Cyber Briefing: 2024.11.29

👉 What are the latest cybersecurity alerts, incidents, and news?

Advantech, Industrial Wi-Fi Access Points, Phishing Scam, Internet Banking, Japan, Windows 11, Critical Vulnerability, Privilege Escalation, Jenkins, DoS Attacks, SQL Injection, Zabbix, Offshore Hackers, Bank of Uganda, Cyber Heist, SL Data Services, Data Exposure, Sensitive Personal Data, XT Exchange, Hack, Crypto, Indian Ministry of Agriculture, Website Hack, Gambling Platform, Victorian Coroners Court, Cyberattack, Canada, Cybersecurity Bill C-26, Error, Australia, Social Media Ban, Under 16, Crypto Hackers, $71M, November 2024, Solana Wallets, $21M DEXX Hack, Canary Technology Solutions, Layer 8 Security, Acquisition

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.

🚨 Cyber Alerts

1. Over 20 Flaws Found in Advantech Devices

Advantech’s EKI industrial-grade Wi-Fi access points have been found vulnerable to over 20 security flaws, including six critical issues that could allow attackers to execute code remotely, bypass authentication, and compromise devices entirely. Disclosed by Nozomi Networks, the vulnerabilities include improper OS command neutralization (CVE-2024–50370 through CVE-2024–50374) and a missing authentication flaw (CVE-2024–50375), both with CVSS scores of 9.8. Attackers could exploit these flaws to install backdoors, trigger denial-of-service (DoS) attacks, and gain persistent access.

2. Phishing Scam Targets Internet Banking Users

A new phishing scam targeting corporate internet banking users has emerged in Japan, prompting urgent warnings from authorities. The scam begins with fraudsters impersonating bank representatives over the phone, claiming that the victim’s internet banking certificate has expired. This false urgency leads to phishing emails with malicious links directing users to fake banking websites…