SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories: 

SonicWall device exposure

Bishop Fox has scanned the web for SonicWall devices and found over 430,000 unique instances that expose at least one interface to the internet. An analysis showed that more than 119,000 of these devices are affected by critical and high-severity vulnerabilities.

Dragos Q3 2024 ransomware report

Industrial cybersecurity firm Dragos has released its ransomware report for the third quarter of 2024. The company has identified several new ransomware groups targeting industrial organizations. Manufacturing remained the most impacted industry. 

McDonald’s hacking

A researcher has found API flaws in the McDonald’s McDelivery system in India. The vulnerabilities could have been exploited to order anything from the menu for 1 cent, steal other people’s deliveries, obtain information associated with orders, and obtain driver information. The issues were reported to McDonald’s India in July and they were patched in September. The researcher was rewarded with a $240 Amazon gift card.

Mobile spyware found on Amazon Appstore

McAfee researchers came across a piece of Android malware on Amazon’s Appstore. The malware, described by the security firm as spyware, appears to be under development. The sample analyzed by McAfee, disguised as a simple health app, was capable of stealing incoming SMS messages and other data. Amazon removed the malware from the Appstore shortly after it was notified. 

$2.2 billion stolen from cryptocurrency platforms in 2024

According to a new report from blockchain analysis firm Chainalysis, the total amount of funds stolen from cryptocurrency platforms in 2024 increased by roughly 21.07% year-over-year, to $2.2 billion. The number of hacking incidents increased from 282 in 2023 to 303 in 2024.

Threat actor uses phishing and trojanized GitHub repos to steal credentials

DataDog has conducted an analysis of a threat actor it has named MUT-1244, which leverages phishing and trojanized GitHub repositories to obtain credentials and other sensitive data. One trojanized GitHub project named ‘Wawpp’ has been used to steal over 390,000 credentials associated with WordPress accounts. From some victims — which include pentesters, security researchers and malicious actors — the attackers obtained SSH private keys and AWS access keys. 

Google shuts down thousands of accounts used in coordinated influence operations

Google’s Threat Analysis Group (TAG) identified and shut down thousands of accounts in the fourth quarter of 2024 for being used in coordinated influence operations. The operations were linked to Moldova, Iran, Russia, Ghana, Azerbaijan, Bangladesh, and China. Google disrupted the campaigns by terminating YouTube channels, domains pushed to Google News, and AdSense accounts. 

US may ban TP-Link routers over China cybersecurity concerns

The US government is considering banning Chinese-made TP-Link routers due to potential risks to national security, the Wall Street Journal reported. A probe was launched after TP-Link routers were tied to cyberattacks. The Commerce, Defense and Justice departments have launched separate investigations into the company, and a ban may be announced as early as next year.

Netflix gets €4.75 million fine in Europe for GDPR violations 

The Dutch Data Protection Authority (DPA) has ordered Netflix to pay a fine of €4.75 million ($4.93 million) for GDPR violations. Specifically, Netflix has been accused of failing to clearly inform customers about what type of information is collected and what the streaming giant does with it. The DPA said Netflix objected to the fine, but has yet to appeal the decision.

Experimental malware kills ICS processes 

A Forescout analysis of malware found on engineering workstations revealed the existence of an experimental piece of malware, named Chaya_003, which is designed to terminate ICS processes associated with the Siemens TIA portal. The malware, which terminates other types of processes as well (Microsoft Office apps and browsers), may have been developed by individuals located in Spain and Belgium. 

Related: In Other News: Cloudflare Abuse, UK and EU Cybersecurity Reports, FBI Gen-AI Alert

Related: In Other News: Gen Digital Makes $1B Buy, Recall Captures Sensitive Data, MITRE ATT&CK Evaluations