---
title: "Finastra Probes Breach, USDA Adopts FID, PAN-OS Zero-Day, Cybersecurity News [November 18, 2024] | DuoCircle"
description: "Finastra Probes Breach, USDA Adopts FID, PAN-OS Zero-Day, Cybersecurity News [November 18."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-48-of-2024/"
---

Quick Answer

Cybersecurity news for the week of November 18, 2024\. Fintech giant Finastra investigated a breach of its file-transfer platform after a threat actor ("abyss0") auctioned over 400 GB of data on the dark web; Finastra serves 45 of the world's top 50 banks, and the intrusion traces back to October via stolen credentials. The USDA adopted phishing-resistant FIDO authentication. A PAN-OS zero-day affected Palo Alto firewall management interfaces. VMware vCenter Server flaws continued to be exploited post-patch. A critical WordPress plugin flaw put millions of sites at risk.

Finastra Probes Breach, USDA Adopts FID, PAN-OS Zero-Day, Cybersecurity News \[November 18, 2024\]

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2024/11/Finastra-Probes-Breach-USDA-Adopts-FID-PAN-OS-Zero-Day-Cybersecurity-News-November-18-2024.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-48-of-2024%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Finastra%20Probes%20Breach%2C%20USDA%20Adopts%20FID%2C%20PAN-OS%20Zero-Day%2C%20Cybersecurity%20News%20%5BNovember%2018%2C%202024%5D&url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-48-of-2024%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-48-of-2024%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-48-of-2024%2F&title=Finastra%20Probes%20Breach%2C%20USDA%20Adopts%20FID%2C%20PAN-OS%20Zero-Day%2C%20Cybersecurity%20News%20%5BNovember%2018%2C%202024%5D "Share on Reddit") [ ](mailto:?subject=Finastra%20Probes%20Breach%2C%20USDA%20Adopts%20FID%2C%20PAN-OS%20Zero-Day%2C%20Cybersecurity%20News%20%5BNovember%2018%2C%202024%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-48-of-2024%2F "Share via Email") 

![cybersecurity news](https://media.mailhop.org/duocircle/images/2024/11/spf-validator-7.jpg) 

The wait is over! We’re here with this **week’s round-up** of the most pressing [cybersecurity](/) events and developments worldwide. The latest reports shed light on a significant data breach at a fintech giant, Finastra, efforts by the USDA to thwart phishing attacks with **advanced authentication measures**, a [zero-day vulnerability](/email-security/unpatched-dogwalk-a-new-microsoft-zero-day-vulnerability/) impacting PAN-OS devices, [VMware vCenter Server flaws](https://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html) being exploited post-patch, and a critical WordPress plugin vulnerability that puts millions of websites at risk. 

## Fintech Giant Finastra Investigating Massive Data Breach

Reports from authentic [news sources](https://krebsonsecurity.com/2024/11/fintech-giant-finastra-investigating-data-breach/) suggest the revelation of over 400 GB of sensitive information being exfiltrated allegedly by a threat actor who began auctioning this data on the hidden realms of the Internet, the Dark Web. This data breach is related to the incident at Global Fintech. Leader Finastra is still trying to cope with the massive data breach affecting its file transfer platform. As the **internal investigation suggests**, the breach impacts Finastra’s services, which cater to 45 of the world’s top 50 banks around the globe.

The company openly disclosed that the breach originated from compromised credentials. There were no signs of malware being deployed, ensuring optimal [malware protection](/resources/malware-and-its-defense-mechanism), and no customer files were tampered with. Presently, as a countermeasure, **Finastra has migrated** to an alternative secure file-sharing platform.

The detailed, thorough investigation reveals a complex timeline in relation to the cyberattack, to which the intruder has likely gained access as early as October. _By November 8\. the attacker (known by the pseudo name “abyss0” had disappeared from the cybercrime forums, leaving many questions unanswered_. On the other side, Finastra is sharing [Indicators of Compromise](https://www.trendmicro.com/vinfo/in/security/definition/indicators-of-compromise) (IoCs) with affected clients (showcasing its **commitment to transparency**) and working diligently to cover the breach’s full scope.

