Top 5 Cybersecurity Updates: Last Week's Key Highlights in the Digital Sphere

1. Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware?Hackers have been creating fake websites that look like popular video call services like Google Meet, Skype, and Zoom since December 2023 to spread harmful software. These fake sites trick people into downloading malware that can steal personal information from computers and Android phones. The harmful software includes Remote Access Trojans (RATs) that let hackers control affected devices remotely. Additionally, new malware named WogRAT is targeting computers and uses a free online notepad service to hide its malicious activities. Cybercriminals are also using phishing campaigns , which involve fake emails and QR codes, to steal company logins and commit fraud.? ? ?
2. Human vs. Non-Human Identity in SaaS?In the world of online software services (SaaS) , there's a big focus on keeping human users' data safe. However, there are also many "non-human" accounts, like apps and automated systems, that can access these services. These non-human accounts can be less secure because they don't get as much attention, making them easy targets for hackers. They can do things like read calendars or transfer data between applications without being noticed. To keep everything secure, companies are using special tools to manage and keep an eye on these non-human accounts just like they do with human ones, ensuring they only have access to what they need and no more.?
3. ?Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets?Microsoft announced that Russian hackers , called Midnight Blizzard, broke into their systems in January 2024 and stole some of their source code and information meant to be secret between Microsoft and its customers. The hack started with a password guessing attack on a test account that didn't use extra security steps like multi-factor authentication. Microsoft has contacted customers who were affected but hasn't shared many details about what was stolen. They've said they're working on making their security stronger, especially after noticing a big increase in hacking attempts by the same group. This group is known for being very skilled and has targeted big companies before.?
4. CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability?The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned about a serious security issue in JetBrains TeamCity software that hackers are currently taking advantage of. This problem lets hackers get into the system without needing a password and take full control. JetBrains has fixed this issue and another less severe one that could also let hackers see some information or change things on the server. Because of the risk, all users are urged to update their software quickly to stay safe, especially since some hackers are already using this flaw to cause trouble, including spreading ransomware.?
5. Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks?Hackers are attacking WordPress sites by adding harmful code that uses visitors' browsers to try breaking into other WordPress sites. This code tries lots of common or stolen passwords to get into these sites. Over 700 websites have been found with this issue so far. The hackers’ goal seems to have shifted from stealing cryptocurrency to using these brute-force attacks to gain unauthorized access to websites, which they can then use for various harmful purposes. This is part of a bigger trend of hackers finding creative ways to break into websites and cause damage.?WordPress sites by adding harmful code that uses visitors' browsers to try breaking into other WordPress sites. This code tries lots of common or stolen passwords to get into these sites. Over 700 websites have been found with this issue so far. The hackers’ goal seems to have shifted from stealing cryptocurrency to using these brute-force attacks to gain unauthorized access to websites, which they can then use for various harmful purposes. This is part of a bigger trend of hackers finding creative ways to break into websites and cause damage.?

?