---
title: "Versa Networks Flaw, Hezbollah Supply Chain, MediaTek Wi-Fi Vulnerability, Cybersecurity News [September 23, 2024] | DuoCircle"
description: "Versa Networks Flaw, Hezbollah Supply Chain, MediaTek Wi-Fi Vulnerability, Cybersecurity News [September 23."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-40-of-2024/"
---

Quick Answer

Cybersecurity news for the week of September 23, 2024\. Versa Networks disclosed CVE-2024-45229 in Versa Director, a REST API flaw allowing unauthorized retrieval of authentication tokens; affected versions include 22.1.4, 22.1.3, 22.1.2, and 21.2.3 prior to September 12, 2024\. A supply-chain compromise was theorized after pager and walkie-talkie explosions in Lebanon and Syria killed 32 and injured over 3,250\. A zero-click flaw was found in MediaTek Wi-Fi chipsets. Transport for London disclosed a breach affecting 5,000 customers. The North Korea-linked Gleaming Pisces group used poisoned Python packages (PondRAT) to deliver backdoors via supply-chain attacks.

Versa Networks Flaw, Hezbollah Supply Chain, MediaTek Wi-Fi Vulnerability, Cybersecurity News \[September 23, 2024\]

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2024/09/Versa-Networks-Flaw-Hezbollah-Supply-Chain-MediaTek-Wi-Fi-Vulnerability---Cybersecurity-News-September-23-2024.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-40-of-2024%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Versa%20Networks%20Flaw%2C%20Hezbollah%20Supply%20Chain%2C%20MediaTek%20Wi-Fi%20Vulnerability%2C%20Cybersecurity%20News%20%5BSeptember%2023%2C%202024%5D&url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-40-of-2024%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-40-of-2024%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-40-of-2024%2F&title=Versa%20Networks%20Flaw%2C%20Hezbollah%20Supply%20Chain%2C%20MediaTek%20Wi-Fi%20Vulnerability%2C%20Cybersecurity%20News%20%5BSeptember%2023%2C%202024%5D "Share on Reddit") [ ](mailto:?subject=Versa%20Networks%20Flaw%2C%20Hezbollah%20Supply%20Chain%2C%20MediaTek%20Wi-Fi%20Vulnerability%2C%20Cybersecurity%20News%20%5BSeptember%2023%2C%202024%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-40-of-2024%2F "Share via Email") 

![cybersecurity news](https://media.mailhop.org/duocircle/images/2024/09/spf-validator-8.jpg) 

We’re back with the latest [cybersecurity](/) updates to inform you about recent threats and help you stay protected. This week, we’ll dive into how hackers are **exploiting Versa Director** through a critical vulnerability, the supply chain attack linked to [Hezbollah device explosions](https://www.bbc.com/news/articles/cz04m913m49o), a zero-click vulnerability in MediaTek Wi-Fi chipsets, Transport for London’s (TfL) data breach affecting 5,000 customers, and the latest campaign by the [North Korean-linked group](https://www.darkreading.com/vulnerabilities-threats/north-korea-linked-group-level-multistage-cyberattack-on-south-korea) Gleaming Pisces using [poisoned Python packages](https://www.blackhatethicalhacking.com/news/north-korean-hackers-deploy-pondrat-via-poisoned-python-packages-in-supply-chain-attacks/) to deliver backdoors. Let’s explore the news descriptions provided below!

## Versa Networks Identifies Critical Flaw in Versa Director (CVE-2024-45229)

[Versa Networks recently disclosed a severe vulnerability](https://www.cisa.gov/news-events/alerts/2024/09/20/versa-networks-releases-advisory-vulnerability-versa-director-cve-2024-45229) (CVE-2024-45229) in their **Versa Director software**, which allows unauthorized access to critical system APIs. Due to this critical-natured vulnerability, the software stands susceptible and/or vulnerable to exploitation by attackers since it has poor input validation checks in [REST APIs](https://www.ibm.com/topics/rest-apis) like login and registration pages. By injecting legitimate arguments into a GET request, attackers can retrieve authentication tokens from logged-in users.

_Further API calls can be initiated by having unauthorized access to these authentication tokens, allowing hackers to perform unauthorized actions_. Importantly, this vulnerability has not led to the exposure of [usernames or passwords](https://www.securitymagazine.com/articles/97825-24-billion-usernames-passwords-available-on-the-dark-web), but it affects all versions released before **September 12, 2024**.

Organizations using Versa Director should promptly upgrade to the **latest hotfix versions**. Versions affected include 22.1.4, 22.1.3, 22.1.2, and 21.2.3 (before September 9, 2024), while safe versions include identical versions updated after September 12, 2024\. Although there are no direct workarounds for the issue, utilizing a [Web Application Firewall (WAF)](https://www.techtarget.com/searchsecurity/definition/Web-application-firewall-WAF) or [API Gateway](https://www.geeksforgeeks.org/what-is-api-gateway-system-design/) can help block access to vulnerable APIs. _The Versa Directors not connected to the internet remain unvulnerable to the threat_. Versa Networks encourages its customers to upgrade their systems and monitor for [malicious activity](https://www.bleepingcomputer.com/news/security/hackers-deploy-ai-written-malware-in-targeted-attacks/).

