Sunday 17th November 2024

Good morning I hope you're all having a great weekend and thank you for joining me for the latest instalment of Cyber Daily.

Today's edition is covering stories ranging from Palo Alto Networks grappling with an exploited zero-day vulnerability to Fortinet’s unresolved VPN flaw becoming a playground for cybercriminals, it’s a strong reminder that no system is untouchable. And if you thought dark-web masterminds had retired, one Ohio man just learned the hard way that Bitcoin mixing is not a get-out-of-jail-free card.

Enjoy!

Palo Alto Networks’ Critical Firewall Exploit: What You Need to Know

Palo Alto Networks has flagged a new zero-day vulnerability in its PAN-OS firewall management interface, which has already been actively exploited in the wild. This critical flaw (CVSS score: 9.3) allows unauthenticated remote command execution and doesn’t require user interaction—meaning the threat is severe.

Malicious activity has been traced to specific IP addresses, though Palo Alto Networks cautions these could include legitimate traffic via third-party VPNs. Attackers are exploiting the flaw to install web shells on compromised devices, giving them persistent remote access.

To reduce risk, the company advises restricting access to the management interface to trusted IPs, which can drop the severity to “high” (CVSS score: 7.5). However, patches are still in the works, making immediate defensive actions critical.

This comes amid active exploits of unrelated flaws in the company’s Expedition toolset. Prisma Access and Cloud NGFW products remain unaffected.

Dark-Web Mixer Operator Sentenced for Bitcoin Laundering

Larry Dean Harmon, 41, the mastermind behind the Grams dark-web search engine and Helix cryptocurrency mixer, has been sentenced to three years in prison for laundering over 354,000 bitcoins—worth a staggering $32 billion in today’s terms.

Harmon’s Helix service was designed to obfuscate the origins of cryptocurrency by pooling and swapping Bitcoin transactions. This made it a go-to for dark-web markets, including Alphabay, which Harmon partnered with in 2016.

His downfall began in 2020 when he was arrested and charged with money laundering. Authorities seised his assets, including over 4,400 Bitcoins, and fined him $60 million. Adding insult to injury, his brother Gary stole 712 of the seised Bitcoins, only to be caught and sentenced himself.

This case marks a turning point as regulators eye stricter oversight of crypto mixers, aiming to curb cybercrime and illicit financial activities.

Crypto’s anonymity edge is eroding as law enforcement continues to clamp down on money-laundering networks.

Fortinet VPN Vulnerability Exploited by BrazenBamboo Hackers

A cyber threat actor, BrazenBamboo, has weaponised a zero-day flaw in Fortinet’s FortiClient for Windows to steal VPN credentials. Disclosed by Volexity, this exploit is part of BrazenBamboo’s DEEPDATA malware framework, a sophisticated post-exploitation tool capable of gathering sensitive data from compromised devices.

The attack relies on a plugin in DEEPDATA that extracts VPN credentials from the FortiClient memory, leveraging an unpatched vulnerability. Fortinet was informed of the issue in July 2024, but a fix has yet to be released. This flaw is one of many tools in BrazenBamboo’s arsenal, which includes:

- DEEPPOST: A tool for data exfiltration to remote endpoints.

- LightSpy: Malware targeting macOS, iOS, and Windows for surveillance, with plugins for webcam recording, keystroke logging, and more.

Linked to China-based APT41, BrazenBamboo’s tools demonstrate advanced capabilities, likely supporting governmental operators. Their consistent use of modular, multi-platform spyware highlights the growing sophistication of cyber espionage.

As this vulnerability remains unresolved, securing VPN credentials and monitoring communication platforms is critical.