This Week’s Top 5 Cybersecurity News Stories June 2024 | 01
Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small, as we look at threats from espionage to security flaws in every day devices:
1. FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims
The FBI announced possession of over 7,000 decryption keys for the LockBit ransomware, offering free assistance to affected victims. This comes after international efforts significantly weakened LockBit, including the indictment of its alleged Russian leader. Despite LockBit’s decline, the ransomware threat persists with new variants and groups emerging. The FBI advises against paying ransoms, as there’s no assurance the data won’t be misused later.
For more about this story click here
2. Hackers Target Python Developers with Fake “Crytic-Compilers” Package on PyPI
Cybersecurity researchers found a malicious Python package on PyPI named crytic-compilers, a typo-squatted version of the legitimate crytic-compile, which was designed to deliver the Lumma information stealer. This counterfeit package, downloaded 441 times before removal, mimicked the versioning of the authentic library to appear as an update, deceiving users into downloading malware. This incident highlights the growing trend of attackers targeting developers and exploiting open-source registries to distribute malware. For more about this story click here
3. Huge Surge in Attacks Exploiting Check Point VPN Zero-Day Vulnerability
Check Point revealed a critical vulnerability, CVE-2024-24919, with a CVSS score of 8.6, allowing attackers to access sensitive data on the Security Gateway. This vulnerability, exploitable via a crafted POST request, could potentially lead to domain admin privileges. Following its discovery and an advisory, exploitation attempts have surged globally. CISA has added it to its Known Exploited Vulnerabilities list. Immediate patching is urged due to the availability of a public proof of concept and increasing exploits. For more about this story click here
4. Confluence Data Center & Server Flaw Allows Remote Code Execution
Atlassian has identified a high-severity vulnerability, CVE-2024-21683, in its Confluence Data Center and Server products, rated 8.3 for severity. This flaw allows remote code execution if an attacker, with sufficient privileges, exploits the “Add a new language” function within the “Configure Code Macro” section by uploading a malicious JavaScript file. This vulnerability, which has been patched in the latest versions, could let attackers execute arbitrary commands on affected devices. For more about this story click here
5. London Hospitals Cancel Operations and Appointments After Being Hit in Ransomware Attack
Several London hospitals had to cancel operations and redirect patients due to a ransomware attack on Synnovis, a company providing pathology laboratory services. The cyberattack disrupted all of Synnovis’s IT systems, significantly impacting service delivery at King’s College, Guy’s and St Thomas’ hospitals, and other medical facilities across the city. The National Health Service is investigating the incident with national cybersecurity support. For more about this story click here
At DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.
For more information please contact us now!