Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 20 – 2024

Publication date

17.05.2024

Featured Story

Patch Now: Another Google Zero-Day Under Exploit in the Wild

Google has released an emergency patch for CVE-2024-4947, the third Chrome zero-day vulnerability addressed in a single week. The flaw is under active exploitation, prompting immediate action from users. This vulnerability also impacts Chromium-based browsers like Microsoft Edge. Microsoft has acknowledged the issue and is working on a fix.

SOC Analysis: For the seventh time this year—and third time this week—Google was forced to issue an urgent patch. The Chromium engine used by both Chrome and Edge continues to be a prime target. Exploitation timelines are accelerating: where waiting a month to patch was once acceptable, it now poses serious risk. Immediate browser updates are essential.

Other Stories

Beware of Message Abusing Centre for Cybersecurity Belgium Logo and Name

A scam message is circulating claiming to be from the Centre for Cybersecurity Belgium (CCB), asking recipients to deposit €190 in exchange for a supposed €90,450 refund. The message is fraudulent and does not originate from the CCB.

SOC Analysis: Scammers are now mimicking the branding of cybersecurity authorities like the CCB. Ironically, this indicates CCB’s effectiveness—especially through reporting mechanisms like suspicious@safeonweb.be—is hurting scam operations.

QakBot Attacks with Windows Zero-Day (CVE-2024-30051)

Kaspersky researchers identified a real privilege escalation zero-day vulnerability in Windows Desktop Window Manager, now tracked as CVE-2024-30051. The flaw, exploited by QakBot and other malware, was patched by Microsoft on May 14.

SOC Analysis: This zero-day was actively exploited before discovery. Its association with major malware families like QakBot is concerning. As more threat actors gain resources to discover or buy zero-days, preemptive patching and monitoring become critical.

44% of Cybersecurity Professionals Struggle with Regulatory Compliance

According to research by Infosecurity Europe, nearly half of cybersecurity professionals struggle with complex and time-consuming regulations. Compliance with laws like SOX and the EU Cybersecurity Act remains a significant challenge for many organizations.

SOC Analysis: Regulatory complexity affects both our consultants and our SOC operations. The upcoming NIS2 directive is creating a wave of demand, as organizations work to align their processes and detection with legal requirements. Don’t hesitate to consult with our team for guidance.

Millions of IoT Devices at Risk From Flaws in Integrated Cellular Modem

Vulnerabilities in Telit’s Cinterion modems, used in critical IoT devices, expose systems to remote code execution. The most severe, CVE-2023-47610, allows attackers to execute arbitrary code via SMS messages.

SOC Analysis: IoT devices are often built for speed and durability—not security. As such, they are a growing target for attackers. Organizations must assess IoT exposure and apply rigorous patching and segmentation strategies to reduce risk.

Want to enhance your organization’s cyber awareness or compliance strategy? Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?