## Supply Chain Attack Theorized in Hezbollah Explosions

Over 12 fatalities and 2,800 injuries were reported on September 17, when multiple pagers exploded across Lebanon and Syria. _Worsening the present situation at hand, the following day, another wave of explosions from walkie-talkies caused 20 additional deaths and injured more than 450 people_. Lebanese authorities suspect that Israeli military intelligence may have [intercepted the supply chain](https://www.sans.org/newsletters/newsbites/xxvi-72/) and altered the devices, purchased by Hezbollah as part of a **communications strategy** using older technology.

According to the **concerned officials**, the use of embedded explosives was found during these incidents. These explosives resulted in the most devastating and detrimental impact that no one could have ever imagined.

This incident strongly emphasizes the importance of protecting supply chains, particularly in the hardware sector. _We learned that even frequently used digital items, like USB sticks, could be meticulously compromised, leading to such sophisticated planned attacks_. Organizations must verify the integrity of devices beforehand and ensure that their supply chains are secure. Establishing clear communication with [third-party vendors](/dmarc/why-email-from-third-party-vendor-pass-spf-dkim-but-fail-dmarc/) about **safe security practices** and creating contingency plans for alternative communication methods is crucial in mitigating and efficiently handling these types of risks.

## Zero-Click Vulnerability in MediaTek Wi-Fi Chipsets CVE-2024-20017

[![zero-click vulnerability](https://media.mailhop.org/duocircle/images/2024/09/smtp-service-9845.jpg)](https://media.mailhop.org/duocircle/images/2024/09/smtp-service-9845.jpg)

A significant [zero-click vulnerability](https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/) recognized as **CVE-2024-20017** has been discovered in [MediaTek Wi-Fi chipsets](https://cyberinsider.com/mediatek-chip-flaw-exposing-millions-of-devices-gets-public-exploit/). This loophole can adversely affect many devices, including routers and smartphones mainly produced by manufacturers such as Ubiquiti, Xiaomi, and Netgear. With a CVSS 3.0 score of 9.8, this vulnerability allows remote code execution without any user interaction due to an out-of-bounds write issue in the Wappd network daemon, which manages wireless interfaces. Although MediaTek released patches in March 2024, a recent [public proof-of-concept (PoC)](https://www.computerweekly.com/news/366599232/Nearly-a-third-of-GenAI-projects-to-be-dropped-after-PoC) has increased the risk of exploitation.

_The vulnerability exists in the IAPP\_RcvHandlerSSB function, where crucial bounds checking on packet lengths is absent_. This security issue can consequently lead to the stack buffer overflow problem. Due to this, attackers can **freely bypass validation checks** and use [return-oriented programming (ROP)](https://securityintelligence.com/return-oriented-programming-rop-contemporary-exploits/) techniques to execute commands on affected devices, such as establishing reverse shells.

After pondering the adverse situation closely, SonicWall released two [intrusion prevention system (IPS)](https://www.fortinet.com/resources/cyberglossary/what-is-an-ips) signatures (20322 and 20323) to help detect and block future exploitation attempts. Users are urged to update their firmware immediately with the available **preventive and safeguarding measures** to avoid being compromised in the worst scenarios.

## Approx 5,000 Customers were notified of the Data Breach by Transport for London (TfL)

[Transport for London (TfL) recently notified](https://www.bbc.com/news/articles/ckgvxqdznjqo) its **5,000 customers and individuals** that their personal data may have been compromised in a [recent cybersecurity attack](https://abcnews.go.com/International/wireStory/police-probing-cyberattack-wi-fi-networks-uk-train-114176192). The breach exposed [sensitive information](https://www.securityweek.com/azure-kubernetes-services-vulnerability-exposed-sensitive-information/) of the victims, such as bank account details, sort codes, names, addresses, and Oyster refund data

The victims of the attack were informed via a letter warning them of the unauthorized access to their data by [malicious hackers](https://techcrunch.com/2024/07/19/us-cyber-agency-cisa-says-malicious-hackers-are-taking-advantage-of-crowdstrike-outage/), including sensitive data. The organization made **necessary arrangements** to help verify the authenticity of the notifications; TfL included unique identifiers in the letters and provided customer service contacts for further assistance.

_A 17-year-old was found guilty, and severe charges were imposed on him when evidence were found relating to the hack_. The TfL services stopped for almost three weeks after the incident. Customers could not apply for **new concession cards or access refunds**, resulting in significant losses for the organization. TfL has made substantial amendments to its security infrastructure after facing the adverse situation.

