Monthly Security Bulletin – September 2024
This month’s security bulletin hot topics:
1. Leaked GitHub Python Token
2. Windows Update downgrade attack “unpatches” fully-updated systems
3. 18-year-old security flaw in Firefox and Chrome exploited in attacks
4. New Windows SmartScreen bypass exploited as zero-day since March
5. NIST releases first encryption tools to resist quantum computing
6. Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled
7. National Public Data Published Its Own Passwords
8. Windows driver zero-day exploited by Lazarus hackers to install rootkit
9. Hackers use PHP exploit to backdoor Windows systems with new malware
10. Toyota confirms third-party data breach impacting customers
11. Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
12. New NGate Android malware uses NFC chip to steal credit card data
13. Qilin ransomware now steals credentials from Chrome browsers
14. Hackers now use AppDomain Injection to drop CobaltStrike beacons
15. SonicWall warns of critical access control flaw in SonicOS
16. Microsoft Sway abused in massive QR code phishing campaign
17. PoorTry Windows driver evolves into a full-featured EDR wiper
18. New Voldemort malware abuses Google Sheets to store stolen data