Security News Headlines #112

Security News Headlines for today

Today's news delves into critical security updates from Adobe and Cisco, new cybersecurity advisories for industrial systems, and the rise of cybercrime methods like proxyjacking and cryptomining. We also cover emerging threats like fake password managers targeting developers and growing ransomware defenses such as Google's air-gapped backup vault.

Adobe Releases Security Updates for Multiple Products
Adobe has issued security updates addressing critical vulnerabilities across its product suite, including Photoshop and Acrobat. These patches are essential to prevent potential exploitation through remote code execution vulnerabilities.

Cisco Smart Licensing Utility Receives Security Updates
Cisco has rolled out patches for its Smart Licensing Utility to fix vulnerabilities that could enable attackers to bypass security controls. Users are strongly encouraged to update their systems to avoid exploitation risks.

CISA Releases 25 Industrial Control Systems Advisories
CISA issued advisories for 25 industrial control systems (ICS) vulnerabilities, affecting critical infrastructure sectors. Organizations should review and apply necessary updates to safeguard against potential cyberattacks on operational technologies.

Cred Flusher and Stealers Exposed in Latest Threat Research
Researchers uncovered "Cred Flusher," a tool designed to exfiltrate credentials using popular stealers like Amadey and StealC. These findings show how attackers leverage legitimate tools for credential theft, highlighting the need for strong endpoint security.

How to Defend Against Common Geek Squad Scams
WeLiveSecurity outlines six common scams impersonating Geek Squad services, often used to trick victims into providing sensitive information or paying fake fees. Consumers are urged to verify communications and be cautious of unsolicited offers.

Selenium Grid Misused for Cryptomining and Proxyjacking
Selenium Grid, a popular automation tool, is being exploited by cybercriminals for cryptomining and proxyjacking activities. Organizations using Selenium Grid should ensure proper security controls are in place to prevent misuse.

Adobe Patch Tuesday Fixes Critical Vulnerabilities (September 2024)
Adobe’s September 2024 Patch Tuesday addressed several critical vulnerabilities across key products. These patches fix remote code execution flaws and other security issues, and users are urged to apply updates immediately.

WordPress Mandates Two-Factor Authentication (2FA)
WordPress has made two-factor authentication mandatory for all accounts, a move aimed at bolstering security and reducing account compromises. The platform's decision is part of broader efforts to protect users from phishing and brute-force attacks.

The Art and Science of Microsoft Threat Hunting (Part 3)
In the latest part of Microsoft’s series on threat hunting, the company discusses how a combination of advanced analytics and human expertise helps identify and neutralize sophisticated cyber threats before they escalate.

LVHN Faces Lawsuit After Ransomware Attack
Lehigh Valley Health Network (LVHN) is facing a lawsuit following a ransomware attack that exposed sensitive patient information. The case highlights the legal and reputational risks organizations face in the wake of data breaches.

Fake Password Manager Targets Python Developers
A fake coding test disguised as a password manager has been used to hack Python developers, stealing credentials and sensitive information. Developers are advised to verify the legitimacy of any third-party tools before use.

Google Introduces Air-Gapped Backup Vault to Defend Against Ransomware
Google has launched an air-gapped backup vault designed to protect data from ransomware attacks. This new feature isolates backups from network threats, offering an additional layer of defense against data loss.