This Week’s Top 5 Cybersecurity News Stories June 2024 | 03
Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small, as we look at threats from espionage to security flaws in every day devices:
1. U.S. Bans Kaspersky Software, Citing National Security Risks
The U.S. Department of Commerce’s BIS has banned Kaspersky Lab’s U.S. subsidiary from offering its security software due to national security risks linked to Russian government influence. The ban, effective July 20, restricts Kaspersky from selling in the U.S., citing concerns over data theft and espionage. Kaspersky claims the decision disregards its transparency efforts. For more about this story click here
2. Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
Cybersecurity researchers revealed a patched buffer overflow flaw in Phoenix SecureCore UEFI firmware, affecting multiple Intel Core processors. Known as CVE-2024-0762, the “UEFIcanhazbufferoverflow” vulnerability allows local attackers to escalate privileges and execute malicious code. Phoenix Technologies and Lenovo have released fixes. UEFI firmware, crucial for device startup and security, remains a high-value target for persistent attacks. For more about this story click here
3. Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer
Cybercriminals are using free or pirated software to distribute Hijack Loader malware, which deploys Vidar Stealer. Users are tricked into downloading fake Cisco Webex apps, leading to data theft and cryptocurrency mining. The attack employs DLL side-loading and bypasses security measures. Recent campaigns also use PowerShell scripts and fake browser updates to spread various malware, highlighting evolving cyber threats. For more about this story click here
4. New Security Vulnerability Let Attackers Microsoft Corporate Email Accounts
A new security flaw allows attackers to impersonate Microsoft corporate email accounts, heightening phishing risks. Discovered by Vsevolod Kokorin, the bug affects Outlook’s 400 million users. Microsoft initially dismissed Kokorin’s report but has since reopened it. The vulnerability enables convincing phishing attacks, adding to Microsoft’s recent security challenges, including breaches by Chinese and Russian hackers. For more about this story click here
5. Warning: Markopolo’s Scam Targeting Crypto Users via Fake Meeting Software
A threat actor known as markopolo is behind a large-scale scam targeting cryptocurrency users with malware. Posing as a virtual meeting software, Vortax, and 23 other apps, the scam delivers Rhadamanthys, StealC, and AMOS malware. Victims are lured via social media and messaging apps, leading to significant financial losses, including one case of $245,000. For more about this story click here
At DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.
For more information please contact us now!