Top 5 Cybersecurity News Stories January 17, 2025
Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small as we look at threats from espionage to security flaws in everyday devices:
1. European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
Austrian privacy nonprofit noyb has filed complaints in Austria, Belgium, Greece, Italy, and the Netherlands against companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi for violating EU data protection laws by transferring user data to China.
noyb is demanding an immediate halt to these transfers, citing risks of Chinese government access. Additionally, the U.S. FTC has taken action against General Motors and GoDaddy for data misuse and security failures, while also strengthening privacy rules to protect children’s online data.
Read more here: The Hacker News
2. Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Cybersecurity experts have identified a new malvertising campaign targeting Google Ads users. The scheme involves fake Google Ads that redirect victims to fraudulent login pages, aiming to steal credentials and two-factor authentication codes. Stolen data is then used to hijack accounts, push more malicious ads, and sold on underground forums.
Active since November 2024, the campaign employs advanced evasion techniques. Google is actively investigating and removing such fraudulent ads, but the threat continues as attackers refine their methods to exploit the ad network.
Read more here: The Hacker News
3. FTC sues GoDaddy for years of poor hosting security practices
The Federal Trade Commission (FTC) has ordered GoDaddy to enhance its security by implementing HTTPS APIs and mandatory multi-factor authentication (MFA). This settlement addresses GoDaddy’s failure since 2018 to secure its hosting services, which led to multiple breaches affecting millions of customers.
The FTC criticized GoDaddy for lacking standard security practices like software updates, threat monitoring, and network segmentation. As part of the agreement, GoDaddy must establish a robust security program, prohibit misleading security claims, and undergo biennial independent security reviews to protect consumer data effectively.
Read more here: BleepingComputer
4. FBI warns agents of call log thefts by hackers, Bloomberg News reports
FBI leaders have warned that a last year’s breach of AT&T’s public safety system likely exposed months of agents’ call and text logs, endangering confidential informants’ identities. The hack affected all FBI devices using AT&T’s services, revealing agents’ mobile numbers and their communication patterns.
Although the content of communications wasn’t accessed, the data could link investigators to their sources. AT&T collaborated with law enforcement to address the breach, highlighting ongoing concerns about cyber-espionage targeting U.S. telecom networks.
Read more here: Reuters
5. Phishing texts trick Apple iMessage users into disabling protection
Cybercriminals are exploiting a loophole in Apple iMessage’s phishing protection by tricking users into re-enabling disabled links. iMessage blocks links from unknown senders to prevent smishing, but attackers persuade users to reply or add the sender, which reactivates the links.
Recent scams include fake USPS and unpaid toll messages asking users to reply “Y” to unlock malicious links. This tactic not only disables protection but also signals targets for future attacks. Users are advised to ignore such messages and verify directly with the companies involved.
Read more here: BleepingComputer
At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.
For more information please contact us now!