Cyber Weekly Digest - 2024 Week #34

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Cyber Weekly Digest

👋 Welcome to the 34th edition Cyber Weekly Digest of 2024

We are incredibly excited to be back in 🏴󠁧󠁢󠁳󠁣󠁴󠁿 Scotland 🏴󠁧󠁢󠁳󠁣󠁴󠁿 next month for DIGIT.FYI  Scot-Secure West in Glasgow on the 11th September. This year we will be joined by Egress, a KnowBe4 company, Automox, Bugcrowd and One Identity!

Make sure you sign up here for your ticket

📢 This week we announced our new partnership with Immersive Labs, the global leader in people-centric cyber resilience! Focused on equipping workforces with the knowledge and skills needed to effectively prevent and respond to cyber threats, can't wait to share more...

🎳 Would also like to thank the teams at Ignition and illumio this week for hosting us at their partner kick off event. Fantastic to meet the people behind the tech and learn about the future of #ZeroTrustSegmentation. Watch this space!

😁 Dad Joke of the Week: I adopted a dog from a blacksmith. As soon as I brought him home, he made a bolt for the door.

New and noteworthy from our vendor community this week:

 

🟣 #QuantumComputing is on the horizon, and it poses a significant risk to current encryption methods. With NIST’s new post-quantum encryption standards now finalised, it’s essential to understand how they can help protect your data.

In their latest blog, Ben McCarthy, Immersive Labs Lead Cybersecurity Engineer, shares:

🔍 NIST’s new standards and their impact

🛡️ How #QuantumComputing could threaten #DataSecurity

🔧 Steps to future-proof your organisation

🟣 We are thrilled to see illumio recognised in five of the Gartner Hype Cycle reports!

Learn why Gartner considers #microsegmentation a high-benefit technology in their latest blog post and how, with illumio ZTS you can quickly and easily:

👀 See Risk

✍🏽 Set Policy

🛑 Stop the Spread

🟣 Sticking with Hype Cycle buzz - Automox has been recognised as a Sample Vendor for Autonomous Endpoint Management (AEM) in three Gartner Hype Cycle reports: IT Management Intelligence, I&O Automation, and Digital Workplace Infrastructure and IT Operations for 2024.

✅ IT overhead reduction

✅ Compliance increase

✅ Employee enablement and business value-added work

Last but not least...

🟣 What is MFA fatigue? It's a social engineering attack where hackers bombard users with repeated MFA requests until they approve one out of frustration.

Learn how these attacks work with One Identity, sharing proven methods to prevent them and real-world examples including:

🔵 Cisco

🍏 Apple

🚖 Uber

Now, let's take a look at our top Cyber Security News picks of the week:

☠️ This week we were warned of wild goings on with #Google, disturbing news for visitors of #OregonZoo and a #CyberAttack on American microchips (not to be confused with the 90's classic snack box)

1. Qilin Ransomware Now Steals Credentials from Chrome Browsers

The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser. The credential-harvesting techniques has been observed by the Sophos X-Ops team during incident response engagements and marks an alarming change on the ransomware scene.

2. Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page," according to a description of the bug in the NIST National Vulnerability Database (NVD).

 

3. Oregon Zoo Warns Visitors their Credit Card Details were Stolen

Oregon Zoo is informing that visitors who purchased tickets online between December and June had their payment card information compromised. Formerly Portland Zoo and Washington Park Zoo, Oregon Zoo is a 64-acre zoo owned by the regional Metro government. It is home to 1,800 animals from 232 species, including 28 on the endangered and threatened list. It is the state’s largest zoo and one of the most popular tourist attractions, with more than 1.7 million visitors every year.

 

4. Microchip Technology Discloses Cyberattack Impacting Operations

American chipmaker Microchip Technology Incorporated has disclosed that a cyberattack impacted its systems over the weekend, disrupting operations across multiple manufacturing facilities. Headquartered in Chandler, Arizona, the company has roughly 123,000 customers across multiple industry sectors, including industrial, automotive, consumer, aerospace and defense, communications, and computing markets. Due to an incident, some Microchip Technology manufacturing facilities operate at reduced capacity, affecting the company's ability to meet orders. Microchip Technology also had to take steps to manage the situation, such as shutting down some systems and isolating the affected ones following the breach.

5. SolarWinds Left Critical Hardcoded Credentials in its Web Help Desk Product

SolarWinds left hardcoded credentials in its Web Help Desk product that can be used by remote, unauthenticated attackers to log into vulnerable instances, access internal functionality, and modify sensitive data The software maker has now issued an update to address that critical oversight; its users are encouraged to install the fix, which presumably removes the baked-in creds.

©2025 Cyber Vigilance

Powered by Disruptive

+44 (0) 1483 948090

info@cybervigilance.uk

Naggs Stable, Old Portsmouth Road, Guildford, Surrey, England, GU3 1LP