It's been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.

Cybersecurity Updates

• 🔐 Supply chain attacks exploit entry points in open-source ecosystems like Python and npm, posing a widespread risk. (Published on 10/14/2024, The Hacker News). Read More

• 🖥️ Iranian cyberspies are exploiting a recent Windows kernel vulnerability, targeting Gulf region organizations. (Published on 10/14/2024, SecurityWeek). Read More

• 📱 TrickMo malware variants on Android steal PINs through fake lock screens, posing serious risks to banking users. (Published on 10/14/2024, BleepingComputer). Read More

• ⚠️ US organizations are warned of election-related cyber activity, threatening the integrity of the upcoming election. (Published on 10/15/2024, Dark Reading). Read More

• 🚨 EDRSilencer tool is used in attacks to bypass security defenses by muting alerts on management consoles. (Published on 10/15/2024, BleepingComputer). Read More

• 🌐 Finland seizes servers of the 'Sipultie' dark web drug market, cracking down on illegal narcotics sales. (Published on 10/15/2024, BleepingComputer). Read More

• 🔐 Sidewinder cyber-threat group launches attacks across multiple regions, using the new tool StealerBot. (Published on 10/16/2024, Dark Reading). Read More

• 🛡️ Iranian hackers use brute force tactics to target critical infrastructure in the US, Australia, and Canada. (Published on 10/17/2024, SecurityWeek). Read More

• 🖥️ F5 patches a high-severity vulnerability in BIG-IP, addressing potential privilege escalation risks. (Published on 10/17/2024, SecurityWeek). Read More

• 🛡️ North Korean APT exploited an Internet Explorer zero-day in a supply chain attack, targeting specific organizations. (Published on 10/18/2024, SecurityWeek). Read More

Data Breaches

• 🛍️ Varsity Brands data breach exposed the personal information of 65,000 people. (Published on 10/16/2024, SecurityWeek). Read More

Regulatory News

• 🚨 The FTC’s “click to cancel” rule aims to curb free trial traps and sneaky auto-enrollments. (Published on 10/16/2024, Ars Technica). Read More

Software Vulnerabilities

• ⚙️ A critical Kubernetes Image Builder flaw could allow root access under specific conditions, now fixed in version 0.1.38. (Published on 10/16/2024, The Hacker News). Read More

• 🔧 Intel and AMD CPUs on Linux are vulnerable to new Spectre bypass attacks, impacting a wide range of processors. (Published on 10/18/2024, BleepingComputer). Read More

• 🔐 Iranian hackers are targeting Microsoft 365 and Citrix Systems using MFA push bombing in critical infrastructure attacks. (Published on 10/18/2024, Hackread). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!