News

Blog

Friday, October 18th, 2024

Cybersecurity Week in Review (18/10/24)

Are Irish businesses ready for new EU cybersecurity rules? 

New EU cybersecurity rules are due to come into force in the coming days which could have major implications for Government bodies and businesses. The NIS2 Directive is a continuation and expansion of the previous EU cybersecurity directive, NIS.

Source: https://www.rte.ie/news/business/2024/1012/1475023-eu-cybersecurity-rules-analysis/ 

Cyber resilience act: Council adopts new law on security requirements for digital products 

The Council of the EU adopted today a new law on cybersecurity requirements for products with digital elements with a view to ensuring that products, such as connected home cameras, fridges, TVs, and toys, are safe before they are placed on the market (cyber resilience act).  

Source: https://www.consilium.europa.eu/en/press/press-releases/2024/10/10/cyber-resilience-act-council-adopts-new-law-on-security-requirements-for-digital-products/  

99% of UK Businesses Faced Cyber Attacks in the Last Year 

Nearly all businesses with at least 2,000 employees were breached by cyber attackers in the last 12 months, a new report has found. The biggest risk factor, cited by 46%, was remote and hybrid workers. 

Source: https://www.techrepublic.com/article/xalient-breach-report/ 

Google Pays Out $36,000 for Severe Chrome Vulnerability 

Google on Tuesday announced a fresh Chrome browser update that addresses 17 vulnerabilities, including 13 security defects reported by external researchers. 

The most severe of the externally reported bugs is CVE-2024-9954, a high-risk use-after-free defect in AI, for which Google handed out a $36,000 bug bounty reward. 

Source: https://www.securityweek.com/google-pays-out-36000-for-severe-chrome-vulnerability/  

Over 200 malicious apps on Google Play downloaded millions of times 

Google Play, the official store for Android, distributed over a period of one year more than 200 malicious applications, which cumulatively counted nearly eight million downloads. 

The data was collected between June 2023 and April 2024 by threat intelligence researchers at Zscaler, who identified and analyzed malware families both on Google Play and other distribution platforms. 

Source: https://www.bleepingcomputer.com/news/security/over-200-malicious-apps-on-google-play-downloaded-millions-of-times/ 

American Water Reconnects Its Network Taps After Cyber Incident 

American Water, the largest regulated water and wastewater utility company in the US, is now reconnecting its infrastructures, after taking its systems offline due to a cybersecurity incident it reported on Oct. 7. 

Source: https://www.darkreading.com/cyberattacks-data-breaches/american-water-reconnects-network-taps-cyber-incident 

Cisco investigates breach after stolen data for sale on hacking forum 

Cisco has confirmed that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum. 

This statement comes after a well-known threat actor named “IntelBroker” said that he and two others called “EnergyWeaponUser and “zjj” breached Cisco on October 6, 2024, and stole a large amount of developer data from the company. 

Source: https://www.bleepingcomputer.com/news/security/cisco-investigates-breach-after-stolen-data-for-sale-on-hacking-forum/  

TrickMo malware steals Android PINs using fake lock screen 

Forty new variants of the TrickMo Android banking trojan have been identified in the wild, linked to 16 droppers and 22 distinct command and control (C2) infrastructures, with new features designed to steal Android PINs. 

Source: https://www.bleepingcomputer.com/news/security/trickmo-malware-steals-android-pins-using-fake-lock-screen/  

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. 

Source: https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-in.html  

Iranian hackers now exploit Windows flaw to elevate privileges 

The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region. 

Source: https://www.bleepingcomputer.com/news/security/oilrig-hackers-now-exploit-windows-flaw-to-elevate-privileges/  

Smarttech247

Contact Us

The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.

    Copyright Smarttech247 - 2021