The number of US data breach victims in Q2 2024 increased annually by over 1000%, despite a 12% decrease in the actual number of incidents in those three months, according to the Identity Theft Resource Center (ITRC).
According to Crunchbase data, cybersecurity funding reached a two-year high in Q2 of 2024, with venture capitalists investing $4.4 billion in startups, the strongest quarter since 2022. This marked a 144% increase from the previous year.
Critical TE.0 HTTP Request Smuggling Vulnerability Impacts Thousands of Google Cloud-hosted Websites
This new class of HTTP Request Smuggling vulnerabilities poses a significant risk to thousands of websites, including those protected by Google’s Load Balancer and Identity-Aware Proxy (IAP).
A critical vulnerability (CVE-2024-36991) in Splunk Enterprise on Windows is considered more severe than initially thought, allowing attackers to grab passwords. Various proof-of-concept exploits have been published.
Operation Spincaster, involving law enforcement and government agencies across six countries, as well as 17 cryptocurrency exchanges, has identified 7,000 leads and $162 million in losses.
Targets of TAG-100’s attacks include intergovernmental and diplomatic entities in the Asia-Pacific region, religious organizations in the U.S. and Taiwan, as well as a political party supporting an investigation into the Chinese government.
Cisco has addressed a critical vulnerability that allows attackers to add new users with root privileges and crash Security Email Gateway (SEG) appliances by sending emails with malicious attachments.
The vulnerabilities (CVE-2024-23469, CVE-2024-23466, CVE-2024-23467, CVE-2024-28074, CVE-2024-23471, and CVE-2024-23470) were all rated with severity scores of 9.6/10 and posed risks of unauthorized actions and information disclosure.
With over 150 organizations in 25 countries affected, Qilin’s sophisticated tactics include exploiting vulnerabilities, using tools like Mimikatz for privilege escalation, and evading defenses by deleting logs and using PowerShell commands.
The scam involves deepfake videos of Elon Musk promising insights into the attack and encouraging viewers to participate in a cryptocurrency giveaway by scanning a QR code in the video.