MITRE top 25 for 2024. New Linux malware. Microsoft launches Zero Day Quest.  23rd November 2024

Hi folks!

A day late, since yesterday was exam time. I think it went well! I'm glad it's over though. Now it's time to focus on family, relaxation, and then get back to the normal work routine :-) But first, a short digest of this week's news! Have a good one!

Quick stories

• MITRE shares 2024's top 25 most dangerous software weaknesses: link.
• Chinese hackers target Linux with new WolfsBane malware: link.
• Microsoft launches Zero Day Quest hacking event with $4 million in rewards: link.
• GitHub projects targeted with malicious commits to frame researcher: link.
• CISOs can now obtain professional liability insurance: link.

Breaches and leaks

• Cyberattack at French hospital exposes health data of 750,000 patients: link.
• T-Mobile confirms it was hacked in recent wave of telecom breaches: link.
• US space tech giant Maxar discloses employee data breach: link.
• Fintech giant Finastra investigates data breach after SFTP hack: link.
• Gambling and lottery giant disrupted by cyberattack: link.
• AI company tells SEC that $250,000 stolen in cyberattack: link.

Issues and fixes

• Apple fixes two zero-days used in attacks on Intel-based Macs: link.
• Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root: link.
• Critical RCE bug in VMware vCenter Server now exploited in attacks: link.
• Palo Alto Networks patches two firewall zero-days used in attacks: link.
• Over 2,000 Palo Alto firewalls hacked using recently patched bugs: link.
• Chinese hackers exploit Fortinet VPN zero-day to steal credentials: link.
• Fortinet VPN design flaw hides successful brute-force attacks: link.
• Oracle warns of Agile PLM file disclosure flaw exploited in attacks: link.
• Security plugin flaw in millions of WordPress sites gives admin access: link.