Friday Wrap Up: 13 December 2024

Dec 13, 2024

It's been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.

⚠️ 90% of software in U.S. critical infrastructure contains code developed in China, posing systemic risks. (Published on 12/9/2024, Dark Reading). Read More
🛠️ Forrester panel explores software supply chain vulnerabilities and global IT security challenges. (Published on 12/10/2024, InformationWeek). Read More

🧑‍💻 Prompt injection vulnerabilities in DeepSeek AI could allow account hijacking—now patched. (Published on 12/9/2024, The Hacker News). Read More
🔐 AWS credentials stolen by cybercrime gangs due to cloud misconfigurations. (Published on 12/10/2024, Dark Reading). Read More
🐾 New ZLoader malware uses DNS tunneling for stealthy command-and-control. (Published on 12/11/2024, The Hacker News). Read More
🌐 27 DDoS-for-hire platforms shut down globally in Operation PowerOFF. (Published on 12/11/2024, BleepingComputer). Read More
🕵️ Microsoft Azure MFA bypassed in an hour due to critical rate-limiting flaw. (Published on 12/11/2024, Dark Reading). Read More
🧬 Low-code/no-code environments face rising OData injection risks. (Published on 12/13/2024, Dark Reading). Read More
🐱 PUMAKIT Linux rootkit uses advanced stealth to evade detection. (Published on 12/13/2024, The Hacker News). Read More

🕵️ Fake job emails deploy AppLite Trojan to target job seekers. (Published on 12/10/2024, Hackread). Read More
🍩 Krispy Kreme suffers a cyberattack, disrupting online ordering in the U.S. (Published on 12/11/2024, IoT and Edge). Read More

🛑 After 13 years, Firefox retires the ineffective "Do Not Track" feature. (Published on 12/12/2024, Ars Technica). Read More
📡 Sen. Wyden criticizes FCC's failure to enforce telecom security rules. (Published on 12/12/2024, Dark Reading). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!