This Week’s Top 5 Cybersecurity News Stories November 2024 | 05

Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small, as we look at threats from espionage to security flaws in every day devices:

 

1. Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

Advantech EKI industrial Wi-Fi access points face critical cybersecurity risks, with 20 vulnerabilities disclosed—six deemed critical. Attackers could exploit these flaws to execute code with root privileges, bypass authentication, or plant backdoors.

Exploits like XSS (CVE-2024-50376) enable remote access via rogue access points. Updated firmware mitigates these threats, underscoring the need for immediate patching and vigilance in industrial networks.

More details: The Hacker News

 

2. Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware

Cybercriminals are exploiting the popular Godot Engine in a new malware campaign, GodLoader, infecting over 17,000 systems since June 2024. By using Godot’s GDScript capabilities, attackers bypass antivirus detection to deliver malware across platforms, including Windows, macOS, and Linux.

Leveraging fake GitHub repositories and advanced evasion tactics, this campaign highlights growing threats to open-source platforms, urging stronger cybersecurity measures in the gaming and development ecosystem.

More details: The Hacker News

 

3. UK hospital network postpones procedures after cyberattack

The Wirral University Teaching Hospital (WUTH), a major NHS provider in the UK, has been hit by a cyberattack, forcing IT systems offline and causing delays in appointments, procedures, and emergency services.

Operating manually, the hospital faces significant disruption across its facilities. While the exact nature of the attack is unclear, recovery efforts are underway, highlighting the critical need for robust cybersecurity in healthcare.

More details: BleepingComputer.

 

4. Zello asks users to reset passwords after security incident

Push-to-talk app Zello, with 140 million users, is urging account holders who registered before November 2, 2024, to reset their passwords following a potential security breach.

While details remain unclear, the notice suggests unauthorized access to user credentials. This follows a similar breach in 2020. Users are advised to update passwords promptly and avoid reusing them across platforms to mitigate risks.

More details: BleepingComputer.

 

5. Starbucks faces disruptions following ransomware attack on software supplier

A ransomware attack on supply chain software provider Blue Yonder has disrupted operations for several major retailers, including Starbucks. The incident has affected Starbucks’ ability to manage employee schedules and process payroll, leading to manual tracking of work hours.

Despite these challenges, customer services remain unaffected. Blue Yonder is collaborating with cybersecurity firms to restore systems but has not provided a specific timeline for full recovery.

More details: Reuters

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information please contact us now!