14th April Weekend- Patch Now! Breaches, Threats & Market Boom

Critical Flaws, Data Exposed & AI Investments Soar

Author

Pam C
April 14, 2024

This week's cybersecurity news is dominated by critical vulnerabilities. Patch immediately for both Microsoft's zero-day exploits and Palo Alto Networks' GlobalProtect flaw. Several companies, including Roku and AT&T, reported data breaches. Meanwhile, global threats are on the rise with Russia targeting US government emails. The cybersecurity market is booming, attracting investment in established players like OpenAI and new startups like Guardz. Don't miss articles on financial stability, cybersecurity awareness, and best practices for 2024.

Table of Contents

Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities

This article discusses Microsoft's April 2024 Patch Tuesday which includes fixes for two critical zero-day vulnerabilities. These vulnerabilities allowed attackers to remotely take control of systems and bypass security warnings for untrusted websites. Patching these vulnerabilities is crucial to protect your system. Other vendors also released security updates in April 2024. Malwarebytes

Palo Alto Networks found a critical flaw (CVE-2024-3400) in their GlobalProtect software that allows hackers to take full control of firewalls. This affects PAN-OS versions below 11.1.2-h3, 11.0.4-h1, and 10.2.9-h1, with a fix expected today, April 14th. Only firewalls with both GlobalProtect gateway and device telemetry enabled are vulnerable. While details on exploit nature and attackers are unknown, Palo Alto recommends enabling Threat ID 95187 for mitigation. Source

Roku says more than 500,000 accounts impacted in cyberattack

Streaming service provider Roku (ROKU.O) said on Friday it identified a second cyberattack that impacted about 576,000 additional accounts while investigating a breach that affected 15,000 user accounts earlier this year.

The company, which had more than 80 million active accounts, said the hackers did not gain access to any sensitive information such as full credit card numbers or other payment details.Link

Dutch chipmaker Nexperia hacked by cyber criminals

Dutch-headquartered chipmaker Nexperia was victim of a hacking attack by cyber criminals last month, the Chinese-owned company said on Friday, and was investigating the incident with the help of outside specialists."Nexperia has become aware that an unauthorized third party accessed certain Nexperia IT servers in March 2024," the company said in a statement, confirming an earlier report by Dutch broadcaster RTL. Source :

AT&T now says data breach impacted 51 million customers

AT&T data breach exposed millions of customers' personal information Bleeping Computer.

CISA issues Emergency Directive 24-02 in response to Russian cyber threat targeting Microsoft email accounts

CISA issued an Emergency Directive (ED) 24-02 to counter a Russian cyber threat targeting Microsoft email accounts used by federal agencies. industrialcyber.co

SAP’s April 2024 Updates Patch High-Severity Vulnerabilities

SAP has released 12 new and updated security notes on April 2024 Security Patch Day, including three notes dealing with high-severity vulnerabilities. Source:

This is an article about the cyber security services market. It discusses the market's growth and factors driving this growth. The market is expected to reach USD 445.3 billion by 2032, at a CAGR of 8.8%. The rise in cybercrimes and the increasing reliance on digital storage are among the factors driving this growth. The article also mentions some of the prominent players in the market.Cryptocurrency scams are eclipsing ransomware as the bigger threat, according to the FBI, with romance scams causing significant losses  المصدر: International Finance: https://internationalfinance.com/currency/crypto-scams-cost-more-ransomware-says-fbi-us-initiates-civil-forfeiture-action/. In 2023, victims lost a staggering USD 4.57 billion, a 38% increase compared to the previous year. These scams often involve fraudsters posing as women online to lure victims into investing on fake cryptocurrency platforms. When victims attempt to withdraw their funds, scammers hit them with fees. The US Department of Justice is actively pursuing avenues to recover stolen cryptocurrency.

This is an article about cyber threats to financial stability IMF. It discusses the increasing risk of cyberattacks and the potential for financial losses. The financial sector is especially vulnerable because of the sensitive data it handles. Cyberattacks can erode confidence in the financial system, disrupt critical services, and cause financial losses. The article also highlights the risks posed by cyberattacks on third-party IT service providers. To mitigate these risks, the authors recommend that authorities develop national cybersecurity strategies and that financial institutions improve their cybersecurity hygiene. International cooperation is also seen as essential.