The [National Crime Agency](https://en.wikipedia.org/wiki/National%5FCrime%5FAgency) has raised concerns regarding the significant impact of such attacks on local communities and national infrastructure. TfL has apologized for the disruption and is working closely with the **Information Commissioner’s Office** and relevant government agencies to investigate the matter further.

## Gleaming Pisces Poisoned Python Packages Campaign

Researchers at Unit 42 have uncovered a [new cyber campaign](https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/) primarily led by the group Gleaming Pisces (also known as Citrine Sleet), which proved to have links with the North Korean country. This campaign mainly distributes backdoors to [Linux and macOS systems](https://www.darkreading.com/threat-intelligence/citrine-sleet-poisons-pypi-packages-mac-linux-malware) by leveraging poisoned Python packages available on the popular PyPI repository. PondRAT, the revised version of the previously known POOLRAT malware, a lightweight [malware](/resources/malware-and-its-defense-mechanism), was discovered during the investigation’s findings.

_The attacker’s main aim is to seek access to vendor-customer systems by targeting the software supply chain system, often targeting developer endpoints_. While the compromised packages have been removed from PyPI, organizations must remain alert and update their systems with the **latest recommended patches**.

[![software supply chain system](https://media.mailhop.org/duocircle/images/2024/09/sendgrid-alternative-4.jpg)](https://media.mailhop.org/duocircle/images/2024/09/sendgrid-alternative-4.jpg)

The attacking methodology involves decoding [malicious code embedded](https://therecord.media/malicious-backdoor-code-linux-red-hat-cisa) in the Python packages, which then runs several bash commands to download and install the backdoor. **Cortex XDR by Palo Alto Networks** has been successfully deployed to detect and prevent PondRAT and POOLRAT variants.

According to the report, many similarities were found between the Linux and macOS versions of PondRAT, including shared [encryption keys](https://www.techopedia.com/definition/25403/encryption-key) and command functions, providing an added advantage to this campaign being carried out by Gleaming Pisces. Organizations are recommended to update their systems with the latest patches and standards and also use tools like Advanced WildFire and behavioral **threat detection** to safeguard against these attacks.

## Topics

cyber securityNews 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 6m  Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News \[December 23, 2024\]  Jan 2, 2025 ](/blog/announcements/cyber-security-news-update-week-1-of-2025/)[  News 6m  Trust Wallet Hack, Browser Extension Espionage, Unleash Protocol Loss, Cybersecurity News \[December 29, 2025\]  Jan 5, 2026 ](/blog/announcements/cyber-security-news-update-week-1-of-2026/)[  News 7m  Bybit’s $1.5B Loss, FatalRAT Hits APAC, GitVenom Targets Wallets,, Cybersecurity News \[February 24, 2025\]  Mar 3, 2025 ](/blog/announcements/cyber-security-news-update-week-10-of-2025/)[  News 6m  LastPass Users Phished, Amazon Down US, UK Cybersecurity Boost, Cybersecurity News \[March 02, 2026\]  Mar 9, 2026 ](/blog/announcements/cyber-security-news-update-week-10-of-2026/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Versa Networks Flaw, Hezbollah Supply Chain, MediaTek Wi-Fi Vulnerability, Cybersecurity News [September 23, 2024]","description":"Versa Networks Flaw, Hezbollah Supply Chain, MediaTek Wi-Fi Vulnerability, Cybersecurity News [September 23.","url":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-40-of-2024/","datePublished":"2024-09-30T15:36:30.000Z","dateModified":"2025-09-01T13:29:01.000Z","dateCreated":"2024-09-30T15:36:30.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-40-of-2024/"},"articleSection":"announcements","keywords":"cyber security, News","wordCount":1141,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/09/spf-validator-8.jpg","caption":"cybersecurity news","width":900,"height":503},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Versa Networks Flaw, Hezbollah Supply Chain, MediaTek Wi-Fi Vulnerability, Cybersecurity News [September 23, 2024]","item":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-40-of-2024/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Versa Networks Flaw, Hezbollah Supply Chain, MediaTek Wi-Fi Vulnerability, Cybersecurity News [September 23, 2024]","item":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-40-of-2024/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Versa Networks Flaw, Hezbollah Supply Chain, MediaTek Wi-Fi Vulnerability, Cybersecurity News [September 23, 2024]","description":"Versa Networks Flaw, Hezbollah Supply Chain, MediaTek Wi-Fi Vulnerability, Cybersecurity News [September 23.","url":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-40-of-2024/","datePublished":"2024-09-30T15:36:30.000Z","dateModified":"2025-09-01T13:29:01.000Z","dateCreated":"2024-09-30T15:36:30.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-40-of-2024/"},"articleSection":"announcements","keywords":"cyber security, News","wordCount":1141,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/09/spf-validator-8.jpg","caption":"cybersecurity news","width":900,"height":503},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```