This Week’s Top 5 News August 2023 | 01

With every passing day there are new cybersecurity events that have the potential to impact you or your company. We have rounded up five top cybersecurity news stories to help keep you up to date with cybersecurity issues around the world. From acts of espionage to simple code errors that could leak your private data.
Here are our top five new stories from the past week:

1. Microsoft Flags Growing Cybersecurity Concerns for Major Sporting Events

As cybersecurity experts, we’re echoing Microsoft’s recent alert on the escalating cyber threats besieging stadium operations and live sporting events. The landscape of cyber risk is expanding rapidly, with data-rich environments becoming prime targets for malicious actors. Critical information such as athletic performance metrics, competitive strategies, and personal data are lucrative lures for these cyber predators.
Tragically, even critical support services like hospitals are falling prey to disruptive ransomware attacks. We advocate for a proactive stance against these threats. Pre-event system configuration, comprehensive testing, and efficient snapshotting of systems and devices can serve as robust defense mechanisms. For more about this story Click here

 

2. Phishers Exploit Salesforce’s Email Services Zero-Day in Targeted Facebook Campaign

A highly sophisticated phishing campaign has been exploiting a zero-day flaw in Salesforce’s email services. These threat actors have manipulated Salesforce’s domain and infrastructure to create targeted phishing emails that appear to be from Meta. The emails claim that the recipient’s Facebook account is under investigation for impersonation, luring them to a rogue landing page designed to steal their account credentials and two-factor authentication codes. This attack uniquely hosts the phishing kit as a game on the Facebook apps platform, allowing it to bypass traditional anti-spam and anti-phishing mechanisms. For more about this story click here

 

3. Top Industries Significantly Impacted by Illicit Telegram Networks

The rise in illicit activities on online messaging platforms, particularly Telegram, is a growing concern for many industries. The platform’s accessibility, popularity, and anonymity have drawn numerous cybercriminals. These threat actors use Telegram to extend their operations and exploits, leading to increased cyberattacks and data leaks worldwide. While all industries can be affected, some are more significantly impacted. Common illicit activities on Telegram include buying, selling, and trading stolen credentials, data, and goods. This post will delve into these activities, the most affected industries, and strategies to lessen their organizational impact. For more about this story click here

 

4. Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable

Numerous security vulnerabilities have been revealed in the Ninja Forms WordPress plugin, which could be exploited by malicious actors to gain unauthorized privileges and steal sensitive data. These flaws, specifically CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, affect versions 3.6.25 and below. With Ninja Forms installed on over 800,000 sites, users are urged to update to version 3.6.26 to counter potential threats. Other vulnerabilities were also disclosed in the Freemius WordPress SDK and the HT Mega plugin, which could similarly be exploited for unauthorized privilege escalation. For more about this story click here

 

5. Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse

Apple is set to require developers to justify their use of certain APIs in apps with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10. The move aims to prevent API abuse for data collection and fingerprinting, which can be used to identify users across various apps and websites for targeted advertising. From Fall 2023, developers will need to declare the reasons for using these “Required Reason APIs” in their app’s privacy manifest. From Spring 2024, apps that fail to do so will be rejected. For more about this story click here

 

There are many ways cyber criminals will look to exploit your integral IT systems to access data or create chaos within your business for their own personal gain.
Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.

For more information please contact us now!