This Week’s Top 5 Cybersecurity News Stories December 2024 | 02

Loading the Elevenlabs Text to Speech AudioNative Player...

Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small, as we look at threats from espionage to security flaws in every day devices:

 

1. New stealthy Pumakit Linux rootkit malware spotted in the wild

Pumakit, a newly discovered Linux rootkit, uses advanced stealth and privilege escalation techniques to evade detection. Found in a suspicious binary upload, it operates as a multi-component malware with kernel and userland rootkits.

Targeting Linux kernels below 5.7, Pumakit manipulates system behavior, hides processes, and communicates with attackers via a userland component. Elastic Security offers detection tools, underscoring its threat to critical infrastructure and enterprise systems. Read more for insights into its infection chain and stealthy operations.

More details: BleepingComputer

 

2. Hunk Companion WordPress plugin exploited to install vulnerable plugins

Hackers are exploiting a critical flaw in the Hunk Companion WordPress plugin (CVE-2024-11972), enabling the installation of outdated, vulnerable plugins from the WordPress repository.

This attack chain leads to severe threats like remote code execution (RCE) and SQL injection. Despite a patch in version 1.9.0, over 8,000 sites remain exposed. Update now to secure your site!

More details: BleepingComputer

 

3. Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

Microsoft’s December Patch Tuesday wraps up 2024 with fixes for 72 vulnerabilities, including the actively exploited CVE-2024-49138 in CLFS, allowing SYSTEM-level privilege escalation. The updates address critical flaws in Windows LDAP (CVE-2024-49112, CVSS 9.8) and other key systems.

With NTLM exploitation rampant, Microsoft pushes legacy authentication deprecation, promoting secure-by-default measures like Kerberos and EPA. Read on for full details!

More details: The Hacker News

 

4. Krispy Kreme says cybersecurity incident is impacting online orders in US

Krispy Kreme has reported unauthorized activity on its IT systems, disrupting U.S. online orders since November 29. The company is investigating with cybersecurity experts but expects a material financial impact due to lost digital sales.

Despite the setback, stores remain open for in-person orders. Shares fell 2% in premarket trading following the announcement.

More details: Reuters

 

5. Senators say US must boost security after Chinese Salt Typhoon telecom hacking

U.S. senators are calling for urgent action following “Salt Typhoon,” a Chinese hacking campaign targeting American telecom firms. Described as the largest telecom hack in U.S. history, it exposed vulnerabilities in networks and stole vast metadata.

Proposals include mandatory cybersecurity certifications for telecoms and funding for removing insecure Chinese-made equipment. With calls for both defensive and offensive measures, the debate highlights a growing cybersecurity imperative.

More details: Reuters

 

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information please contact us now!