Seattle airport confronts 4th day of cyberattack outages 

Widespread system outages dragged into the fourth day at Seattle-Tacoma International Airport in the wake of a cyberattack that began disrupting services at the Port of Seattle, which operates the airport, Saturday morning. 

Source: https://www.cybersecuritydive.com/news/seattle-airport-cyberattack-widespread-outages/725342/  

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations 

As of August 2024, a group of Iran-based cyber actors continues to exploit U.S. and foreign organizations. This includes organizations across several sectors in the U.S. (including in the education, finance, healthcare, and defense sectors as well as local government entities). 

Source: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a  

KnowBe4 Report Reveals Critical Infrastructure Under Siege with Cyber Attacks Increasing 30 Percent in One Year 

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, released its latest report, Cyber Attacks On Infrastructure: The New Geopolitical Weapon. The report examines the growing threat of cyberattacks on critical infrastructure and provides insight into safeguarding against these potentially devastating attacks. 

Source: https://www.knowbe4.com/press/knowbe4-report-reveals-critical-infrastructure-under-siege-with-cyber-attacks-increasing-30-percent-in-one-year 

Uber fined $325 million for moving driver data from Europe to US 

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has imposed a fine of €290,000,000 ($325 million) on Uber Technologies Inc. and Uber B.V. over GDPR violations. 

Source: https://www.bleepingcomputer.com/news/legal/uber-fined-325-million-for-moving-driver-data-from-europe-to-us/ 

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation 

Google has revealed that a security flaw that was patched as part of a software update rolled out last week to its Chrome browser has come under active exploitation in the wild.  “Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” according to a description of the bug in the NIST National Vulnerability Database (NVD). 

Source: https://thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html  

New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials 

Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. 

Source: https://thehackernews.com/2024/08/new-qr-code-phishing-campaign-exploits.html  

Audit finds notable security gaps in FBI’s storage media management 

An audit from the Department of Justice’s Office of the Inspector General (OIG) identified “significant weaknesses” in FBI’s inventory management and disposal of electronic storage media containing sensitive and classified information. 

Source: https://www.bleepingcomputer.com/news/security/audit-finds-notable-security-gaps-in-fbis-storage-media-management/  

Warning to customers as Fota Wildlife Park hit by cyberattack

Fota Wildlife Park in Cork has been hit by a cyberattack and customers have been warned that their financial information may have been compromised. Users have been told that they may need to cancel credit/debit cards used to make payments on the park’s website.

Source: https://www.rte.ie/news/ireland/2024/0828/1467216-fota-wildlife-park-cyberattack/  

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution 

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. 

Source: https://thehackernews.com/2024/08/critical-wpml-plugin-flaw-exposes.html  

Research Unveils Eight Android & iOS That Leaks User’s Sensitive Data

The eight Android and iOS apps fail to adequately protect user data, which transmits sensitive information, such as device details, geolocation, and credentials, over the HTTP protocol instead of HTTPS.

Source: https://cybersecuritynews.com/android-ios-app-leak-sensitive-data/ 

Chinese hackers exploited bug to compromise internet companies, cybersecurity firm says 

A Chinese hacking group exploited a software bug to compromise several internet companies in the U.S. and abroad, a cybersecurity firm said on Tuesday. Researchers at the firm, Lumen Technologies (LUMN.N), opens new tab, said in a blog post that the hackers took advantage of a previously unknown vulnerability in Versa Director – a software platform used to manage services for customers of Santa Clara, California-based Versa Networks.  

Source: https://www.reuters.com/technology/cybersecurity/chinese-hackers-exploited-bug-compromise-internet-companies-cybersecurity-firm-2024-08-27/  

Smarttech247