Month in safety with Tony Anscombe – November 2024 version

Zero days below assault, a brand new advisory from ‘5 Eyes’, 1000’s of ICS models left uncovered, and obligatory MFA for all – it is a wrap on one other month full of impactful cybersecurity information

29 Nov 2024

As you would possibly count on, the world of cybersecurity continues to evolve at breakneck pace, a lot in order that maintaining with new threats, scams and information breaches is not any imply feat. November 2024 noticed no scarcity of impactful cybersecurity information – this is their roundup from ESET Chief Safety Evangelist Tony Anscombe:

• ESET’s discovery of two zero-day vulnerabilities in a number of Mozilla merchandise and in Home windows that have been focused by a zero-click exploit courtesy of a Russia-aligned group tracked as RomCom
• a joint advisory issued by the cybersecurity companies of the 5 Eyes intelligence alliance on the again of a surge in zero-day flaws
• Amazon’s confirming that employee data was compromised after an incident that affected a third-party supplier final yr and concerned the exploitation of a vulnerability in the MOVEit file switch device
• there aren’t any fewer than 145,000 internet-exposed industrial management programs (ICS) worldwide, web intelligence platform supplier Censys has found
• Google has announced that, beginning early subsequent yr, multi-factor authentication shall be obligatory on all Google Cloud accounts
• some excellent news to conclude the roundup – Jen Easterly, the top of the US’ Cybersecurity and Infrastructure Safety Company (CISA), said that there’s no evidence of any malicious exercise materially impacting the safety or integrity of the nation’s election infrastructure amid the latest presidential election

Be certain to additionally watch the October 2024 edition of Month in safety.

Join with us on Facebook, Twitter, LinkedIn and Instagram.