[![ malware protection](https://media.mailhop.org/duocircle/images/2024/11/email-sending-services-2901.jpg)](https://media.mailhop.org/duocircle/images/2024/11/email-sending-services-2901.jpg)

## USDA Eradicates Credential Phishing with FIDO Authentication

We might have, at some point in time, come across the cyberattack term called [Credential phishing](https://www.securitymagazine.com/articles/100569-credential-phishing-accounted-for-91-of-active-threat-reports) as it remains a dominant cyber threat in the market. In relation to this term, the attackers employ various [social engineering](/phishing-protection/social-engineering-is-a-growing-threat/) tools, techniques, and tactics to somehow allegedly bypass the traditional MFA ([Multi-factor authentication](https://www.techtarget.com/searchsecurity/definition/multifactor-authentication-MFA)) methods to compromise systems and steal valuable data and information that can further be used to **gain monetary benefits**.

Successfully addressing this severe, persistent issue, the [USDA](https://www.cisa.gov/news-events/news/usda-stops-credential-phishing-fido-authentication) has deployed [FIDO (Fast Identity Online)](https://fidoalliance.org/blog-fido-alliance-publishes-guidance-for-u-s-government-agency-deployment-of-fido-authentication/) authentication for nearly 40k employees, particularly benefiting those in environments unsuitable for standard PIV cards. Unlike the traditional heavy MFA (Multi-factor authentication) measure, FISO leverages [cryptographic keys](https://www.cloudflare.com/learning/ssl/what-is-a-cryptographic-key/) closely tied to **end-point devices**, which helps render stolen credentials that are useless to attackers.

This [case study](https://www.cisa.gov/resources-tools/resources/phishing-resistant-multi-factor-authentication-mfa-success-story-usdas-fast-identity-online-fido), which has been officially released by CISA, serves as a beacon for enterprises aiming to mitigate modern threats. The **USDA emphasized** continuous piloting of [innovative solutions](https://www.idmanagement.gov/playbooks/altauthn/) to always remain one step ahead of malicious actors. Also, in parallel, the organizations are encouraged to **adopt FIDO authentication**, which would help prevent account compromise even in the event that credentials are accidentally or intentionally disclosed. _This proactive approach by the USDA demonstrated how robust identity systems can boost cybersecurity resilience in government and enterprise sectors alike_.

## Reconfigure PAN-OS to Mitigate Exploited Zero-Day RCE Flaw

A big celebrated name in the security market, Palo Alto Networks recently disclosed a critical [zero-day remote code execution](https://www.sans.org/newsletters/newsbites/xxvi-89/) (RCE) vulnerability in its PAN-OS software. This vulnerability has been tracked under the identification number [CVE-2024-0012](https://security.paloaltonetworks.com/CVE-2024-0012) with a CVSS score of 9.3, which suggests the **high-severity nature** of the identified vulnerability.

This security flaw enables ill-intent attackers to gain administrator privileges via successfully compromising and exploiting the **web management interface**. As a remediating effort, Palo Alto has issued a set of guidelines to mitigate potential risks in the future. One such effort suggests ensuring management interfaces are inaccessible from the Internet to eradicate occurrences such as compromises, providing relief to an extent.

The attackers exploited this flaw way before its detection within the organization. It is raising serious concerns among the subject-matter experts regarding the alleged exploitation timeline involved in the incident. _The IoCs (Indicator of compromises) have been able to successfully procure the IP addresses and checksum linked to a web shell used in attacks_. This critical incident underscores the importance of **implementing best practices**, such as network segmentation and restricted access to individuals, to be attack-proof against [zero-day attacks](https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-used-in-attacks-on-intel-based-macs/).

## VMware vCenter Server Flaws Now Exploited Allowing for Privileged Access

[Broadcom](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968e) has made **esteemed headlines** in relating to the release of an advisory that reveals the active exploitation of two VMware [vCenter Server vulnerabilities](https://www.sans.org/newsletters/newsbites/xxvi-89/), which are as follows:

- A heap overflow with CVE identification of [CVE-2024-38812](https://nvd.nist.gov/vuln/detail/cve-2024-38812)
- A Privilege escalation bug with CVE identification of [CVE-2024-38813](https://nvd.nist.gov/vuln/detail/CVE-2024-38813).

[![malicious threat actor](https://media.mailhop.org/duocircle/images/2024/11/dmarc-report-5.jpg)](https://media.mailhop.org/duocircle/images/2024/11/dmarc-report-5.jpg)

At first, when the [security bugs](https://en.wikipedia.org/wiki/Security%5Fbug) were identified, quick remediation patches were introduced into the systems, but the development failed to fully address these issues, which required a second range of **security patches in October**. The activities indicating compromised systems or information or any relevant suspicious exploitation were not reported back then. Still, recent developments confirm that unpatched systems are now on [malicious threat actors](https://www.darkreading.com/cyberattacks-data-breaches/threat-actors-ramp-up-use-of-encoded-urls-to-bypass-secure-email)‘ radar and can be exploited if existential risks are mitigated properly.

