top of page
Untitled design.png

Weekly INK

Each week we compile an advisory on the latest threats, trends and newsworthy topics from the cyber security industry affecting small and medium enterprises. Join our subscribers below and help us prevent cybersecurity breaches.

watermark4.png

Issue #120 - October 21, 2024

SEC charges tech companies for downplaying SolarWinds breaches

Source: Bleeping Computer

The SEC fined four tech companies - Unisys, Avaya, Check Point Software, and Mimecast- nearly $7 million for downplaying the 2020 SolarWinds breach’s impact. They allegedly misled investors about the severity of the cyberattack and its risks: these firms minimized or misrepresented the breaches’ scope and impact, including unauthorized access and data exfiltration.




New Malware WarmCookie Targets Users with Malicious Links

Source: Infosecurity Magazine

Covering the resurgence of WarmCookie malware, distributed via fake browser update prompts Users who click these deceptive alerts inadvertently download a backdoor capable of data theft, system profiling, and executing additional malware. The updated version operates stealthily, avoiding detection by antivirus software.




Half of Organizations Have Unmanaged Long-Lived Cloud Credentials

Source: Infosecurity Magazine

Nearly half of organizations have unmanaged long-lived cloud credentials, making them vulnerable to breaches. The study found widespread risks across Google Cloud, AWS, and Microsoft Entra, with many outdated keys. The report urges firms to adopt short-lived credentials and modern authentication methods to minimize threats. Guardrails like S3 Public Access Blocks are becoming more common to enhance security.




CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability

Source: The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of active exploitation of a critical Microsoft SharePoint vulnerability. This flaw allows attackers with Site Owner permissions to execute arbitrary code remotely via a deserialization issue. The presence of public proof-of-concept exploits heightens the risk.




Google Warns of Samsung Zero-Day Exploited in the Wild

Source: Security Week

Google’s Threat Analysis Group identified a zero-day flaw in Samsung’s Exynos processors, which is actively exploited. The vulnerability allows attackers to escalate privileges due to a use-after-free issue. Samsung has issued a fix in its October 2024 security update.



119 views

Help us Prevent Breaches.

We will never share or sell your information. Unsubscribe at any time.

Email: *

Received.

bottom of page