This Week’s Top 5 Cybersecurity News Stories January 2025 | 01
Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small, as we look at threats from espionage to security flaws in every day devices:
1. New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy
The U.S. Department of Justice finalized a rule to enforce Executive Order 14117, safeguarding Americans’ sensitive data from misuse by adversarial nations like China, Russia, and others. The rule targets bulk data transactions involving personal, biometric, health, and financial details, addressing risks like espionage and AI misuse.
Effective in 90 days, it emphasizes security without restricting research or broader trade.
Read more here: The Hacker News
2. Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics
The U.S. Treasury has sanctioned Iranian and Russian entities for meddling in the 2024 presidential election through disinformation, cyberattacks, and deepfake campaigns. Iran’s IRGC-linked Cognitive Design Production Center and Russia’s GRU-backed Center for Geopolitical Expertise led efforts to destabilize U.S. democracy.
Sanctions target individuals and organizations using advanced AI and covert operations.
Read more here: The Hacker News
3. New DoubleClickjacking attack exploits double-clicks to hijack accounts
A newly discovered web attack called DoubleClickjacking exploits double-click timing to bypass traditional clickjacking defenses, tricking users into authorizing sensitive actions. Developed by cybersecurity expert Paulos Yibelo, the method uses a cleverly disguised second-click prompt, such as a captcha, to redirect clicks onto hidden legitimate buttons.
This approach can compromise accounts, authorize plugins, or manipulate web3 transactions, affecting platforms like Shopify, Slack, and even browser extensions.
Read more here: BleepingComputer
4. Malware botnets exploit outdated D-Link routers in recent attacks
Two botnets, Ficora and Capsaicin, are targeting outdated or end-of-life D-Link routers using known vulnerabilities like CVE-2015-2051 and CVE-2024-33112. Ficora, a Mirai variant, spreads globally with DDoS capabilities, while Capsaicin, linked to the Keksec group, launched a focused burst of attacks in East Asia.
Both exploit D-Link’s HNAP weaknesses for malicious control. Secure your devices with updated firmware, strong passwords, and restricted remote access.
Read more here: BleepingComputer
5. Japan Airlines systems back to normal after cyberattack delayed flights
Japan Airlines (JAL) has resumed normal operations after a cyberattack disrupted ticket sales and caused some flight delays. The attack, which began by shutting down a malfunctioning router, did not result in data leaks or virus damage.
Meanwhile, rival ANA reported no issues, and American Airlines faced a separate network hardware glitch, grounding flights briefly on Christmas Eve.
Read more here: Reuters
At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.
For more information please contact us now!