Monthly Security Bulletin – December 2024

This month’s security bulletin hot topics:

1.         SpyLoan Android malware on Google Play installed 8 million times

2.         Ubuntu Linux impacted by decade-old ‘needrestart’ flaw that gives root

3.         Malicious QR Codes: How big of a problem is it, really?

4.         Ford rejects breach allegations, says customer data not impacted

5.         D-Link urges users to retire VPN routers impacted by unfixed RCE flaw

6.         Critical RCE bug in VMware vCenter Server now exploited in attacks

7.         Fake Bitwarden ads on Facebook push info-stealing Chrome extension

8.         Microsoft 365 Admin portal abused to send sextortion emails

9.         T-Mobile confirms it was hacked in recent wave of telecom breaches

10.       GitHub projects targeted with malicious commits to frame researcher

11.       A Security-First Approach to 6G

12.       New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

13.       Amazon confirms employee data breach after vendor hack

14.       Malicious PyPI package with 37,000 downloads steals AWS keys

15.       Unpatched Mazda Connect bugs let hackers install persistent malware

16.       Palo Alto Networks warns of potential PAN-OS RCE vulnerability

17.       European govt air-gapped systems breached using custom malware

18.       Nokia investigates breach after hacker claims to steal source code

19.       DocuSign’s Envelopes API abused to send realistic fake invoices

20.       Schneider Electric confirms dev platform breach after hacker steals data

21.       Microsoft SharePoint RCE bug exploited to breach corporate network

22.       Synology hurries out patches for zero-days exploited at Pwn2Own