Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing – Cybersecurity News [December 23, 2024]
The year 2024 is ending, but unfortunately, cybercrime never ends. Criminals are always on the look out for innovative ways to scam user accounts and steal data. So, service providers have their tasks cut out and keep users in the loop about the various security measures they initiate. Microsoft has taken the lead in adopting greater transparency in cybersecurity matters. This week, we shall also discuss the various Google Support Services criminals use to launch cyberattacks. Finally, we round off 2024 and welcome the new year 2025 by listing cybersecurity trends users must watch out for to secure their credentials and prevent them from being compromised.
Microsoft Takes New Approach Towards Ensuring Transparency In Cybersecurity Matters
Every organization should display transparency in cybersecurity to infuse user confidence and trustworthiness. Microsoft has set an example by revealing that a critical vulnerability in Windows Defender could have resulted in a massive security breach. The company has identified this breach as CVE-2024-49071 in its security update guide. This vulnerability could have allowed unauthorized users to access confidential user credentials. However, exploiting it required the cybercriminal to have prior access to Windows Defender. Fortunately, nobody has exploited this vulnerability so far.
Microsoft has also advised users that they need not take any action. Microsoft has fixed the vulnerability. The critical aspect is that it reflects a new approach by Microsoft towards ensuring greater transparency in cybersecurity matters. Microsoft has followed this strategy since June 2024, when they notified users about cloud vulnerabilities even if they did not need corrective action. As far as the CVE-2024-49071 is concerned, Microsoft has confirmed that they have successfully mitigated the threat.
Google Chrome Users Must Update Their Browsers To Prevent Exposure To Serious Potential Attacks
Google recently released a security update for its Chrome browser that addresses several high-severity vulnerabilities that can allow unauthorized memory access and cause data breaches.
- CVE-2024-12692, a V8 JavaScript engine Type Confusion issue, can cause heap corruption in a crafted HTML page.
- CVE-2024-12693, an out-of-bounds Memory Access in V8, can allow malicious actors to access restricted memory areas.
- CVE-2024-12694, a vulnerability in the Composting component, can cause unexpected system crashes by accessing memory.
- CVE-2024-12695 is another critical vulnerability that cybersecurity criminals can exploit.
Users can easily update their Google Chrome browsers.
- Open Chrome and click the 3-dot menu.
- Click “Navigate to Help” followed by “About Google Chrome.”
- Chrome automatically checks for updates and installs the latest version.
- Users must restart Chrome to apply the changes.
Google emphasizes the importance of keeping browsers updated to prevent any untoward cybersecurity activity that could lead to potential data breaches. It has released the updated versions 131.0.6778.204 and .205 for Windows and macOS users, whereas the Linux version, 131.0.6778.204, will be rolled out soon.
Beware Of Google Calendar Phishing Techniques
With the new year around the corner, the use of Google Calendar increases as users start marking their schedules. It is a welcome trend, but users must be careful when they receive email requests resembling Google Calendar invitations. Researchers have found over 4000 examples of emails containing links to Google Forms, Google drawings, or Google Calendar files that present a counterfeit “Support Button” or reCAPTCHA, which can lead to users accessing a fraudulent crypto mining landing page used to steal user credentials and financial data. These tempting emails abuse legitimate Google services to bypass security scans and make users vulnerable to cyberattacks.
Cybersecurity experts advise users to take preventative measures by being careful with new calendar invitations. Google’s settings allow users to limit who can send calendar invitations. Implementing MFA to protect your accounts is another precautionary measure that can protect users from Google Calendar phishing techniques.
Cyber Criminals Use Google Support Services To Scam Users
Malicious actors have now started using Google Support Services to scam unsuspecting users. Generally, users trust Google Support Services, which sends alerts over Gmail whenever someone accesses their Google accounts from different locations. A firefighting professional from Seattle received a call from an official Google number (650-203-0000) convincing him to click “Yes” to a Google Support Services prompt on his mobile. Simultaneously, he received an email warning that someone had compromised his Gmail account in Germany. He found out that he was robbed of nearly $50K in cryptocurrencies. The concern is that this request was sent via Google Forms, a legitimate Google service used to send surveys and other communication.
Phishers use Google Forms to create security alerts, change the form’s settings, and automatically send the form to an email address included in the form. Attackers then send the form to themselves and fill it out by entering the victim’s email address instead of their own. Users can protect their accounts by syncing Google Authenticator to their Cloud account. Using unique passphrases for your email addresses and changing them frequently can safeguard users from phishing scams. Users can also enroll in Google’s free Advanced Protection Program, which has more extensive security features.
Cybersecurity Trends Users Must Watch Out For In 2025
The year 2024 is ending, and we are at the doorstep of 2025. The New Year is the time to make resolutions, and increasing cybersecurity awareness should be foremost on everyone’s mind. The digital world is evolving rapidly, and cybersecurity threats are surging forward tremendously. Everyone must understand the threat of AI-driven attacks, especially as cybercriminals innovate new methods to access systems and steal data.
- AI-powered phishing is a critical threat where malicious actors use machine learning to mimic trusted sources and entice users to give access to critical information. Therefore, traditional defenses are no longer enough to counter these innovative threats. Users must be more proactive and exercise greater flexibility.
- At the same time, ransomware has become more innovative, faster, and accurate.
- With more users adopting IoT and using new gadgets like thermostats and smart cameras, vulnerabilities have also increased. Therefore, securing IoT devices is crucial because one vulnerable, unsecured device can allow access to an entire network and cause a significant data breach.
The solution is that users must update their software, install the latest antivirus programs, and remain vigilant at all times.
We end this cybersecurity news bulletin by wishing all readers a happy and cyber-safe New Year 2025.