This Week’s Top 5 Cybersecurity News Stories November 2024 | 02

Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small, as we look at threats from espionage to security flaws in every day devices:

 

1. New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus

A new malware campaign, CRON#TRAP, leverages a unique twist: infecting Windows systems with a hidden Linux virtual machine backdoor, granting attackers remote access.

Distributed through phishing emails masked as “OneAmerica surveys,” this stealthy tactic uses QEMU to run a concealed Linux instance on the host. The campaign underscores evolving threats requiring advanced detection and security strategies.

More details: The Hacker News.

 

2. North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

A sophisticated cyber campaign by North Korean threat actor BlueNoroff, dubbed Hidden Risk, is targeting cryptocurrency businesses, deploying multi-stage malware on macOS via fake crypto news PDFs.

Using signed, notarized apps, BlueNoroff gains persistent access by evading Apple’s macOS warnings. This campaign, aligned with other DPRK cyber initiatives, demonstrates the evolving, stealthy tactics in the cyber realm, especially around crypto-related industries.

More details: The Hacker News.

 

3. Schneider Electric confirms dev platform breach after hacker steals data

Schneider Electric confirmed a breach in its developer platform after a hacker, “Grep,” allegedly stole 40GB of data from their JIRA server. Gaining access via exposed credentials, Grep claims to have extracted 400,000 rows of user data, including 75,000 email addresses.

Now rebranded as the Hellcat ransomware gang, the group demands $125,000 to prevent data leaks, marking a new wave of extortion tactics targeting major firms.

More details: Bleeping Computer.

 

4. China state-linked group accused of hacking SingTel, Bloomberg News reports

Singapore’s telecom giant SingTel confirmed a malware breach in June, reportedly linked to China’s state-sponsored hacking group Volt Typhoon.

Though no data was exfiltrated, Bloomberg suggests this breach could be a test run for future cyberattacks on U.S. telecom firms. As cyber tensions rise, this incident highlights the intensifying focus on critical infrastructure in global cyber warfare.

More details: Reuters.

 

5. Italy’s privacy watchdog raps Intesa over data breach incident

Italy’s data protection authority has criticized Intesa Sanpaolo for downplaying a data breach involving thousands of clients, including Prime Minister Giorgia Meloni.

Although Intesa stated the impact was lower than reported, the authority emphasized the high risk to clients’ privacy and demanded customer notifications within 20 days. Intesa has responded by bolstering its security and control measures to prevent future breaches.

More details: Reuters

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information please contact us now!