Infosec bits for 2024 week 45

Kgwadi Matenche | Nov. 11, 2024, 10:49 a.m.

Cybersecurity News:

Cyberattack disables tracking systems and panic alarms on British prison vans [Alexander Martin, Recorded Future News]

South Korea fined Meta $15.67m for illegally collecting and sharing Facebook users [Pierluigi Paganini, Security Affairs]

DocuSign's Envelopes API abused to send realistic fake invoices [Bill Toulas, Bleeping Computer]

INTERPOL Disrupts Over 22,000 Malicious Servers in Global Crackdown on Cybercrime [Ravie Lakshmanan, The Hacker News]

Google Cloud to Enforce MFA on Accounts in 2025 [Dark Reading Staff, Dark Reading]

Vulnerabilities & Patches:

Cisco Patches Critical Vulnerability in Industrial Networking Solution [Ionut Arghire, SecurityWeek]

Google fixes two Android zero-days used in targeted attacks [Bill Toulas, Bleeping Computer]

HPE Patches Critical Vulnerabilities in Aruba Access Points [Ionut Arghire, SecurityWeek]

Breaches & Leaks:

Washington courts' systems offline following weekend cyberattack [Sergiu Gatlan, Bleeping Computer]

Georgia hospital unable to access record system after ransomware attack [Jonathan Greig, Recorded Future News]

Major Oilfield Supplier Hit by Ransomware Attack [Kevin Poireault, Infosecurity Magazine]

Others:

Fabrice Malware on PyPI Has Been Stealing AWS Credentials for 3 Years [Waqas, HackRead]

Apple’s 45-day certificate proposal: A call to action [Help Net Security]

SelectBlinds says 200,000 customers impacted after hackers embed malware on site [Jonathan Greig, Recorded Future News]