This Week’s Top 5 Cybersecurity News Stories October 2024 | 02

Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small, as we look at threats from espionage to security flaws in every day devices:

1. Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser

Microsoft has disclosed a vulnerability in Apple’s macOS Transparency, Consent, and Control (TCC) framework, tracked as CVE-2024-44133, which bypassed privacy controls in Safari. The flaw, dubbed “HM Surf,” allowed unauthorized access to sensitive data, such as camera, microphone, and location services, without user consent by manipulating local configuration files.

Apple patched the issue in macOS Sequoia 15, but Microsoft observed potential exploitation through the AdLoad macOS adware. The discovery highlights ongoing security challenges, especially in macOS environments with entitlements like those granted to Safari.

More details: The Hacker News.

2. Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

Researchers have uncovered Cicada3301, a ransomware-as-a-service (RaaS) operation, noted for its cross-platform capabilities, affecting devices running Windows, Linux, and more.

The group, linked to the now-defunct BlackCat ransomware, has compromised at least 30 organizations in critical sectors, primarily in the U.S. and U.K. Cicada3301 uses advanced encryption (ChaCha20 + RSA) and features an affiliate program, recruiting penetration testers and access brokers with a 20% commission. The ransomware shuts down virtual machines, deletes shadow copies, and encrypts network shares, maximizing the impact of its attacks.

More details: The Hacker News.

3. U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks

Two Sudanese brothers, Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer, were charged by U.S. authorities for orchestrating a record 35,000 distributed denial-of-service (DDoS) attacks within a year. The attacks, linked to the group Anonymous Sudan, targeted critical infrastructure and businesses globally, including Microsoft services.

The brothers operated a DDoS-for-hire botnet using a tool named Distributed Cloud Attack Tool (DCAT), causing over $10 million in damages. If convicted, Ahmed Salah faces a life sentence, while Alaa Salah could face up to five years in prison.

More details: The Hacker News.

 

4. Hacking Laptop With a BBQ Lighter to Gain Root Access

More details: Cyber Security News.

5. Talos warns of Russian-speaking hackers attacking Ukrainian and Polish companies

Russian-speaking hackers are launching cyberattacks against Ukraine and Poland, according to a report by Cisco Talos. The group, which is likely state-sponsored, is using phishing campaigns and custom malware to target organizations in sectors like transportation, logistics, and government.

These attacks coincide with the ongoing geopolitical tensions in the region, particularly related to the war in Ukraine. Talos has linked the group to previously identified threat actors, including Gamaredon and Sandworm, known for their sophisticated tactics. The attacks aim to disrupt operations and gather intelligence, underscoring the ongoing cybersecurity threats in Eastern Europe.

More details: Cyber News

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information please contact us now!