Cyber Security Newsletter

Cyber Security Newsletter

RSecurity RSecurity

RSecurity

Safeguard your business from data breaches with our comprehensive security product and extensive cybersecurity services.

发布日期: 2025年1月6日
+ 关注

In this month’s edition of RSecurity's Cybersecurity Insights, we dive deep into the evolving world of cyber threats and unveil key findings from our latest research, we provide organizations, executives, and policymakers with actionable intelligence to strengthen their cybersecurity strategies, mitigate risks, and stay ahead of adversaries in an ever-changing digital environment.

??? December 2024 Cybersecurity Recap: A Month in Review

The Cyber Threat Landscape this Month:

  • Total Attacks: 577 incidents across 122 countries
  • Primary Target Sectors: Manufacturing, Government, Financial Services
  • Data Exfiltrated: Over 120 terabytes

?? Hacker Groups and Attack Trends

Top Attackers of December

  • FunkSec: Responsible for 71 attacks, focusing on government and education sectors.
  • Kill Security: Launched 23 attacks, targeting US manufacturing and supply sectors.
  • Akira: Focused on financial breaches, especially in North America and Brazil.

Sector-Specific Statistics

  • Manufacturing Sector: Accounted for 15% of total attacks in December.
  • Critical Attacks: 20% of incidents were categorized as critical.
  • Data Stolen per Attack: On average, 42 terabytes per attack, indicating escalating sophistication.

?? Supply Chain Attack on Chrome Extensions

  • A phishing campaign compromised the Cyberhaven Chrome extension, targeting Facebook advertising accounts.
  • Attackers exfiltrated access tokens, user IDs, and bypassed 2FA through QR code scanning.
  • Other affected extensions: Internxt VPN, VPNCity, and more.
  • Cyberhaven quickly restored security by replacing the malicious extension.

??? Palo Alto Networks Zero-Day Patched

  • CVE-2024-3393, a DNS Security vulnerability, caused firewalls to reboot under Denial-of-Service (DoS) attacks.
  • Severity: High; Urgency: Moderate (exploitation limited to specific configurations).
  • Patches are available for PAN-OS versions 10.1.14-h8 and later.

?? BeyondTrust SaaS Breach

  • A compromised API key led to unauthorized password resets in the Remote Support SaaS platform.
  • Vulnerabilities CVE-2024-12356 (command injection) and CVE-2024-12686 were patched.
  • Investigation ongoing; impacted customers have been notified.

??Cisco DevHub Data Leak

  • Hacker IntelBroker leaked 2.9 GB of data from Cisco’s DevHub environment, claiming possession of 4.5 TB.
  • Data included JavaScript, Python code, certificates, and sensitive library files.
  • Cisco confirmed no breach of core systems but acknowledged public exposure due to misconfigurations.

??Critical Flaw in Cleo File-Transfer Software Under Active Exploitation ??

A critical vulnerability in Cleo’s file-transfer software is actively being exploited, posing a major risk to organizations relying on the tool for secure data transmission.

  • Exploited Vulnerability: Attackers can gain unauthorized access or execute commands on affected systems.
  • Impact: The flaw affects multiple Cleo products, potentially leading to data theft and system compromise.
  • Urgent Response: Cleo has released a security patch to fix the issue.
  • Action Required: Users are urged to update immediately to the latest version and monitor systems for any signs of exploitation.

?? Google’s Willow Chip Accelerates Need for Post-Quantum Cryptography

Google's Willow chip, unveiled on December 9, 2024, represents a major leap in quantum computing. Willow can solve a problem in under five minutes that would take classical supercomputers 10 septillion years.

  • Breakthrough Performance: Willow solves a problem in under 5 minutes that would take classical supercomputers 10 septillion years.
  • Quantum Error Correction: Willow features a breakthrough in error correction, enabling more qubits with reduced noise.
  • Industry Impact: Sets Willow apart from competitors like IBM’s Osprey and brings us closer to large-scale, fault-tolerant quantum systems.
  • Future Urgency: While fully operational quantum computers are years away, the progress signals the urgent need for post-quantum cryptography.

?? Iranian Hackers Use IOCONTROL Malware to Target OT, IoT Devices in US and Israel

Iranian state-sponsored hacking group CyberAv3ngers, linked to Iran’s IRGC, has been using IOCONTROL malware to target IoT and operational technology (OT) devices in critical infrastructure sectors, primarily in the US and Israel.

Key incidents include attacks on industrial control systems (ICS), causing disruptions like a two-day water outage in Ireland.

Malware Details:

  • Targeted Devices: IP cameras, routers, SCADA systems, PLCs, HMIs, and firewalls from vendors like D-Link and Hikvision.
  • Functionality: IOCONTROL uses the MQTT protocol for command and control, allowing attackers to execute code, perform port scans, and move laterally.
  • Notable Attack: In October 2023, CyberAv3ngers disrupted gas pumps in Israel, targeting Orpak Systems.

The US government is offering a $10 million reward for information on CyberAv3ngers. Claroty has shared malware samples and IoCs to help defend against further attacks.

??390,000+ WordPress Credentials Stolen via Malicious GitHub Repository

A malicious GitHub repository hosting a WordPress tool has been used to steal over 390,000 credentials.

  • Malicious Repository: "Yet Another WordPress Poster (yawpp)" hosted a malicious npm package "@0xengine/xmlrpc."
  • Exfiltrated Data: Stolen data included WordPress credentials, SSH keys, and AWS access keys.
  • Threat Actor: The attack is linked to MUT-1244, targeting security researchers, pentesters, and offensive actors.
  • Attack Methods: Fake GitHub repos, phishing emails, and backdoored configuration files.
  • Duration: The malicious package was active for over a year and downloaded 1,790 times before being removed in late 2024.

Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts?

Meta Platforms faces a €251 million fine for a 2018 data breach that impacted 29 million Facebook accounts worldwide.

  • Breach Details: Exploited a bug in Facebook’s “View As” feature, leading to exposure of personal data (names, emails, phone numbers, children’s info).
  • GDPR Violation: Meta failed to notify users in time, document the breach, and ensure data protection during system design.
  • Regional Impact: 3 million EU and EEA users affected.
  • Previous Penalties: This follows a €91 million fine for storing passwords in plaintext in 2019.

QNAP Patches Critical Vulnerabilities: Urgent Update Required

?QNAP Systems has issued urgent updates to address critical vulnerabilities in their QTS and QuTS Hero operating systems, uncovered during the 2024 Pwn2Own Ireland competition. These vulnerabilities, including CVE-2024-50393 and CVE-2024-48868, both with a critical CVSS score of 8.7, allow remote command execution and HTTP header manipulation, posing severe risks to system security.?

The patches are available in the following versions:?

  • QTS 5.1.9.2954 build 20241120?

  • QTS 5.2.2.2950 build 20241114?

  • QuTS Hero h5.1.9.2954 build 20241120?

  • QuTS Hero h5.2.2.2952 build 20241116?

Additionally, the updates address CVE-2024-48865 (CVSS 7.3) affecting certificate validation and CVE-2024-48863 (CVSS 7.7) in the License Center, which also risks remote command execution.?

These vulnerabilities could lead to data theft, unauthorized access, or system compromise if left unpatched, making immediate action critical for organizations relying on QNAP NAS devices for sensitive data and critical operations.?


?? Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day

Microsoft has released an urgent patch for the CLFS vulnerability (CVE-2024-49138), actively exploited in the wild with a CVSS score of 7.8/10. The vulnerability allows attackers to gain SYSTEM privileges via a heap-based buffer overflow, requiring no user interaction or high privileges.

This issue is part of a series of vulnerabilities in the CLFS subsystem, which has seen at least 25 documented issues over the last five years. To address the risk, Microsoft plans to implement HMAC to secure CLFS log files from unauthorized modifications.

Other Key Updates:

  • CVE-2023-44487: A rapid reset attack exploiting HTTP/2 in DoS campaigns.
  • CVE-2024-49112: A critical LDAP remote code execution vulnerability (CVSS score: 9.8/10). Microsoft advises temporarily disconnecting domain controllers from the internet as a mitigation.
  • Additional patches for Windows Hyper-V, Remote Desktop Services, MSMQ, and the Muzic AI project.

Microsoft has patched over 1,000 vulnerabilities in 2024, including 27 zero-day attacks targeting Windows.

?? Cyber Attack Summary: Key Insights

  • Akira's Dominance: Akira was responsible for 39% of attacks in December, primarily targeting manufacturing and service sectors in the US.
  • Sector Trends: 20% of all attacks targeted the manufacturing sector, highlighting its vulnerability to cybercriminals.
  • Geographical Hotspots: The USA suffered the most, with 103 ransomware incidents (46% of global attacks).
  • Data Exfiltration: In total, 22 terabytes of data were stolen across the month, reflecting the significant scale of breaches.

?? December Insights & Recommendations

Emerging Trends

  1. Increased Supply Chain Exploits: A notable rise in attacks targeting third-party platforms and plugins.
  2. Critical Infrastructure Under Attack: Manufacturing and utilities sectors are facing heightened cyber threats.
  3. Global Targeting Patterns: North America and Europe remain primary hotspots for cybercriminal activity.

Actionable Measures

  • Enhance endpoint security to block unauthorized access and lateral movement.
  • Review third-party integrations to reduce supply chain vulnerabilities.
  • Invest in proactive monitoring of critical infrastructure and DNS traffic.
  • Enable multi-layered backups to mitigate the impact of data exfiltration.


?? Top Cybersecurity Podcasts This Month?

  1. "CISO Series - Cybersecurity News" This episode covers recent security breaches, including an attack on a Massachusetts hospital and insights on Recall and Blue Yonder. CISO Series Series - Link to the podcast by Steve Prentice??
  2. "Tanya Janca on Secure Coding & AI in Cybersecurity" Tanya Janca discusses the importance of secure coding practices and AI's growing role in cybersecurity. Security Boulevard? - Link to the podcast by Tom Eston??
  3. "Cybersecurity Readiness Podcast - Milestone Episode" Celebrating 10,000 downloads, Dr. Dave Chatterjee explores key aspects of cybersecurity readiness with global experts. Business Insider Insider - Link to the podcast by Dr. Dave Chatterjee, Ph.D.??
  4. "When AI Goes Offline - CyberWire Daily Podcast" A fascinating dive into the risks and consequences of AI systems going offline across various sectors. N2K | CyberWire - Link to the podcast by Dave Bittner??
  5. "Hacktivists Target Australian Websites" This podcast explores the implications of a recent widespread hacking campaign targeting Australian websites. Cyber Daily - Link to the podcast?


?? Final Thoughts?

The cybersecurity landscape is constantly evolving, with new threats emerging daily. At RSecurity, we remain dedicated to providing actionable intelligence and cutting-edge solutions to help you stay ahead of adversaries.?

Stay Safe and Secure — The cyber threat landscape is continuously evolving!

?

Cyber Security Newsletter Cyber Security Newsletter

Cyber Security Newsletter

501 位关注者

订阅

要查看或添加评论,请登录

RSecurity的更多文ç«