This Week’s Top 5 Cybersecurity News Stories October 2024 | 03

Loading the Elevenlabs Text to Speech AudioNative Player...

Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small, as we look at threats from espionage to security flaws in every day devices:

1. Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations

LinkedIn faces a €310 million fine by Ireland’s Data Protection Commission for using users’ data in targeted ads without explicit consent, breaching GDPR standards.

This ruling highlights the EU’s firm stance on data transparency and fair processing, signaling that social media giants must prioritize user consent. Pinterest now faces similar scrutiny—will big tech truly adapt to GDPR?

More details: The Hacker News.

2. CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

CISA warns of active exploits targeting Microsoft SharePoint (CVE-2024-38094), adding it to the Known Exploited Vulnerabilities catalog. With public proof-of-concept exploits available, attackers can execute code with Site Owner permissions.

Meanwhile, Samsung’s mobile processors also faced exploitation in a privilege escalation chain. CISA’s latest rules urge faster vulnerability patching and stricter data access control to strengthen defenses.

More details: The Hacker News.

3. Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

Cisco has released patches for a critical flaw (CVE-2024-20481) affecting its Adaptive Security Appliance (ASA) VPN service, under active exploitation and vulnerable to denial-of-service (DoS) attacks through resource exhaustion.

Alongside, Cisco addresses three other high-severity flaws targeting Firepower and ASA systems, underscoring the urgency for rapid updates as brute-force campaigns increasingly target networking devices.

More details: The Hacker News.

 

4. Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices

Hardware researcher David Buchanan used a BBQ lighter to exploit laptop vulnerabilities via electromagnetic fault injection (EMFI). Targeting the DDR bus in a Samsung S3520 laptop, Buchanan induced memory errors by manipulating data lines with electromagnetic interference.

This led to two proof-of-concept attacks: a CPython sandbox escape and a Linux local privilege escalation (LPE), enabling unprivileged users to gain root access by corrupting memory. The LPE exploit successfully modified system files and spawned a root shell, with a 20-50% success rate. This research underscores the risks of physical access to hardware and vulnerabilities in memory systems.

More details: The Hacker News.

5. Georgia secretary of state’s office says it fended off cyberattack on voting website

Georgia’s Secretary of State confirmed a cyberattack attempt aimed at disrupting the state’s absentee ballot request website. While the attack temporarily slowed systems, it didn’t prevent voters from accessing ballots.

This incident highlights the growing cybersecurity challenges as early voting for the November 5 presidential election begins across the U.S., with Georgia at the center as a key battleground state.

More details: Reuters

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information please contact us now!