Top 5 Cybersecurity News Stories January 24, 2025

Loading the Elevenlabs Text to Speech AudioNative Player...

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. LinkedIn accused of using private messages to train AI

A California lawsuit alleges that LinkedIn Premium shared users’ private messages with third parties to train AI models without proper consent. It claims that in August last year, LinkedIn automatically enrolled users in a data-sharing program and later altered its privacy policy to conceal this action.

LinkedIn denies the accusations, stating the claims are baseless. The suit seeks $1,000 per affected user for violations of federal and state laws.

Read more here: BBC

2. PowerSchool data breach a ‘statewide issue,’ more than 300,000 teachers had SS number exposed

Over 300,000 North Carolina teachers had their Social Security numbers exposed in a recent PowerSchool data breach, affecting millions nationwide, including students. The breach compromised sensitive information like grades and attendance.

PowerSchool is collaborating with law enforcement, while educators call for better security measures such as unique IDs and multi-factor authentication. North Carolina is transitioning to a new platform, Infinite Campus, for the 2024-25 school year.

Read more here: yahoo! News

3. Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits

An evaluation by Eclypsium revealed multiple security flaws in three Palo Alto Networks firewalls (PA-3260, PA-1410, PA-415), including known vulnerabilities like BootHole and insecure firmware configurations.

These issues could allow attackers to bypass Secure Boot and modify firmware. Palo Alto denies active exploitation, asserts their PAN-OS is secure, and is developing firmware updates. Experts stress the need for rigorous security measures.

Read more here: The Hacker News

4. Hundreds of fake Reddit sites push Lumma Stealer malware

Hackers are launching nearly 1,000 fake Reddit and WeTransfer websites to distribute the Lumma Stealer malware. These counterfeit pages mimic legitimate platforms by replicating discussion threads and file-sharing interfaces.

When users click the download link, they are directed to malicious sites hosting the malware. Lumma Stealer can steal sensitive information like browser-stored passwords and session tokens, posing significant security risks.

Read more here: BleepingComputer

5. Telegram captcha tricks you into running malicious PowerShell scripts

Threat actors are exploiting news of Ross Ulbricht’s pardon by creating fake X accounts to lure users to malicious Telegram channels. These channels trick victims into running PowerShell commands disguised as verification steps, leading to malware infections like Lumma Stealer and Cobalt Strike.

This new “Click-Fix” tactic mimics CAPTCHA systems, aiming to steal data and enable ransomware attacks. Users are warned not to execute unknown scripts.

Read more here: BleepingComputer

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information please contact us now!