Facebook Owner Hit With €251 Million Fine for 2018 Data Breach
Meta, Facebook's parent company, has been fined €251 million ($264 million) by Ireland’s Data Protection Commission (DPC) for a 2018 breach that exposed 29 million accounts, including 3 million in Europe. Hackers exploited the "View As" feature to steal access tokens, enabling unauthorized control of accounts. The breach marked a major test of the EU’s General Data Protection Regulation (GDPR), underscoring the consequences of lax data protection. Meta plans to appeal the decision. Read the full report here.
CISA Seeks Public Comment on Updated National Cyber Incident Response Plan
The Cybersecurity and Infrastructure Security Agency (CISA) is inviting public feedback on its updated National Cyber Incident Response Plan (NCIRP) until January 15, 2025. The draft emphasizes lessons learned from past breaches, outlines roles for federal and private stakeholders, and proposes strategies for responding to critical cyber incidents. This move aims to fortify public-private collaboration in the face of evolving threats. Submit your feedback via the Federal Register.
Hacker Sentenced to 69 Months for SQL Injection and Credit Card Theft
A New York-based hacker, Vitalii Antonenko, has been sentenced to nearly six years in prison for using SQL injection attacks to steal payment card data from networks. The stolen data, laundered via cryptocurrency, targeted sectors such as hospitality and scientific research. Antonenko’s arrest underscores the ongoing danger of unpatched vulnerabilities and poor input validation in web applications. Full details here.
Organizations Warned of Increased Okta Support-Themed Phishing Attacks
Okta has alerted businesses about a surge in phishing attacks impersonating its support team. Threat actors are targeting enterprises using social engineering tactics to compromise user credentials. The company recommends verifying support communications and refraining from sharing sensitive information like MFA tokens. As AI-generated phishing grows, vigilance is critical. Read more here.
CISA and FBI Warn of Exploited Adobe ColdFusion and Windows Flaws
The CISA added two actively exploited vulnerabilities—CVE-2024-20767 (ColdFusion) and CVE-2024-35250 (Windows Kernel)—to its Known Exploited Vulnerabilities list. Both flaws allow attackers to gain unauthorized access or escalate privileges. Federal agencies must address these by January 6, 2025, as proof-of-concept exploits circulate widely. Read more on CISA's alert.
Texas Tech University Ransomware Attack Impacts 1.4 Million People
Texas Tech University’s Health Sciences Center suffered a ransomware attack in September, exposing data from 1.4 million individuals. The stolen records include personal information, health data, and financial details. The Interlock ransomware group claimed responsibility, continuing a troubling trend of attacks on healthcare and education sectors. Learn more here.
Android Zero-Day Exploited in Spyware Campaigns, Amnesty Links Cellebrite
Amnesty International has uncovered a spyware campaign targeting journalists in Serbia, enabled by a zero-day exploit in Qualcomm-based Android devices. The spyware, NoviSpy, is linked to Israeli firm Cellebrite, whose forensic tools allegedly facilitated infections during police encounters. The findings raise concerns about the misuse of mobile forensic technologies. Read the full Amnesty report here.
Hackers Use Microsoft Teams and AnyDesk to Deploy DarkGate Malware
A social engineering campaign leveraging Microsoft Teams has been observed deploying DarkGate malware, a powerful tool for credential theft, keylogging, and remote access. Attackers use Teams calls to trick users into installing AnyDesk, bypassing security protocols. Organizations are advised to enforce MFA, restrict remote tools, and train employees to recognize phishing tactics. Full analysis here.
FBI Warns of HiatusRAT Exploiting IoT Devices
The FBI has issued a warning about the HiatusRAT malware, which is targeting IoT devices like web cameras and DVRs through vulnerabilities and default credentials. Known flaws such as CVE-2017-7921 are being exploited to gain remote access. Organizations are urged to patch systems, enforce strong password policies, and implement network segmentation. More details here.
CrowdStrike Survey: GenAI Platforms Favored by 80% of Security Leaders
According to CrowdStrike’s 2024 State of AI in Cybersecurity Survey, 80% of security leaders prefer platform-integrated GenAI tools over standalone solutions. GenAI is seen as a game-changer for threat detection, analyst productivity, and breach prevention. Tools like CrowdStrike’s Charlotte AI exemplify this trend toward unified, purpose-built technologies. Read the survey here.
Hackers Exploit Tax Lures in Pakistan Using Malicious MSC Files
A phishing campaign targeting Pakistan has used tax-themed lures to deliver malware via Microsoft MSC files. The files disguise malicious JavaScript, enabling attackers to establish backdoors on compromised systems. The campaign, tracked as FLUX#CONSOLE, exemplifies the growing sophistication of file-based attacks. Full story here.
Rooftop Solar Boom Raises Cybersecurity Concerns
With 100 million households expected to adopt rooftop solar by 2030, experts warn about the potential for poorly secured systems to expose power grids to cyberattacks. A surge in IoT vulnerabilities and insufficient regulatory oversight could pose risks to global energy infrastructure. Read more on energy security.
Pennsylvania Representative Proposes Cybersecurity Bill for Water Utilities
Rep. Chris Deluzio has introduced the Water Authority Cybersecurity Protection Act, allocating $25 million to help water utilities strengthen their defenses. The move comes after a 2023 Iranian-linked attack on Pennsylvania’s Municipal Water Authority, highlighting the sector’s vulnerabilities. Learn about the bill here.
