Cybersecurity Digest for week of 12 July 2024

This week we talk about 

• Microsoft patches 140+ vulnerabilities including 2 zero days, in Patch Tuesday;
• Adobe patches critical issues in several of its products,
• 10 Billion Passwords leaked,
• 39,000 Ticket master tickets leaked,
• Chinese APT 40 hiijack routers
• Hackers are Targeting Wordpress plugins,  
• A new attack bypasses RADIUS authentication
• CISA adds 3 new CVEs to its KEV
• and more in this episode

Articles Mentioned In Order they appear in the Show: 

July 2024 Security Updates - Release Notes - Security Update Guide - Microsoft

Windows MSHTML zero-day used in malware attacks for over a year (bleepingcomputer.com)

Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112) - Check Point Research

Whispers of Atlantida: Safeguarding Your Digital Treasure | Rapid7 Blog

Adobe Product Security Incident Response Team (PSIRT)
RockYou2024: 10 billion passwords leaked in the largest compilation of all time | Cybernews

Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events (bleepingcomputer.com)

Advance Auto Parts data breach impacts 2.3 million people (bleepingcomputer.com)
APT40 Advisory | Cyber.gov.au

$3,094 Bounty Awarded and 150,000 WordPress Sites Protected Against Arbitrary File Upload Vulnerability Patched in Modern Events Calendar WordPress Plugin (wordfence.com)

VU#456537 - RADIUS protocol susceptible to forgery attacks. (cert.org)

BLAST RADIUS
Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool (thehackernews.com)
GitLab Critical Patch Release: 17.1.2, 17.0.4, 16.11.6 | GitLab

Notable CISA KEV Additions:

NVD - CVE-2024-23692 (nist.gov)
NVD - CVE-2024-38080 (nist.gov)
NVD - CVE-2024-38112 (nist.gov)