This Week’s Top 5 Cybersecurity News Stories November 2024 | 04

Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small, as we look at threats from espionage to security flaws in every day devices:

 

1. Google’s AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

Google’s AI-driven fuzzing tool, OSS-Fuzz, has uncovered 26 vulnerabilities in open-source software, including a decades-old flaw in OpenSSL (CVE-2024-9143). By using AI-generated fuzz targets, Google improved code coverage across hundreds of C/C++ projects.

This milestone highlights AI’s growing role in automated vulnerability detection and the company’s commitment to safer coding practices, such as adopting Rust and enhancing C++ security mechanisms.

More details: The Hacker News

 

2. Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Threat actors are exploiting a new technique, dubbed “Ghost Tap,” to steal funds using NFC technology at scale.
By leveraging mobile banking malware to hijack payment credentials and relay tap-to-pay data via tools like NFCGate, criminals make anonymous purchases worldwide.

This method bypasses fraud detection and scales quickly, posing a significant challenge to financial institutions and retailers.

More details: The Hacker News

 

3. Helldown ransomware exploits Zyxel VPN flaw to breach networks

The new ‘Helldown’ ransomware targets Zyxel firewalls to infiltrate corporate networks, steal data, and encrypt devices. Using vulnerabilities like CVE-2024-42057, it exploits outdated firmware to gain access.

Helldown, linked to 28 victims globally, publishes large data dumps on its extortion portal. Although its methods lack sophistication, its rapid growth and exploitation of private exploits present significant challenges.

More details: BleepingComputer.

 

4. Now BlueSky hit with crypto scams as it crosses 20 million users

As BlueSky surpasses 20 million users, cryptocurrency scammers are targeting the decentralized platform, leveraging fake giveaways and misleading posts to lure victims.
Scammers exploit BlueSky’s decentralized nature to host dubious content on third-party instances, complicating moderation efforts.

While BlueSky pledges to tackle scams and spam, its growing popularity highlights the challenges of balancing user freedom with safeguarding against malicious activity.

More details: BleepingComputer.

 

5. Security plugin flaw in millions of WordPress sites gives admin access

A critical vulnerability, CVE-2024-10924, has been found in the WordPress plugin Really Simple Security (formerly Really Simple SSL), potentially exposing over 3.5 million websites to takeover attacks.

The flaw bypasses authentication when two-factor authentication (2FA) is enabled, allowing remote attackers to gain admin access. Administrators must update to version 9.1.2 immediately to secure their sites from this severe threat.

More details: BleepingComputer

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information please contact us now!