This Week’s Top 5 Cybersecurity News Stories November 2024 | 01
Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small, as we look at threats from espionage to security flaws in every day devices:
1. New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites
A sophisticated phishing kit, Xiū gǒu, has emerged, targeting users in Australia, Japan, Spain, the U.K., and the U.S. Developed by a Chinese-speaking threat actor, it uses Cloudflare and Telegram for concealment and credential theft.
Leveraging Rich Communication Services (RCS) messages, attackers lure victims with urgent notifications, while Google pilots new protections to curb phishing.
More details: The Hacker News.
2. LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites
A severe vulnerability (CVE-2024-50550) in the LiteSpeed Cache plugin for WordPress enables attackers to elevate privileges, risking admin access for over six million sites.
Exploiting weak security hash checks, attackers can bypass settings to simulate admin roles. Addressed in version 6.5.2, this flaw highlights the need for stronger security practices, as similar vulnerabilities continue to surface across WordPress plugins.
More details: The Hacker News.
3. New Windows Theme Zero-Day Vulnerability Let Attackers Steal Credentials
A new Windows theme vulnerability allows attackers to steal NTLM credentials by exploiting network requests embedded in theme files. Microsoft’s patch (CVE-2024-21320) addressed similar risks, but bypasses remain due to legacy methods.
Security firms, including 0patch, offer micropatches to protect all current and legacy Windows versions, including Windows 11. Microsoft has yet to release an official fix for this vulnerability.
More details: Cyber Security News.