These vulnerabilities are a major concern for enterprises that are heavily dependent or reliant on VMware systems for their critical day-to-day business operations. This flaw allows attackers to positively execute arbitrary code and elevate privileges in a **vertical and/or horizontal fashion**. _Broadcom advises immediately patching the vulnerabilities in order to safeguard systems from much more devastating effects, positively securing the vCenter management interfaces_. This articulated news piece suggests the importance of timely updates or patches to the critical labeled applications and systems to minimize their exposure. 

## Vulnerability Found in WordPress Plugin Leading to Unauthenticated Access

Recently, [WordPress](https://www.sans.org/newsletters/newsbites/xxvi-89/) has identified a critical vulnerability labeled as an authentication bypass vulnerability in a plugin. This “Really Simple Plugin” plugin affects all ranges of versions, including 9.0.0 to 9.1.1\. This [critical security flaw](https://www.bitdefender.com/en-us/blog/hotforsecurity/critical-security-flaw-leaves-over-a-million-wordpress-websites-vulnerable-to-hijacking) has been tracked under the CVE identification of [CVE-2024-10924](https://nvd.nist.gov/vuln/detail/CVE-2024-10924). It is associated with the improper handling of the plugin’s two-factor authentication (2FA) REST API crucial systems, which the malicious threat actors can easily exploit to get a dominant hand over the sensitive systems. By exploiting this vulnerability, the attackers can gain privileged **admin-level access** to websites, even when 2FA is enabled.

A leading WordPress security provider, [Wordfence](https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/), has flagged this as one of the most **severe vulnerabilities** in its entire history. WordPress has officially issued a patch to remediate the consequences of the flaw. _Even then, the users must consider or are urged to upgrade to version 9.1.2 or later to safeguard valuable information on systems_.

## Topics

cyber securityNewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 6m  Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News \[December 23, 2024\]  Jan 2, 2025 ](/blog/announcements/cyber-security-news-update-week-1-of-2025/)[  News 6m  Trust Wallet Hack, Browser Extension Espionage, Unleash Protocol Loss, Cybersecurity News \[December 29, 2025\]  Jan 5, 2026 ](/blog/announcements/cyber-security-news-update-week-1-of-2026/)[  News 7m  Bybit’s $1.5B Loss, FatalRAT Hits APAC, GitVenom Targets Wallets,, Cybersecurity News \[February 24, 2025\]  Mar 3, 2025 ](/blog/announcements/cyber-security-news-update-week-10-of-2025/)[  News 6m  LastPass Users Phished, Amazon Down US, UK Cybersecurity Boost, Cybersecurity News \[March 02, 2026\]  Mar 9, 2026 ](/blog/announcements/cyber-security-news-update-week-10-of-2026/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Finastra Probes Breach, USDA Adopts FID, PAN-OS Zero-Day, Cybersecurity News [November 18, 2024]","description":"Finastra Probes Breach, USDA Adopts FID, PAN-OS Zero-Day, Cybersecurity News [November 18.","url":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-48-of-2024/","datePublished":"2024-11-25T14:34:24.000Z","dateModified":"2025-08-22T14:40:19.000Z","dateCreated":"2024-11-25T14:34:24.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-48-of-2024/"},"articleSection":"announcements","keywords":"cyber security, News, Security, Updates","wordCount":1094,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/11/spf-validator-7.jpg","caption":"cybersecurity news","width":900,"height":506},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Finastra Probes Breach, USDA Adopts FID, PAN-OS Zero-Day, Cybersecurity News [November 18, 2024]","item":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-48-of-2024/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Finastra Probes Breach, USDA Adopts FID, PAN-OS Zero-Day, Cybersecurity News [November 18, 2024]","item":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-48-of-2024/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Finastra Probes Breach, USDA Adopts FID, PAN-OS Zero-Day, Cybersecurity News [November 18, 2024]","description":"Finastra Probes Breach, USDA Adopts FID, PAN-OS Zero-Day, Cybersecurity News [November 18.","url":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-48-of-2024/","datePublished":"2024-11-25T14:34:24.000Z","dateModified":"2025-08-22T14:40:19.000Z","dateCreated":"2024-11-25T14:34:24.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-48-of-2024/"},"articleSection":"announcements","keywords":"cyber security, News, Security, Updates","wordCount":1094,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/11/spf-validator-7.jpg","caption":"cybersecurity news","width":900,"height":506},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```