It's been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.

Cybersecurity Threats and Exploits

Emerging cyber threats and vulnerabilities that highlight the evolving tactics of attackers targeting various platforms and industries.

🛠 Revamped Remcos RAT targets Microsoft Windows users, exploiting known RCE vulnerabilities in Microsoft Office and WordPad. (Published on 11/11/2024, Dark Reading). Read More

📊 Security flaws in popular ML toolkits enable server hijacks and privilege escalation, affecting 15 open-source projects. (Published on 11/11/2024, The Hacker News). Read More

🐍 North Korean hackers target macOS devices with malware embedded in Flutter-built apps, marking a new tactic by DPRK actors. (Published on 11/12/2024, The Hacker News). Read More

🔓 Google patches AI platform bugs that could leak proprietary enterprise LLMs through privilege escalation and exfiltration. (Published on 11/13/2024, Dark Reading). Read More

📂 RustyAttr malware abuses macOS extended attributes, linked to North Korea’s Lazarus Group. (Published on 11/14/2024, The Hacker News). Read More

🪝 Iranian hackers target the aerospace sector with SnailResin malware in a ‘dream job’ phishing campaign. (Published on 11/14/2024, SecurityWeek). Read More

⚠ A critical PostgreSQL flaw could allow hackers to exploit environment variables, leading to code execution or data leaks. (Published on 11/14/2024, The Hacker News). Read More

Malware and Emerging Threats

Recent malware campaigns and vulnerabilities demonstrate the ingenuity of cybercriminals and their focus on disrupting various ecosystems.

🍪 Glove Stealer malware bypasses Chrome’s App-Bound encryption to steal browser cookies. (Published on 11/14/2024, BleepingComputer). Read More

📱 A botnet exploits GeoVision zero-day vulnerabilities to install Mirai malware, targeting end-of-life devices. (Published on 11/15/2024, BleepingComputer). Read More

💾 End-of-life D-Link NAS devices are under attack as a critical vulnerability is actively exploited. (Published on 11/13/2024, BleepingComputer). Read More

Data Breaches and Privacy

Cybercriminals and vigilantes continue to target and expose sensitive data, affecting both organizations and individuals.

📊 Data vigilante leaks 8 million employee records from companies like Amazon and HP after exploiting MOVEit vulnerabilities. (Published on 11/12/2024, Hackread). Read More

👤 Bitcoin Fog operator sentenced to 12.5 years for laundering $400M in cryptocurrency through the dark web’s longest-running mixer. (Published on 11/11/2024, Hackread). Read More

Security Insights and Technological Advances

Insights into evolving technology challenges and vulnerabilities.

🧮 FrontierMath’s secret benchmark stumps AI models and PhDs alike, posing a challenge to AI training. (Published on 11/12/2024, Ars Technica). Read More

🔑 Americans still use weak passwords in 2024, with trends showing little improvement in password security. (Published on 11/13/2024, Gizmodo). Read More

🤖 ChatGPT’s capabilities reveal security gaps in sandbox manipulations, per a Mozilla analysis. (Published on 11/15/2024, Dark Reading). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!