This Week’s Top 5 Cybersecurity News Stories September 2024 | 04
Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small, as we look at threats from espionage to security flaws in every day devices:
1. Why ‘Never Expire’ Passwords Can Be a Risky Decision
Password resets are a common frustration for both users and IT teams. While password expirations aim to protect against attacks, are they really necessary? This post explores the reasons behind expiration policies, the trend of eliminating them, and the potential risks of ‘never expire’ passwords. Learn how balancing password strength, detection, and management can enhance security without the burden of frequent resets.
For more about this story click here
2. Telegram Agrees to Share User Data With Authorities for Criminal Investigations
Telegram has announced a significant policy shift, now allowing the disclosure of users’ IP addresses and phone numbers to authorities in response to valid legal requests, aiming to combat criminal activities. This marks a departure from their previous stance, which limited data sharing to terror-related cases. The change comes amid increasing scrutiny, including the arrest of CEO Pavel Durov in France, and follows the platform’s reputation for harboring illegal activities. Telegram is also enhancing its moderation efforts and updating its search feature to combat illicit content.
For more about this story click here
3. Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware
A recent watering hole attack has compromised 25 Kurdish-linked websites, collecting sensitive data for over 18 months. Dubbed “SilentSelfie,” the campaign, revealed by French cybersecurity firm Sekoia, used malicious scripts to gather users’ locations, device details, and even access Android devices via rogue APK files. While the attacker remains unidentified, this long-running intrusion targeted Kurdish media, political, and military sites. The low sophistication suggests the work of a relatively inexperienced threat actor.
For more about this story click here
4. Passwordless AND Keyless: The Future of (Privileged) Access Management
Many organizations manage secrets like passwords, accounts, and TLS certificates using PAM solutions, but SSH keys often fly under the radar. SSH keys, unlike passwords, are self-provisioned, don’t expire by default, and are widely used in automated machine-to-machine connections, making them hard to manage. Traditional PAMs fall short in SSH key management, leading to vulnerabilities. Moving to ephemeral, credential-less access provides a modern solution, reducing complexity and risk. Discover how to future-proof your security with keyless and passwordless access management tools.
For more about this story click here
5. Europol Shuts Down iServer Phishing Scheme and Ghost Cybercrime Chat Platform
Law enforcement has dismantled an international phishing-as-a-service (PhaaS) platform, iServer, responsible for unlocking over 1.2 million stolen mobile phones. The platform, targeting Spanish-speaking users across multiple countries, harvested credentials through phishing pages designed to unlock phones. The operation, which involved arrests and large-scale seizures, highlights growing cybercrime sophistication. Meanwhile, Europol also disrupted the encrypted communications network, Ghost, used by criminal syndicates, further exposing illegal activities globally. These actions underscore the increasing complexity of tackling cybercrime across various platforms and networks.
For more about this story click here
At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.
For more information please contact us now!