Daily Cyber Intel Brief: 11/22/2024

Today: Chinese Hackers - Palo Alto Firewalls - BianLian Ransomware - ONNX Phishing - Fortinet VPN - NodeStealer Malware

No one has time to sift through dozens of websites for critical cybersecurity insights. That’s why I developed a better solution-it’s automated, curated, and FREE.

Get the critical updates you need as a cybersecurity professional or business leader without the time drag or hassle.

Designed for efficiency, I pinpoint the most critical cybersecurity events security professionals and business leaders need to know, and I publish them every business day by 9 AM CT for you.

As a Bayesian Cyber Risk Quantification Scientist, I specialize in quantifying cybersecurity risks into measurable, data-driven insights using advanced Bayesian statistics and Bayesian Network modeling. By applying rigorous probabilistic analysis, I help organizations quantify cyber threats in financial terms, prioritize resource allocation, model return on control investments, and make strategic decisions within a complex threat landscape. With thirty years of experience in the financial industry, I bridge compliance and regulatory requirements with actionable, data-driven intelligence, enabling leadership to make higher-resolution decisions and maximize the impact of their investments.

In just one to two minutes, you’ll determine if the latest cybersecurity developments require further attention, allowing you to stay informed without losing valuable time.

Subscribe to receive automated notifications and stay ahead of critical developments — NO SPAM, just concise, relevant updates delivered directly to your inbox.

You can connect with me on LinkedIn and join my professional network.

11/22/2024 — New Cybersecurity Updates

Chinese hackers target Linux with new WolfsBane malware — A new Linux backdoor called ‘WolfsBane’ has been discovered, believed to be a port of Windows malware used by the Chinese ‘Gelsemium’ hacking group. Source

Over 2,000 Palo Alto firewalls hacked using recently patched bugs — Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerabilities. Source

2,000 Palo Alto Firewalls Compromised via New Vulnerabilities — The number of internet-exposed Palo Alto firewalls is dropping, but 2,000 have been compromised, according to Shadowserver Foundation. Source

Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign — As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under active exploitation in the wild. Source

CISA says BianLian ransomware now focuses only on data theft — The BianLian ransomware operation has shifted its tactics, becoming primarily a data theft extortion group, according to an updated advisory from the U.S. Cybersecurity & Infrastructure Security Agency, the FBI, and the Australian Cyber Security Centre. Source

Microsoft disrupts ONNX phishing-as-a-service infrastructure — Microsoft has seized 240 domains used by customers of ONNX, a phishing-as-a-service (PhaaS) platform, to target companies and individuals across the United States and worldwide since at least 2017. Source

Microsoft Disrupts ONNX Phishing Service, Names Its Operator — Microsoft has seized 240 phishing-related websites and has disrupted the ONNX service, which the company says is run by an Egyptian man. Source

Fortinet VPN design flaw hides successful brute-force attacks — A design flaw in the Fortinet VPN server’s logging mechanism can be leveraged to conceal the successful verification of credentials during a brute-force attack without tipping off defenders of compromised logins. Source

Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks — Meta Platforms, Microsoft, and the U.S. Department of Justice (DoJ) have announced independent actions to tackle cybercrime and disrupt services that enable scams, fraud, and phishing attacks. Source

Google’s AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects — Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. Source

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data — Threat hunters are warning about an updated version of the Python-based NodeStealer that’s now equipped to extract more information from victims’ Facebook Ads Manager accounts and harvest credit card data stored in web browsers. Source

400,000 Systems Potentially Exposed to 2023’s Most Exploited Flaws — VulnCheck finds hundreds of thousands of internet-accessible hosts potentially vulnerable to 2023’s top frequently exploited flaws. Source

Get notified when I publish new articles so you don’t miss the latest cybersecurity updates. I never share your email address; your subscription only sends you notifications when I publish new articles.

Copyright: Copyright ? 2024 Tim Layton & Associates, LLC. All rights reserved. All information and content on this website are protected by copyright and may not be reproduced, distributed, or transmitted in any form without prior written permission from Tim Layton & Associates, LLC.

Originally published at https://timlaytonllc.com on November 22, 2024.