Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Thursday, December 26, 2024. I'm Steve Prentiss, State Department's Disinformation Office to close after funding terminated Congressional lawmakers have excluded any new funding for the office responsible for fighting global disinformation beyond this year. Known as the Global Engagement center, it actually lost its authority on December 24 despite a concerted push by state officials to lobby Congress for an extension. This has proven to be a source of frustration given the increasing activities of nation states delivering misinformation to countries around the world, especially where elections are occurring. Pittsburgh Regional Transit suffers ransomware attack this attack, which was first detected on December 19, caused disruptions to public transportation, including on some parts of the city's river rail service and some rider services overall, according to the record, IT officials at PRT are still examining whether data was stolen and have pledged to provide public updates as the investigation evolves. End quote. The agency has declined to answer questions about what group was behind the attack and when full service would be restored. Another Mirai botnet targets NVRS and TP link routers this particular botnet is actively exploiting a remote code execution vulnerability that has not received a tracker number and appears to be unpatched in Digi ever DS2105Pro NVRS. This attack campaign started in October. It seeks out network video recorders and TP link routers that have outdated firmware. The vulnerability exploited to compromise Digi Ever nvrs is a remote code execution flawless. Compromised devices are then used to conduct distributed Denial of Service attacks or to spread to other devices by leveraging exploit sets and credential lists. End quote Critical SQL injection vulnerability in Apache traffic control demands urgent patch According to the Hacker News, the Apache Software foundation has shipped security updates to address a critical security flaw in traffic control that could allow an attacker to execute arbitrary structured query language commands in the database. This vulnerability has a CVSS rating of 9.9. Consequently, users are recommended that they update their instances to the latest versions of the software as soon as possible. Thanks to today's episode's sponsor, ThreatLocker. Do zero day exploits and supply chain attacks keep you up at night? Well, worry no more. You can harden your security with ThreatLocker. ThreatLocker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation are fully supported by their US based support team. To learn more about how ThreatLocker can keep your organization running efficiently and protected from ransomware, visit threatlocker.com that is thr eat locker.com North Korean hackers seen using new tools on employees of nuclear related organization According to Kaspersky, this campaign has been attributed to the Lazarus group and occurred earlier this year using an array of malware, including newly identified tools. The attack on the unnamed nuclear organization involved what was referred to as alarming twists on their usual approaches, including a complex infection chain that included multiple types of malware such as Downloader, Loader and Backdoor, demonstrating the group's evolved delivery and improved persistence methods. End quote Charming Kitten deploys C malware According to another report from Kaspersky, the hacking group based out of Iran has been observed deploying a C variant of unknown malware called Bella Tiao. This new version, named Bella cpp, was found inside a system in Asia that had also been infected with the Bella Qiao malware. Unlike Bella Qiao, Bella CPP does not use a web shell to upload and download arbitrary files, as well as to run commands. This new variant represents one of many custom malware families that the Charming Kitten actor has developed. Ruyi Network's cloud platform flaws could expose devices to remote attacks researchers at clarity, I.e. c L A R O T Y discovered the flaws they say affect both the RUI platform that is spelled R U I J I E as well as Ruyi OS network devices. If exploited, they could allow a malicious attacker to execute code on any cloud enabled device, giving them the ability to control tens of thousands of devices. Of the 10 vulnerabilities discovered by Clarity, three are rated critical in severity, with CVSS scores of 9.4, 9.8 and also 9.8. The organization's research also found that it would be easy to break MQTT authentication by knowing a device's serial number, which could subsequently exploit access to Ruoyi's MQTT broker in order to receive a full list of all cloud connected devices serial numbers. European Space Agency's official store hacked to steal payment cards this hack occurred at the agency's official online merchandise store and included a malicious script that sought to collect customer information, including payment card data provided at the final stage of a purchase. E commerce security company Sansec noticed the malicious script on December 23 and warned that the store appeared to be integrated with ESA's systems, which could pose a risk to the agency's employees. The web store is currently unavailable, showing a message that it is temporarily out of orbit for some exciting renovations. Remember to subscribe to the ciso series on YouTube. We are always hosting relevant interviews, interesting demos on the latest platforms, and snippets from our upcoming shows. Plus, you can catch our Week in Review show live on YouTube each and every Friday at 3:30pm Eastern, where you can not only get some context for the week's news, but chat along with your fellow viewers. Just search for ciso series on YouTube to find us. I'm Steve Prentiss reporting for the CISO series.