Major Breaches and Vulnerabilities Highlight Cybersecurity Risks Today
Major Breaches and Vulnerabilities Highlight Cybersecurity Risks Today
Today, October 15, 2024, the cybersecurity landscape is marked by two notable breaches: Fidelity Investments and Internet Archive. Fidelity reported unauthorized access affecting approximately 77,000 customers, compromising sensitive data including Social Security numbers and account details (source). The Internet Archive suffered a devastating breach impacting 31 million users, exposing usernames, email addresses, and password hashes, alongside a DDoS attack (source). Additionally, a ransomware attack on Starbucks, linked to a third-party vendor, highlights supply chain vulnerabilities (source).
In terms of vulnerabilities, CISA has added three high-risk CVEs to its Known Exploited Vulnerabilities Catalog: CVE-2024-30088 (Microsoft Windows Kernel race condition), CVE-2024-9680 (Mozilla Firefox use-after-free), and CVE-2024-28987 (SolarWinds hardcoded credentials) (source). Furthermore, Zendesk's recent security flaw allowing unauthorized access to customer support tickets underscores the need for vigilance in CRM platforms (source).
Also In Security Today
- Fidelity Investments Breach: Unauthorized access has compromised data of 77,000 customers, including sensitive information like Social Security numbers.
- Internet Archive Incident: A breach revealed data from 31 million users, exacerbated by a DDoS attack, raising concerns about data security for nonprofit organizations.
- Starbucks Ransomware Attack: A third-party vendor was targeted, showcasing the ongoing risks in supply chain security that affect major businesses.
- Zendesk Vulnerability: A flaw in Zendesk’s email collaboration feature has led to unauthorized access to confidential customer support tickets, endangering user data across multiple organizations.