It's been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.

Cybersecurity Breaches

🚨 ADT discloses a second breach within two months, with attackers gaining access using stolen credentials to exfiltrate employee account data. (Published on 10/7/2024, BleepingComputer). Read More

🚨 LEGO’s website was hacked by cryptocurrency scammers promoting a fake Lego token that could be purchased with Ethereum. (Published on 10/7/2024, BleepingComputer). Read More

🚨 Fidelity notifies 77,000 customers of a data breach, the company’s second major breach this year, after unauthorized access for two days. (Published on 10/10/2024, Dark Reading). Read More

Nation-State Threats

🔒 Salt Typhoon APT infiltrated law enforcement wiretapping systems used in criminal investigations. (Published on 10/7/2024, Dark Reading). Read More

🛡️ GoldenJackal targeted embassies and governmental organizations, using custom malware to infiltrate air-gapped systems. (Published on 10/8/2024, The Hacker News). Read More

🕵️ Two never-before-seen tools created by GoldenJackal were used to infect air-gapped devices in recent cyberattacks. (Published on 10/9/2024, Ars Technica). Read More

Software Vulnerabilities

⚠️ A single HTTP request can exploit 6 million WordPress sites via a vulnerability in the LiteSpeed Cache plugin. (Published on 10/8/2024, Dark Reading). Read More

💻 Ivanti Cloud Services vulnerabilities continue to be exploited in the wild, linked to critical flaws. (Published on 10/9/2024, Dark Reading). Read More

🔧 Major security vulnerabilities have been found in industrial MMS protocol libraries, potentially allowing remote code execution. (Published on 10/9/2024, The Hacker News). Read More

Phishing and Malware Campaigns

🎣 Mamba 2FA bypass service targets Microsoft 365 accounts using sophisticated phishing-as-a-service attacks. (Published on 10/8/2024, BleepingComputer). Read More

📧 New phishing attacks abuse GitHub, Telegram bots, and QR codes to spread malware, targeting finance and insurance sectors. (Published on 10/10/2024, The Hacker News). Read More

🛍️ Cybercriminals hide a new Mongolian Skimmer in e-commerce platforms by using Unicode obfuscation techniques. (Published on 10/11/2024, The Hacker News). Read More

Emerging Cybersecurity Techniques

🔑 Hybrid password attacks, which combine multiple methods to accelerate cracking, are becoming a growing threat. (Published on 10/11/2024, The Hacker News). Read More

Privacy Concerns

📺 Modern TVs now have unprecedented capabilities for surveillance and manipulation, tracking personal data through connected TV devices. (Published on 10/11/2024, Malware Analysis). Read More

Hacktivism

💻 Hacktivists claim responsibility for taking down the Internet Archive, launching a DDoS attack to disrupt services. (Published on 10/10/2024, Gizmodo). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!