If hackers follow the Willie Sutton rule — going where the money/data/geopolitical leverage is, then professional sports organizations, or PSOs, represent a kind of perfect storm of motivation.

On August 12, Ivanti issued an advisory regarding a critical vulnerability in the Ivanti Virtual Traffic Manager (vTM), identified as CVE-2024-7593 with a CVSS score of 9.8. The vulnerability stems from an incorrect implementation of an authentication algorithm. Patches were released on August 19th for all affected versions. On September 24th, the vulnerability was added to the CISA Known Exploited Vulnerabilities Catalog (KEV), elevating its priority and risk.

In June, a cyberattack struck CDK Global, a software provider serving over 15,000 car dealerships across North America, causing widespread operational disruption. Beyond the immediate chaos, the cyberattack poses serious concerns for recent car buyers. If your dealership uses CDK Global software, personal data such as your Social Security number, employment details, and home address—may have been compromised.

A vulnerability affecting Apache HugeGraph-Server, categorized as CVE-2024-27348, was disclosed in August 2024 and recently added to the CISA Known Exploited Vulnerabilities (KEV) catalog on 9/18/2024. This flaw, found in Apache HugeGraph-Server versions 1.0.0 through 1.3.0, and affecting instances running Java 8 or 11, can result in remote code execution (RCE). Proof of Concept (PoC) exploit code has been released, along with a detailed analysis from SecureLayer7.

In December 2020, Ticketmaster was hit with a $10 million fine for an act of corporate espionage. The company had engaged in unauthorized access to a competitor's computer systems, using stolen login credentials to gather confidential business intelligence. Although this scandal broke nearly four years ago, it serves as a reminder of the legal and ethical responsibilities businesses must adhere to in today’s marketplace.

Adobe released a patch for a suspected zero-day vulnerability in Adobe Reader, identified as CVE-2024-41869. This vulnerability, a Use After Free (UAF) issue, can lead to arbitrary code execution, system crashes, or the return of unexpected values.

Last month, NIST published its first set of post-quantum cryptography (PQC) standards, setting a new benchmark for enterprises, government agencies, and vendors to withstand future cyberattacks from quantum computers. The time to start transitioning is now. Discover what’s at stake with CyberWatch.

Every second Tuesday of the month, Microsoft releases patches to their applications, services, and operating systems. Typically, these patches include a myriad of security fixes and this time around, for September of 2024, 79 different vulnerabilities have been addressed, including 4 zero-day vulnerabilities and 10 critical vulnerabilities.

A newly uncovered phishing campaign is exploiting the growing popularity of CapCut, a video editing tool developed by ByteDance. The attackers are utilizing a technique known as reputational hijacking, which allows them to embed malware within a legitimate-looking package, bypassing Smart App Control (SAC) and leaving users vulnerable to data theft and system compromise. This campaign represents a significant escalation in the tactics used by threat actors to evade detection.