This Week’s Top 5 Cybersecurity News Stories September 2024 | 02

Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small, as we look at threats from espionage to security flaws in every day devices:

1. New Android Malware ‘Ajina.Banker’ Steals Financial Data and Bypasses 2FA via Telegram

A new Android malware, Ajina.Banker, is targeting Central Asia, harvesting financial data and intercepting 2FA messages since November 2023. Disguised as legitimate apps on Telegram, it spreads rapidly through local community chats. This coordinated attack, discovered by Group-IB, exploits regional trust and evades bans with clever automation, posing a serious threat to unsuspecting users. For more about this story click here

 

2. Top 3 Threat Report Insights for Q2 2024

Cato CTRL’s latest report uncovers IntelBroker, a notorious figure in the dark web, selling data from major organizations like Apple and Microsoft. It also highlights that 66% of brand spoofing targets Amazon, and Log4j remains a popular exploit among hackers. To combat these threats, Cato CTRL advises vigilant monitoring, proactive patching, and adopting an “assume breach” mentality.. For more about this story click here

 

3. Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

Iraqi government networks have become the target of a sophisticated cyber attack by Iran’s OilRig group, using custom malware to infiltrate key organizations like the Prime Minister’s Office. The attack involves advanced techniques, including DNS tunneling and email-based command channels, highlighting a persistent and evolving threat from Iranian state-sponsored hackers in the region.. For more about this story click here

 

4.  DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

A Chinese-speaking group, DragonRank, is orchestrating a black hat SEO campaign targeting countries in Asia and Europe. They compromise web servers, deploying malware like PlugX and BadIIS to manipulate search engine rankings for malicious purposes. This versatile campaign spans industries and uses sophisticated techniques to boost fraudulent websites, revealing a new level of cybercriminal ingenuity.    For more about this story click here

 

5. WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers

Starting October 1, 2024, WordPress.org will mandate two-factor authentication (2FA) for accounts that can update plugins and themes, enhancing security for millions of sites. This measure, along with new SVN passwords, aims to prevent unauthorized access and safeguard the WordPress community from supply chain attacks. These steps are crucial in defending against the growing threats targeting outdated software and weak passwords.. For more about this story click here

 

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information please contact us now!