Monthly Security Bulletin – July 2024

This month’s security bulletin hot topics:

1.          Hackers exploit critical D-Link DIR-859 router flaw to steal passwords

2.         Meet Brain Cipher — The new ransomware behind Indonesia’s data center attack

3.         Infosys McCamish says LockBit stole data of 6 million people

4.         Ticketmaster sends notifications about recent massive data breach

5.         TeamViewer links corporate cyberattack to Russian state hackers

6.         Critical GitLab bug lets attackers run pipelines as any user

7.         Plugins on WordPress.org backdoored in supply chain attack

8.         Polyfill.io JavaScript supply chain attack impacts over 100K sites

9.         New attack uses MSC files and Windows XSS flaw to breach networks

10.       Facebook PrestaShop module exploited to steal credit cards

11.       Phoenix UEFI vulnerability impacts hundreds of Intel PC models

12.       CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites

13.       Linux version of RansomHub ransomware targets VMware ESXi VMs

14.       SolarWinds Serv-U path traversal flaw actively exploited in attacks

15.       VMware fixes critical vCenter RCE vulnerability, patch now

16.       Fake Google Chrome errors trick you into running malicious PowerShell scripts

17.       New ARM ‘TIKTAG’ attack impacts Google Chrome, Linux systems

18.       New Linux malware is controlled through emojis sent from Discord

19.       ASUS warns of critical remote authentication bypass on 7 routers

20.       ASUS warns of critical remote authentication bypass on 7 routers

21.       CISA warns of Windows bug exploited in ransomware attacks

22.       Phishing emails abuse Windows search protocol to push malicious scripts

23.       Azure Service Tags tagged as security risk, Microsoft disagrees