This Week’s Top 5 Cybersecurity News Stories November 2024 | 03

Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small, as we look at threats from espionage to security flaws in every day devices:

 

1. Amazon confirms employee data breach after vendor hack

Amazon has confirmed a data breach impacting over 2.8 million employees, with data stolen during the May 2023 MOVEit attacks now leaked online.

A third-party vendor was compromised, exposing employee names, contact details, and office locations, though no sensitive data like Social Security numbers or financial information was accessed. This attack is part of a larger MOVEit campaign affecting global organizations.

More details: Bleeping Computer

 

2. Microsoft says recent Windows 11 updates break SSH connections

Microsoft has confirmed that October’s Windows security updates are causing SSH connection failures on some Windows 11 22H2 and 23H2 systems.
Enterprise, IoT, and education users are primarily affected, with manual fixes required until a permanent solution is rolled out.

Microsoft is actively investigating and plans to release a patch soon. Meanwhile, fixes for fingerprint sensor freezes have been successfully deployed.

More details: Bleeping Computer

 

3. Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

A newly patched Windows NTLM flaw (CVE-2024-43451) has been exploited as a zero-day by a suspected Russia-linked actor targeting Ukraine. Triggered by minimal interaction with malicious URL files, this vulnerability enables NTLMv2 hash theft for pass-the-hash attacks.

Delivered via phishing emails from a compromised Ukrainian server, the attack chain downloads Spark RAT malware, underscoring growing cyber threats in conflict zones.

More details: The Hacker News.

 

4. Iranian Hackers Use “Dream Job” Lures to Deploy SnailResin Malware in Aerospace Attacks

Google’s latest Chrome update addresses two serious vulnerabilities: an “out-of-bounds write” in Dawn (CVE-2024-10487) and a “use after free” in WebRTC (CVE-2024-10488), which could lead to remote code execution and memory exploitation.

Users should update Chrome immediately via the “About Google Chrome” section to protect against these threats, underscoring the importance of timely software updates in cybersecurity.

More details: The Hacker News.

 

5. German interior minister warns of cyber threat ahead of elections

With snap elections on the horizon, Germany is ramping up defenses against cyberattacks and disinformation campaigns, particularly from Russia.

Interior Minister Nancy Faeser emphasized the urgency to protect democracy in the digital realm, citing hybrid threats from foreign actors. As political tensions rise following the collapse of Olaf Scholz’s coalition, cybersecurity takes center stage to safeguard the electoral process.

More details: Reuters

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information please contact us now!