1. Black Friday Spam Emails: 77% Identified as Scams
A recent report by Bitdefender found that 77% of Black Friday-themed spam emails in 2024 are fraudulent, a 7% rise from last year. These emails are designed to steal sensitive information or money by mimicking trusted retailers and offering fake deals. The U.S. was the most targeted country, receiving 38% of these scam emails, with cybercriminals increasingly using generative AI to enhance the realism of their phishing attempts.
This report highlights the increasing sophistication of email scams during high-traffic shopping seasons, emphasizing the need for heightened consumer awareness and robust email security solutions.
Read the full article
2. Over 2,000 Palo Alto Firewalls Hacked Using Recently Patched Bugs
Hackers exploited two recently patched vulnerabilities in Palo Alto Networks firewalls, compromising over 2,000 devices globally. The vulnerabilities, including an authentication bypass (CVE-2024-0012) and a privilege escalation flaw (CVE-2024-9474), allowed attackers to gain admin access and execute malicious commands. The exploitation, which has resulted in malware deployment, underscores the importance of quickly applying critical patches and maintaining vigilant monitoring of network infrastructure.
This incident demonstrates how delays in applying security patches can leave critical systems vulnerable to exploitation, especially for devices vital to enterprise security.
Read the full article
3. Apple Releases Urgent Updates to Patch Actively Exploited Vulnerabilities
Apple has issued urgent updates for iOS, macOS, and Safari to fix two zero-day vulnerabilities (CVE-2024-44308, CVE-2024-44309) under active exploitation. The flaws, found in WebKit and JavaScriptCore, could allow attackers to execute arbitrary code and launch cross-site scripting attacks. Discovered by Google’s Threat Analysis Group, these vulnerabilities have been linked to state-sponsored actors.
Apple’s prompt response underscores the need for users to apply updates immediately to protect against high-risk, real-world exploitation.
Read the full article
4. Manufacturing Sector Faces Advanced Email Attacks
Phishing and business email compromise (BEC) attacks against the manufacturing sector have surged by 83% in 2024, driven by generative AI. Cybercriminals have used this technology to craft convincing email attacks, targeting manufacturing’s reliance on efficient supply chains. Vendor Email Compromise (VEC) attacks have also risen by 24%, highlighting vulnerabilities in vendor relationships and supply chain communications.
The findings stress the importance of robust email security, employee training, and vigilance in industries where downtime can be costly.
Read the full article
5. Fortinet VPN Design Flaw Conceals Successful Brute-Force Attacks
A design flaw in Fortinet VPN logging allows attackers to bypass detection by hiding successful brute-force login attempts. This occurs because the VPN logging mechanism does not record login attempts that are aborted after authentication, creating gaps in monitoring. This oversight can give attackers prolonged, undetected access to compromised systems.
The flaw highlights the critical need for comprehensive and accurate logging practices to identify and mitigate unauthorized access in enterprise networks.
Read the full article