This Week’s Top 5 Cybersecurity News Stories December 2024 | 03

Loading the Elevenlabs Text to Speech AudioNative Player...

Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small, as we look at threats from espionage to security flaws in every day devices:

 

1. Ongoing phishing attack abuses Google Calendar to bypass spam filters

Cybercriminals are exploiting Google Calendar and Google Drawings to bypass spam filters and steal credentials in a new phishing campaign.

Over 4,000 emails targeting 300 brands have been sent in just four weeks, according to Check Point. The scam leverages legitimate Google services to evade security checks, embedding malicious links in invites. Users are advised to scrutinize unexpected meeting requests.

More details: BleepingComputer

 

2. US considers banning TP-Link routers over cybersecurity risks

The U.S. government is investigating TP-Link routers for potential national security risks linked to cyberattacks.

With a 65% market share in the SOHO router market, TP-Link faces scrutiny for alleged price manipulation and involvement in Chinese-operated botnets. If confirmed, a ban could follow similar actions against Huawei and ZTE, further tightening restrictions on Chinese tech in U.S. infrastructure.

More details: BleepingComputer

 

3. Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency

Netflix has been fined €4.75 million by the Dutch Data Protection Authority for GDPR violations between 2018 and 2020.

The company failed to provide clear explanations about its data usage, retention policies, and third-party sharing. While Netflix has updated its privacy practices, the case highlights growing regulatory scrutiny, as similar fines target tech giants like Spotify and Meta over data protection lapses.

More details: The Hacker News

 

4. CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

CISA has added a critical vulnerability (CVE-2024-12356, CVSS 9.8) affecting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to its Known Exploited Vulnerabilities catalog.

The flaw allows unauthenticated attackers to execute commands as a site user. BeyondTrust patched affected cloud instances, but self-hosted users must update. The incident follows a cyberattack exploiting a SaaS API key to reset local account passwords.

More details: The Hacker News

 

5. Losses from crypto hacks jump to $2.2 bln in 2024, report says

Crypto hacks surged in 2024, with $2.2 billion stolen, a 21% increase from 2023, according to Chainalysis. The rise coincides with Bitcoin surpassing $100,000.

Key compromises on centralized platforms fueled the thefts, including $305M from Japan’s DMM Bitcoin and $235M from India’s WazirX. North Korea-linked hacks hit a record $1.3B, spotlighting crypto’s role in sanction evasion.

More details: Reuters

 

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information please contact us now!