November 14, 2024
This November, Microsoft released an update patching 87 vulnerabilities, including four critical ones and four zero-day vulnerabilities actively exploited in the wild. The update addresses CVE-2024-43451, which allows remote code execution, along with vulnerabilities in Azure and Exchange that could be leveraged to spread malware.
A newly discovered zero-day vulnerability in Windows, triggered by actions such as dragging-and-dropping files or deleting them, allows attackers to execute malicious commands remotely. Microsoft is investigating and preparing a patch to address this critical issue.
According to Tenable, 2024 will see increased attacks on AI platforms, leading to data leaks and "data poisoning." The year is also expected to witness a rise in investment frauds, including "pig butchering" scams and deepfake videos targeting potential investors around events like Bitcoin Halving.
A new exploit targeting CVE-2024-10914 in outdated D-Link NAS devices has been reported. This vulnerability will not be fixed by the manufacturer, so security experts advise replacing the devices to mitigate potential risks.
CrowdStrike announced a $300 million acquisition of Adaptive Shield to enhance its capabilities in data leak prevention and cloud rights management. October also saw 37 cybersecurity M&A deals, reflecting growing investment in security technologies.