Summary of Today's Cybersecurity News | November 14 2024

Top 3 stories I deem important for the public and cybersecurity community to know today in a quick easy to listen to format. Stay vigilant my friends.

1. Google Warns of New Online Scam Tactics and Strengthens Security
Google reports a rise in sophisticated online scams, with tactics like "cloaking" to bypass detection and deepfake impersonations for fraudulent schemes. Google has rolled out new security features, including scam detection for calls and alerts for malicious apps, blocking over 5.5 billion harmful ads in 2023. Partnering with global organizations, Google aims to curb online fraud and keep users informed. Stay updated to avoid falling victim to these new threats!

2. New Lazarus Group Malware Hides in macOS Metadata
Researchers have discovered "RustyAttr," a malware by the Lazarus Group, designed to evade macOS detection by hiding in hidden file metadata, or Extended Attributes. Using the Tauri framework, the malware launches decoy files to mislead users while staying invisible to antivirus scans. This stealthy malware is a reminder to keep macOS security features enabled and avoid files from unknown sources. Stay vigilant!

3. New Windows Zero-Day Vulnerability Exploited in Attacks Against Ukraine
A newly patched Windows zero-day vulnerability, CVE-2024-43451, allows attackers to steal user credentials with minimal interaction, such as right-clicking a file. Used by suspected Russian threat actors in phishing attacks against Ukrainian targets, this flaw connects to an attacker’s server and downloads further malware. Microsoft has issued a patch—update now to stay secure.