS protocol susceptible to forgery attacks. (cert.org)
BLAST RADIUS
Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool (thehackernews.com)
GitLab Critical Patch Release: 17.1.2, 17.0.4, 16.11.6 | GitLab
Notable CISA KEV Additions:
NVD - CVE-2024-23692 (nist.gov)
NVD - CVE-2024-38080 (nist.gov)
NVD - CVE-2024-38112 (nist.gov)
United States
