This week has been crazy when it comes to cybersecurity news, with major attacks and critical vulnerabilities making headlines. In this episode, we're breaking down all of the most impactful stories of this week:
AWS customers were targeted in a cyberattack that exploited misconfigured cloud instances, resulting in the theft of sensitive data, including login credentials and API keys, which were then stored in an unprotected AWS database.
Microsoft's December Patch Tuesday update addressed 71 vulnerabilities, including a critical zero-day flaw (CVE-2024-49138) actively exploited in the wild, highlighting the importance of prompt software updates for Windows users.
A zero-day vulnerability in the Microsoft Windows Common Log File System driver (CVE-2024-49138) is actively being exploited, putting millions of Windows users at risk of full system compromise, prompting urgent calls for updates from Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA).
Termite, a newly emerged ransomware group, claimed responsibility for the ransomware attack on supply chain company Blue Yonder, stating it stole 680GB of data, including database dumps, email lists, and sensitive documents.
The US energy sector faces significant cybersecurity risks due to a reliance on third-party vendors, with vulnerabilities concentrated in application security, network security, and DNS health, raising concerns about the potential for breaches to impact critical infrastructure.
A new malware technique discovered on Windows exploits the UI Automation accessibility feature to execute malicious commands stealthily, bypassing traditional security measures and requiring administrators to monitor for suspicious activity related to UIAutomationCore.dll and named pipes.
Byte Federal, a major Bitcoin ATM operator in the US, experienced a data breach that potentially exposed sensitive information of 58,000 users, stemming from a vulnerability in third-party software GitLab, highlighting the importance of promptly patching software vulnerabilities.
Artivion, a leading US manufacturer of heart surgery devices, disclosed a ransomware attack that caused disruptions to their order and shipping processes and certain corporate operations, emphasizing the need for robust cybersecurity measures to protect sensitive medical data.
Multiple managed file transfer tools, including LexiCom, VLTransfer, and Harmony, developed by Cleo, are being exploited due to a flawed patch for a critical vulnerability (CVE-2024-50623), putting numerous organizations at risk of data theft and remote code execution.
Stay tuned for a deep dive into these cybersecurity threats, plus tips on how to stay safe online. Hit that subscribe button and turn on notifications so you don't miss future episodes!
#cybersecurity #ransomware #phishing #cyberattacks #databreach #cybercrime #infosec #dataprotection #cybersecurityawareness #cybersecuritynews
