This Week’s Top 5 Cybersecurity News Stories May 2024 | 02

Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small, as we look at threats from espionage to security flaws in every day devices:

1. Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

A report shared with The Hacker News has highlighted multiple security flaws in Xiaomi Android devices, affecting various applications and system components. These vulnerabilities could allow unauthorized access and operations such as arbitrary file theft, shell command injections, and leakage of user data. Key affected apps include Gallery, GetApps, Mi Video, and essential system services like the Print Spooler and Settings. Xiaomi has been informed, and users are urged to update their devices to prevent potential security breaches.

For more details, you can read the full article on The Hacker News.

2. Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

Hackers are exploiting a critical vulnerability in the LiteSpeed Cache plugin used by WordPress websites, identified as CVE-2023-40000, to gain unauthorized administrative access. The exploit allows attackers to escalate privileges via specially crafted HTTP requests, leading to unauthorized file manipulations and installations of malicious plugins. WordPress site administrators are urged to update the LiteSpeed Cache plugin to the latest version to prevent these security breaches.

Full details on this exploit and mitigation measures are available in the original article on The Hacker News.

3. Dell Hacked – 49 Million Customers Data Affected

Dell Technologies is investigating a significant data breach affecting a company portal that held basic customer information related to purchases. While the breach exposed names, physical addresses, and order details, no financial or highly sensitive data like emails or payment information was accessed. This breach potentially impacts approximately 49 million customers. Dell has responded by implementing security measures, notifying law enforcement, and hiring a third-party forensics firm to further investigate. Dell advises customers to watch for potential scams and report any suspicious activity.

For a detailed read, visit the full article on Cybersecurity News.

4. US lawmakers unveil bill to make it easier to restrict exports of AI models

A bipartisan bill has been introduced in the U.S. to enable the Biden administration to impose tighter export controls on AI models, aiming to protect critical American technology from foreign threats. The legislation would simplify the process of regulating both proprietary and open-source AI models and would fortify the legal standing of such regulations. This move comes amid increasing concerns about the use of American AI advancements by adversaries, such as China and Russia, in potentially harmful ways.

For more details, you can read the full article on Reuters.

5. Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign

The Kremlin-backed hacking group APT28 has targeted Polish government institutions in a sophisticated malware campaign. This operation used emails with enticing links to deploy malware, exploiting legitimate web services for stealth. The malware, hidden in seemingly benign files, could collect extensive data from the infected systems. This campaign is part of broader cyber-espionage efforts that also include attacks on iOS devices with XAgent spyware. Polish authorities advise blocking the implicated domains and filtering suspicious emails to counter these threats.

For more details, you can read the full article on The Hacker News.

Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.

For more information please contact us now!