This is an article about cybersecurity considerations for organizations in 2024. It discusses eight key considerations that CISOs should prioritize. These considerations aim to mitigate risk, drive business growth, and build resilience. Some of the important points from this article are that security should be integrated throughout the organization, and that CISOs need to respond quickly to changing regulations. kpmg.com

8 CYBESECURITY TRENDS TO WATCH IN 2024 

This is an article about cybersecurity trends in 2024 Sands Capital Ventures. It discusses eight themes that Sands Capital Ventures believes are important. Some of the important points are that AI security is a growing concern and that there is a need for better fraud detection methods. The article also predicts that passwordless authentication will become more common. Source :

CISO Corner: Securing the AI Supply Chain; AI-Powered Security Platforms; Fighting for Cyber Awareness

This Dark Reading article titled "CISO Corner: Securing the AI Supply Chain; AI-Powered Security Platforms; Fighting for Cyber Awareness" explores three key cybersecurity topics for CISOs (Chief Information Security Officers):

  1. Securing the AI Supply Chain: This section highlights the importance of ensuring the security of the components used to build AI systems, as vulnerabilities in these components can be exploited by attackers.

  2. AI-Powered Security Platforms: The article discusses the growing use of AI in cybersecurity platforms and the potential benefits of these tools for automating tasks and improving threat detection.

  3. Fighting for Cyber Awareness: This section emphasizes the ongoing challenge of raising awareness about cyber threats among employees and the importance of building a strong security culture within organizations.

Financial Insights on Cybersecurity Companies:

Palo Alto Networks Inc. (PANW)

Santa Clara, California-based Palo Alto Networks is an $87 billion world leader in cybersecurity. Its premiere product, Panorama, is offered as a comprehensive enterprise cybersecurity management solution to businesses and institutions all over the world. Panorama can be implemented on a virtual basis or as an on-site physical appliance system.

Most clients who buy Panorama sign up for the platform's subscription services to ensure constant threat assessments and virus prevention. This gives PANW significant, ongoing residual revenue. For companies that don't need or can't afford the full Panorama platform, PANW offers almost all of its software and applications à la carte. 

More than 40 Wall Street equity analysts follow PANW. Collectively, these analysts have arrived at a consensus earnings estimate for 2024 of $7.9 billion and $9.1 billion in 2025 – a 15% year-over-year increase. Source:

  • Cathie Wood’s Ark Investment Management has invested in OpenAI.

  • In the meantime, Elon Musk is seeking $4 billion to boost his xAI growth.

  • This money movement highlights investors’ interest in the artificial intelligence (AI) sector.

This is an article about investment in artificial intelligence (AI). It discusses Cathie Wood’s Ark Invest investing in OpenAI and Elon Musk seeking funding for his new AI company, xAI. OpenAI is a leading recipient of funding in the AI sector. Ark Invest believes AI is a rapidly evolving sector with great potential. Elon Musk’s xAI is seeking $4 billion to compete. Investors are concentrating on established players in the field, with some concern that new entrants may not be able to compete.

New Cybersecurity Start Up

Guardz EDITOR’S CHOICE This company creates security software for use by managed service providers. The targets for protection are the clients of the MSP rather than the MSP itself.Access a 14-day free trial. GUAEDZ website

Latest Aquisition 

HUB Cyber Security, a company that protects sensitive commercial and government information, acquired QPoint Technologies, an IT services company with a cybersecurity division. The acquisition will allow HUB to expand its customer base and service offerings. QPoint brings a diverse client list including Rafael Advanced Defense Systems, the Israel Airport Authority, and the Ministry of Defense of Israel. HUB sees the acquisition as an important step in its goal of becoming a leading global secure data fabric ecosystem. Source:

  • Cybersecurity company Wiz has acquired Gem Security, another cybersecurity firm (details on the nature of Gem Security not available).

  • This acquisition (details not available) suggests Wiz is expanding its presence in the cybersecurity market. Source:

Footer:
Thank you for reading the ZeroDay Alert Zone Newsletter. Stay tuned for more cybersecurity updates in our next edition! 

Don't miss out on the latest cybersecurity updates and insights! Subscribe to the ZeroDay Alert Zone Newsletter today and stay ahead of evolving cyber threats. From implementing Zero Trust controls to financial insights on cybersecurity stocks, our newsletter delivers valuable information straight to your inbox. Join us in safeguarding your digital world. Subscribe now]