In this episode, we delve into some of the most pressing issues in cybersecurity. We begin by discussing vulnerabilities found in Palo Alto Networks' Expedition software that could allow attackers to access sensitive data and compromise critical systems, leading CISA to issue a December 2024 deadline for federal agencies to apply mitigations. We then touch on a massive data leak involving Microsoft Power Pages and explore how cloud-based services are creating new challenges for data security. Additionally, we cover cyber-espionage campaigns targeting telecommunications providers, orchestrated by Chinese hackers, and a warning from Swiss authorities about malicious QR codes that install malware on Android devices. Iranian hackers have also been actively targeting Israeli organizations through WezRat malware in a surge of cyber-attacks driven by geopolitical tensions. We also review updates around the sentencing of the Bitfinex hacker, responsible for one of the largest cryptocurrency thefts in history. In the tech space, Microsoft faces criticism after pulling its latest Exchange Server updates due to mail delivery issues, while simultaneously signaling the end of the Windows 10 Beta Channel in favor of Windows 11. We explore concerns around 'security tool sprawl' in organizations, emphasizing the need for consolidation, and close with a discussion on how the OSC&R framework can enhance resilience against software supply chain threats. Lastly, new malware, Glove Stealer, is exploiting vulnerabilities to steal sensitive data from Chrome, highlighting the ongoing threats to browser security.

https://healsecurity.com/