LEMON BLOG

The Highlights of 2024 Cybersecurity Incidents 2024 wasn't just another year in tech—it was a year that tested Malaysia's digital resilience. From a spike in ransomware to high-profile data breaches and a landmark cybersecurity law, it's clear that cyber threats are no longer something we can afford to ignore.So let's unpack what really happened, using real stats and some straight talk—because understanding this stuff isn't just for IT folks anymore.

Deepfake scams are back in the spotlight—this time with some pretty high-profile faces being misused. The Royal Malaysia Police (PDRM) has uncovered five new deepfake videos tied to investment scams, and one of them features none other than Prime Minister Anwar Ibrahim.

Prime Minister Datuk Seri Anwar Ibrahim has called on local cybersecurity professionals to work hand-in-hand with the government to enhance Malaysia's digital defense systems. Speaking during the National Cyber Security Meeting (No. 1/2025) held on Tuesday, he stressed the importance of building a more comprehensive cybersecurity ecosystem through local expertise.

If you're running VMware ESXi, Workstation, or Fusion, it's time to pay attention—because attackers sure are. Broadcom just rolled out security updates to patch three actively exploited vulnerabilities, and it turns out over 40,000 VMware ESXi instances are at risk.

A major security vulnerability has been uncovered in the Veeam Updater component, a key part of various Veeam backup solutions. This flaw, identified as CVE-2025-23114, could allow hackers to execute malicious code on affected servers by launching a Man-in-the-Middle (MitM) attack. If successfully exploited, attackers could potentially gain root-level access, putting sensitive data and critical systems at risk.

Cybersecurity researchers have uncovered a serious vulnerability lurking in the Windows Common Log File System (CLFS). If exploited, this flaw could allow attackers to gain full SYSTEM-level control over your computer. Sounds scary, right? Well, it is. This zero-day vulnerability has been labeled CVE-2024-49138 and has even made it onto the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) list—meaning it's actively being used by hackers.

The misuse of technology, including cyber threats and digital fraud, has the potential to create an entirely new form of corruption, warned Malaysian Anti-Corruption Commission (MACC) chief commissioner Tan Sri Azam Baki. 

Cybercriminals have found a new way to break through two-factor authentication (2FA), a security feature once thought to be one of the most effective defenses against unauthorized access. Using a sophisticated phishing kit called Astaroth, hackers can now intercept login credentials and authentication codes in real time, putting accounts at serious risk.

Picture this: You're sipping your coffee, committing code like a boss, and—boom!—your credentials are silently waltzing into the hands of hackers. Sounds like a nightmare, right? Well, this almost happened to millions of developers thanks to some sneaky vulnerabilities in Git tools. 

The modern workplace has experienced a profound shift in recent years, with hybrid work becoming standard practice and businesses rapidly embracing cloud-based Software-as-a-Service (SaaS) applications to support this new paradigm. Applications like Microsoft 365 and Google Workspace now serve as the cornerstone of business operations, driving seamless collaboration and productivity. However, this growing reliance on SaaS solutions has also attracted an increase in cyberthreats, putting critical business data at risk from attacks like ransomware and phishing.

The F5 ASM (Application Security Manager) appliance is a robust and comprehensive solution for protecting web applications against a wide range of security threats. As part of the F5 BIG-IP platform, ASM serves as a specialized web application firewall (WAF) designed to safeguard applications from OWASP Top 10 vulnerabilities, bots, DDoS attacks, and other sophisticated cyber threats. Here's a breakdown of its key features, performance, and overall value: 

Kaspersky, a global cybersecurity firm, identified and prevented 27.9 million web threats in Malaysia in 2024, marking a 4% increase compared to 2023. Based on the latest Kaspersky Security Network report, Malaysia currently holds the 30th position globally for web threats. "This data highlights the urgent need to strengthen cybersecurity measures to safeguard both individuals and businesses in the nation," the company stated on Monday.

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication protocol designed to protect domain owners from email spoofing and phishing attacks. It builds on two existing standards, SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), to provide domain owners with the ability to specify how unauthenticated emails should be handled. DMARC also provides reporting capabilities that allow domain owners to monitor email traffic and take appropriate action against unauthorized email use.

Changing the default Remote Desktop Protocol (RDP) port on Windows is a critical step in enhancing the security of your system. By default, RDP listens on port 3389, which is widely known and targeted by malicious actors. Automated bots and hackers continuously scan networks for open default ports like this, looking for vulnerable systems to exploit. Altering the default port creates an additional layer of security, making it significantly harder for attackers to locate and target your RDP service.

In a startling development, my website, Lemon-Web.net, has reportedly been hacked. The breach has caused a stir among its visitors, raising concerns about online security and the importance of safeguarding digital assets.