Monthly Security Bulletin – October 2024

This month’s security bulletin hot topics:

1. Operation WordDrone – Drone manufacturers are being targeted in Taiwan

2. Zyxel warns of critical OS command injection flaw in routers

3. Revival Hijack supply-chain attack threatens 22,000 PyPI packages

4. Cisco warns of backdoor admin account in Smart Licensing Utility

5. Veeam warns of critical RCE flaw in Backup & Replication software

6. New Eucleak attack lets threat actors clone YubiKey FIDO keys

7. Australia Threatens to Force Companies to Break Encryption

8. Bug Left Some Windows PCs Dangerously Unpatched

9. New Linux malware Hadooken targets Oracle WebLogic servers

10. Malware locks browser in kiosk mode to steal Google credentials

11. Over 1,000 ServiceNow instances found leaking corporate KB data

12. Ransomware gangs now abuse Microsoft Azure tool for data theft

13. Tor says it’s “still safe” amid reports of police deanonymizing users

14. Unexplained ‘Noise Storms’ flood the Internet, puzzle experts

15. This Windows PowerShell Phish Has Scary Potential

16. Dell investigates data breach claims after hacker leaks employee info

17. Kaspersky deletes itself, installs UltraAV antivirus without warning

18. Telegram now shares users’ IP and phone number on legal requests

19. Israel’s Pager Attacks and Supply Chain Vulnerabilities

20. New Octo Android malware version impersonates NordVPN, Google Chrome

21. New Windows Malware Locks Computer in Kiosk Mode

22. Fake WalletConnect app on Google Play steals Android users’ crypto

23. Critical flaw in NVIDIA Container Toolkit allows full host takeover

24. Windows 11 KB5043145 update causes reboot loops, blue screens