In a special edition of the CyberHub Podcast, James Azar opened with a solemn reflection on the anniversary of the 9/11 attacks, commemorating the 2,977 victims and the more than 6,000 U.S. servicemen who have lost their lives in the ensuing conflicts. Emphasizing unity beyond politics, Azar urged listeners to remember the victims and the ongoing fight for democracy.
Patch Tuesday Recap
Microsoft released 79 security updates, including four actively exploited zero-day vulnerabilities. The most critical vulnerability (CVE-2024-43491) involves the potential rollback of Windows security fixes, posing a severe threat. IT professionals should prioritize patching these issues in their environments.
Adobe and SAP Updates
Adobe patched 28 vulnerabilities across multiple products, including critical flaws in Acrobat and PDF Reader, while SAP addressed 60 new security vulnerabilities impacting business systems, including high-severity bugs.
Industrial Control Systems (ICS)
Siemens, Schneider Electric, and ABB issued advisories addressing critical vulnerabilities in ICS products, including authentication bypasses and privilege escalation issues.
Crypto Scams Surge
The FBI reported a significant rise in cryptocurrency scams, with $5.6 billion in losses in 2023 alone. The report highlights how elderly individuals, particularly those over 60, are often the hardest hit by these scams.
Chinese Espionage Campaign
Trend Micro uncovered a new wave of cyber espionage activities from China-based group Mustang Panda. This campaign targets government entities in the Asia-Pacific region, using malware-loaded USB drives and spear-phishing techniques to spread and exfiltrate sensitive data.
Action Item for Cybersecurity/IT Professionals:
Prioritize patching critical vulnerabilities, especially the Microsoft zero-days disclosed in Patch Tuesday. These vulnerabilities present an imminent threat, and failure to address them could lead to severe security breaches. Additionally, cybersecurity teams should enhance monitoring for potential spear-phishing attacks and USB-based malware infections, particularly in government or highly sensitive environments.
👀 SHOW Supporters:
Today’s Episode is supported by our friends at Nudge Security free 14-day trial to all CyberHub Podcast community members at https://www.nudgesecurity.com/cyberhub
✅ Story Links:
https://www.securityweek.com/adobe-patches-critical-code-execution-flaws-in-multiple-products/
https://www.securityweek.com/sap-releases-16-new-security-notes-on-september-2024-patch-day/
https://www.securityweek.com/ics-patch-tuesday-advisories-published-by-siemens-schneider-abb-cisa/
https://www.securityweek.com/ivanti-patches-critical-vulnerabilities-in-endpoint-manager/
https://www.securityweek.com/chrome-128-update-resolves-high-severity-vulnerabilities/
https://www.bankinfosecurity.com/fbi-report-says-cryptocurrency-scams-surged-in-2023-a-26236
https://www.darkreading.com/cyberattacks-data-breaches/mustang-panda-worm-driven-usb-attack
https://therecord.media/chinese-crimson-palace-keeps-hacking-asia
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
=============================
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post