VideoThis month in security with Tony Anscombe — November 2024 edition==================================================================Zero days under attack, a new advisory from ‘Five Eyes’, thousands of ICS units left exposed, and mandatory MFA for all — it’s a wrap on another month filled with impactful cybersecurity news [](/en/our-experts/editor/ ‘Editor’) [**Editor**](/en/our-experts/editor/ ‘Editor’)29 Nov 2024 As you might expect, the world of cybersecurity continues to evolve at breakneck speed, so much so that keeping up with new threats, scams and data breaches is no mean feat. November 2024 saw no shortage of impactful cybersecurity news — here’s their roundup from ESET Chief Security Evangelist [Tony Anscombe](https://www.welivesecurity.com/en/our-experts/tony-anscombe/):* ESET’s discovery of [two zero-day vulnerabilities](https://www.welivesecurity.com/en/eset-research/romcom-exploits-firefox-and-windows-zero-days-in-the-wild/) in several Mozilla products and in Windows that were targeted by a zero-click exploit courtesy of a Russia-aligned group tracked as RomCom* a [joint advisory](https://www.cisa.gov/sites/default/files/2024-11/aa24-317a-2023-top-routinely-exploited-vulnerabilities.pdf) issued by the cybersecurity agencies of the Five Eyes intelligence alliance on the back of a surge in zero-day flaws* Amazon’s confirming that [employee data was compromised](https://www.theregister.com/2024/11/12/amazon_moveit_breach/) after an incident that affected a third-party provider last year and involved the exploitation of a [vulnerability in the MOVEit](https://www.welivesecurity.com/2023/06/23/what-to-know-about-the-moveit-hack-week-in-security-with-tony-anscombe/) file transfer tool* there are no fewer than 145,000 internet-exposed industrial control systems (ICS) worldwide, internet intelligence platform provider [Censys has found](https://go.censys.com/rs/120-HWT-117/images/2024SOTIR.pdf)* Google has [announced](https://cloud.google.com/blog/products/identity-security/mandatory-mfa-is-coming-to-google-cloud-heres-what-you-need-to-know) that, starting early next year, multi-factor authentication will be mandatory on all Google Cloud accounts* some good news to conclude the roundup — Jen Easterly, the head of the United States’ Cybersecurity and Infrastructure Security Agency (CISA), [said that there’s no evidence](https://www.cisa.gov/news-events/news/statement-cisa-director-easterly-security-2024-elections) of any malicious activity materially impacting the security or integrity of the country’s election infrastructure amid the recent presidential electionMake sure to also watch the [October 2024 edition](https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-october-2024-edition/) of Month in security.Connect with us on [Facebook](https://www.facebook.com/eset), [Twitter](https://twitter.com/ESET), [LinkedIn](https://www.linkedin.com/company/eset/) and [Instagram](https://www.instagram.com/eset/). *** ** * ** ***Let us keep youup to date—————————–Sign up for our newsletters Ukraine Crisis newsletter Regular weekly newsletter Subscribe #### Related Articles*** ** * ** ***[VideoBootkitty marks a new chapter in the evolution of UEFI threatsVideoBootkitty marks a new chapter in the evolution of UEFI threats](/en/videos/bootkitty-new-chapter-uefi-threats/ ‘Bootkitty marks a new chapter in the evolution of UEFI threats’) *** ** * ** ***[VideoFirefox and Windows zero days chained to deliver the RomCom backdoorVideoFirefox and Windows zero days chained to deliver the RomCom backdoor](/en/videos/zero-click-exploit-abusing-firefox-windows-zero-days/ ‘Firefox and Windows zero days chained to deliver the RomCom backdoor’) *** ** * ** ***[VideoESET APT Activity Report Q2 2024–Q3 2024: Key findingsVideoESET APT Activity Report Q2 2024–Q3 2024: Key findings](/en/videos/eset-apt-activity-report-q2-2024-q3-2024-key-findings/ ‘ESET APT Activity Report Q2 2024-Q3 2024: Key findings’) ### Similar Articles[ESET researchRomCom exploits Firefox and Windows zero days in the wild](/en/eset-research/romcom-exploits-firefox-and-windows-zero-days-in-the-wild/ ‘RomCom exploits Firefox and Windows zero days in the wild’)*** ** * ** ***[Less TechnicalDoes data stolen in a data breach expire?](/2021/04/08/does-data-stolen-data-breach-expire/ ‘Does data stolen in a data breach expire?’)*** ** * ** ***[VideoWhat to know about the MOVEit hack — Week in security with Tony Anscombe](/2023/06/23/what-to-know-about-the-moveit-hack-week-in-security-with-tony-anscombe/ ‘What to know about the MOVEit hack – Week in security with Tony Anscombe’)*** ** * ** ***### Share Article[](https://www.facebook.com/sharer/sharer.php?u=https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-november-2024-edition/ ‘Facebook’) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-november-2024-edition/ ‘LinkedIn’) [](https://twitter.com/intent/tweet?url=https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-november-2024-edition/ ‘Twitter’) [](mailto:?&subject=I wanted you to see this site&body=https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-november-2024-edition/ ‘mail’) [](https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-november-2024-edition/ ‘copy’)  ### Discussion
Related Tags:
NAICS: 519 – Web Search Portals
Libraries
Archives
Other Information Services
NAICS: 333 – Machinery Manufacturing
NAICS: 92 – Public Administration
NAICS: 922 – Justice
Public Order
Safety Activities
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 51 – Information
NAICS: 928 – National Security And International Affairs
M1032 – Multi-factor Authentication
Blog: ESET We Live Security
Associated Indicators: