Monthly Security Bulletin – September 2024

This month’s security bulletin hot topics:

1.         Leaked GitHub Python Token

2.         Windows Update downgrade attack “unpatches” fully-updated systems

3.         18-year-old security flaw in Firefox and Chrome exploited in attacks

4.         New Windows SmartScreen bypass exploited as zero-day since March

5.         NIST releases first encryption tools to resist quantum computing

6.         Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled

7.         National Public Data Published Its Own Passwords

8.         Windows driver zero-day exploited by Lazarus hackers to install rootkit

9.         Hackers use PHP exploit to backdoor Windows systems with new malware

10.       Toyota confirms third-party data breach impacting customers

11.       Litespeed Cache bug exposes millions of WordPress sites to takeover attacks

12.       New NGate Android malware uses NFC chip to steal credit card data

13.       Qilin ransomware now steals credentials from Chrome browsers

14.       Hackers now use AppDomain Injection to drop CobaltStrike beacons

15.       SonicWall warns of critical access control flaw in SonicOS

16.       Microsoft Sway abused in massive QR code phishing campaign

17.       PoorTry Windows driver evolves into a full-featured EDR wiper

18.       New Voldemort malware abuses Google Sheets to store stolen data