Rhode Island Auditor General Warns About Cybersecurity Vulnerabilities
Rhode Island’s cybersecurity vulnerabilities have been laid bare as Gov. Dan McKee revealed that the personal information of hundreds of thousands of residents could be exploited by cybercriminals. This crisis didn’t come as a surprise to state officials, however, as the Auditor General had repeatedly flagged deficiencies in state systems for years. Reports dating back several years, including the most recent one sent to the General Assembly in April 2024, highlighted inadequate resources for managing complex operations, such as RIBridges—the benefits system operated by Deloitte.
State and federal agencies, including the FBI and Rhode Island State Police, are now involved in damage control. Gov. McKee emphasized the urgency of keeping all stakeholders informed while ensuring a coordinated response. The incident underscores the importance of heeding audit warnings and investing in robust cybersecurity measures to safeguard sensitive data. For more on this story, visit WJAR.
RCE Vulnerability in 1,000,000 WordPress Sites Lets Attackers Gain Control Over Backend
A critical Remote Code Execution (RCE) vulnerability (CVE-2024-6386) affecting the WordPress Multilingual Plugin (WPML) has left over 1,000,000 websites at risk. This flaw, rooted in a Server-Side Template Injection (SSTI) within the Twig template engine, allowed attackers to execute arbitrary code. Despite a CVSS score of 9.9, the patch took 62 days to materialize after discovery, raising questions about the handling of critical vulnerabilities.
Security researcher "stealthcopter" discovered the flaw in WPML’s shortcode blocks, where malicious payloads could be injected. Exploiting this, attackers could access sensitive data, execute terminal commands, and manipulate server files. Although the vulnerability has been patched, WordPress users must update to the latest WPML version immediately.
This incident highlights the need for proactive security measures, faster patch rollouts, and better compensation for ethical researchers. Learn more about the vulnerability and mitigation steps at WPScan.
CISA Warns of Adobe & Windows Kernel Driver Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities to its Known Exploited Vulnerabilities Catalog. These include an Adobe ColdFusion access control flaw (CVE-2024-20767) and a Windows Kernel-Mode Driver vulnerability (CVE-2024-35250). Both vulnerabilities allow attackers to gain unauthorized access or execute code with elevated privileges.
Federal agencies have been directed to remediate these vulnerabilities by prescribed deadlines under the Binding Operational Directive (BOD) 22-01. CISA also encourages private organizations to act proactively. For details, visit CISA.
Azure Data Factory and Apache Airflow Integration Flaws Expose Write Access Risks
Researchers uncovered significant flaws in the Azure Data Factory’s Apache Airflow integration, dubbed “Dirty DAG.” These vulnerabilities could allow attackers to gain unauthorized write permissions, manipulate DAG files, and compromise Azure Kubernetes Service (AKS) clusters.
The misconfigurations in Kubernetes Role-Based Access Control (RBAC) and Azure’s Geneva service handling enable attackers to escalate privileges, exfiltrate data, and deploy malware. Microsoft has downplayed the findings but acknowledged that isolated cases require attention. Organizations using Azure Data Factory should enforce strict RBAC policies and regularly audit configurations. Read the full report from Palo Alto Networks.
CISA Orders Federal Agencies to Secure Their Cloud Environments
CISA has mandated federal agencies to adhere to Secure Cloud Business Applications (SCuBA) standards to improve cloud security. This directive, born out of lessons from the SolarWinds breach, requires compliance by mid-2025. Agencies must implement stricter configurations, improve monitoring, and align with SCuBA toolkits provided by Microsoft and Google.
Though primarily targeting federal agencies, CISA urges private organizations to adopt similar standards to safeguard cloud environments. Full details are available at CISA.
Cisco to Acquire SnapAttack to Bolster Splunk’s Threat Detection Capabilities
Cisco has announced its acquisition of SnapAttack, a threat detection company specializing in lifecycle management of detection content. The move aims to enhance Splunk, Cisco’s premier SIEM platform, with SnapAttack’s advanced detection engineering and AI capabilities.
This acquisition underscores Cisco’s commitment to transforming SecOps with predictive intelligence and faster response capabilities. For a detailed analysis, visit Cisco Newsroom.
Affordable Cybersecurity Solutions for Small Businesses
Small businesses often face significant cybersecurity risks but lack the budget for enterprise-grade solutions. Affordable measures, such as deploying anti-virus software, enabling MFA, conducting regular backups, and using cloud services like Google Drive or Microsoft Azure, can provide robust protection. Additionally, free resources from organizations like CISA and SBA offer valuable tools to enhance security posture. Learn more about cost-effective strategies at CISA and SBA.
CS2AI and Radiflow Release Inaugural OT Cybersecurity Technology Report
The 2024 OT Cybersecurity Technology Report from CS2AI and Radiflow provides actionable insights for managing OT and ICS environments. Based on surveys of 350 industry professionals, the report emphasizes enhancing legacy system security, improving network visibility, and fostering provider-client partnerships.
This comprehensive analysis serves as a decision-support tool for OT managers navigating complex cybersecurity challenges. Access the full report at CS2AI.
Automotive Cybersecurity Market to Reach $13.94 Billion by 2031
The automotive cybersecurity market is projected to grow at a CAGR of 18.18%, reaching $13.94 billion by 2031. Key drivers include increasing demand for endpoint security and ADAS systems in connected vehicles. Leading players such as Argus Cyber Security are spearheading innovation in this space.
For detailed insights into market trends, visit Coherent Market Insights.