In April of 2024, AT&T suffered a significant data breach where threat actors illegally downloaded call and text records of approximately 109 million customer accounts.The AT&T data breach was the result of compromised credentials used to access the company's Snowflake account. Snowflake, a cloud-based database provider, allows customers to perform data warehousing and analytics on large volumes of data. This breach is part of a broader wave of data theft attacks targeting Snowflake customers, attributed to the financially motivated threat actor UNC5537, who used credentials stolen via infostealer malware.

The Florida Department of Health (DOH) is currently addressing a significant ransomware attack that has severely impacted its vital statistics system, which processes birth and death certificates. The cybercriminal group RansomHub has claimed responsibility for the attack, asserting that it stole over 100 gigabytes of data, including personally identifiable information (PII) and protected health information (PHI). RansomHub began leaking the stolen data after the DoH missed a July 1 payment of ransom deadline.

On June 3, Cybersecurity researchers Sina Kheirkhah of Summoning Team and Soroush Dalili successfully completed a proof of concept exploit leveraging two vulnerabilities, CVE-2024-4358 and CVE-2024-1800. These vulnerabilities affect Progress Telerik Report Server and allow remote code execution utilizing deserialization and authentication bypass.

A critical vulnerability has been confirmed in select D-Link NAS devices, including DNS-340L, DNS-320L, DNS-327L, and DNS-325. Evidence suggests that other D-Link NAS devices may also be affected. The vulnerability, identified as CVE-2024-3273 (CVSS: 9.8), exploits the /cgi-bin/nas_sharing.cgi component of the HTTP GET Request Handler. By manipulating this component, an attacker can perform remote command injection to obtain hardcoded credentials. A publicly disclosed exploit developed by NetSecFish has confirmed the presence of this vulnerability. Network scans indicate that over 92,000 devices are affected.

Last November, a ransomware collective did something unprecedented. A week after breaching a fintech company, it wrote to the U.S. government. The criminals reported their own crime. They didn’t intend to turn themselves in, or give up anything they’d stolen, though. Quite the contrary: they wanted to wield the power of U.S. regulatory law against their victim. The stunt reflected a broader, sweeping change to how organizations across America must now handle their data breaches. And if fear was the goal, it certainly worked.

A critical vulnerability categorized as CVE-2024-24919 (CVSS 3.1: 7.5) has been identified in multiple Check Point products by the Check Point Research Division. This zero-day vulnerability allows attackers to access specific information on gateways connected to the internet with Remote Access VPN or Mobile Access enabled. On May 24th, Check Point detected increased threat actor activity targeting Remote Access VPN environments. On May 27th, a customer reported an attack leveraging this vulnerability.

On October 3rd, the prescription management company Sav-Rx experienced a significant cyberattack that resulted in the exposure of sensitive information. The incident was discovered on October 8th when the company experienced a network disruption. Despite the breach, Sav-Rx successfully restored its IT system within 24 hours. An investigation, which concluded on April 30th, revealed that the hackers accessed non-clinical systems and obtained files related to the company's medication benefits management services. The company has since notified law enforcement and affected individuals.

A vulnerability exists in the Universal Disk Format (UDF) for MacOS Sonoma versions prior to 14.5. This vulnerability, classified as CVE-2024-27842, was discovered by CertiK SkyFall. According to Apple, an attacker may be able to make an app execute arbitrary code with kernel-level privileges. Security researcher Wang Tielei has released Proof of Concept (PoC) exploit code demonstrating the existence of this vulnerability.

GitHub has remediated an authentication bypass vulnerability under CVE-2024-4985 (CVSSv4: 10.0). This vulnerability allows an attacker to use SAML single sign-on (SSO) authentication to sign in as a user with administrator privileges. This affects GitHub Enterprise Server (GHES) versions prior to 3.13.0 that use SAML SSO with encrypted assertions.