👉 What’s the latest in the cyber world today?
Palo Alto, Firewall, Malware Backdoor, Tangem, Flaw, Private Keys, NFS Protocol, Remote File Access, Security Bypass, SpyMax, Uzbekistan, Fake Banking Application, Crypto Hackers, Job Scams, Malware, Theft, China, Hackers, US Treasury, API Key, Ford Motors, X Account, Pro-Palestine Posts, Italy, InfoCert, Breach, User Records, International Peace Center Hiroshima, Hacked, Website, Saratoga Harness Racing, Employee Information, Breach, US, Department of Health and Human Services, HIPAA, Security Rule, Japan, Cyber Defense Plans, Hospitals, Defense Firms, Telegram, Russia, State Media, European Union, Maritime Cybersecurity, Blockchain Bandit
Listen to the full podcast
🚨 Cyber Alerts
A suspected Chinese hacking group, UNC5325, has exploited vulnerabilities in Palo Alto Networks firewalls to deploy a custom malware backdoor, a variant of Littlelamb.Wooltea. The campaign began in November 2024, shortly after Palo Alto disclosed a medium-severity privilege escalation flaw, CVE-2024-9474, in its PAN-OS software. Exploiting this flaw, attackers downloaded a malicious file, bwmupdate, disguised as a legitimate logd file, enabling advanced functionalities such as file manipulation, shell access, and establishing SOCKS5 proxies.
Cryptocurrency wallet provider Tangem has resolved a critical security vulnerability in its mobile app that exposed users’ private keys through email logs. The issue, highlighted on December 29 by a Reddit user, revealed that private keys were being logged during wallet creation with a seed phrase and could be accessed by Tangem employees through support interactions. Tangem acknowledged the flaw on December 30, attributing it to a bug in the app’s log processing system, and confirmed that all logs containing sensitive data had been permanently deleted.
The Network File System (NFS) protocol, a widely used system for enabling remote file sharing across networks, has recently been found to contain significant security vulnerabilities that expose users to a range of risks. NFS, which allows users to access files on remote machines as though they were local, has become a staple in both enterprise and home networking environments. However, the protocol’s inherent security flaws make it a potential target for attackers looking to bypass authentication mechanisms and gain unauthorized access to sensitive data.
In late December 2024, a new and alarming cyberattack targeted mobile users in Uzbekistan, utilizing a sophisticated form of malware known as SpyMax, a remote access trojan (RAT) that was disguised as a fake Uzum Bank Android application. Uzum Bank, one of the leading digital banks in Uzbekistan, became the central focus of this malicious campaign, with attackers strategically exploiting the bank’s trusted and reputable brand to lure unsuspecting victims into downloading the harmful app.
Crypto hackers have recently devised a new method of tricking victims into downloading malicious software through fake job scams. Posing as recruiters from reputable crypto firms, the attackers offer high-paying roles, such as business development manager, with salaries ranging from $200,000 to $350,000. Instead of enticing victims to open malware-infested PDFs or video call software, the hackers instruct victims to fix a microphone and camera access issue.
💥 Cyber Incidents
Chinese hackers successfully compromised a cloud-based service operated by BeyondTrust, gaining remote access to U.S. Treasury Department workstations and unclassified documents. The breach, which was categorized as a “major cybersecurity incident,” was discovered on December 8, 2024, when BeyondTrust alerted the Treasury Department about a stolen key. This key allowed the threat actors to bypass security measures, remotely access Treasury workstations, and obtain sensitive data.
The official X account of Ford Motors was briefly hacked on December 30, 2024, with pro-Palestine posts appearing on the automaker’s account. The unauthorized posts, which expressed political messages unrelated to Ford’s usual content, raised concerns about the security of the company’s digital assets. The posts were swiftly deleted, but the incident sparked widespread attention across social media platforms.
InfoCert, a prominent digital identity provider in Italy, has confirmed a significant data breach involving 5.5 million user records, including 1.1 million phone numbers and 2.5 million email addresses. The breach, which occurred through an attack on a third-party supplier, did not involve any compromise of InfoCert’s own systems or user credentials for accessing its services. The stolen data was found for sale on a deep web forum for $1,500 on December 27, 2024.
The official website for the International Peace Center Hiroshima has recently fallen victim to a cyberattack, resulting in unauthorized access to the platform and the alteration of its pages. This breach has raised significant concerns about the integrity and security of the website, especially given the center’s role in promoting peace and global cooperation. In response to the incident, the website has been temporarily taken offline to allow for a thorough investigation and recovery process.
Saratoga Harness Racing, Inc. (SHR), located in Saratoga Springs, New York, has informed individuals of a potential data breach affecting certain employee information. The incident, which occurred between October 31 and November 1, 2024, involved unauthorized access to SHR’s network, limiting access to some files and systems. Although the full scope is still under investigation, the files accessed included sensitive employee data. SHR is taking necessary precautions and has initiated a thorough review of the incident to assess its impact.
📢 Cyber News
The Department of Health and Human Services (HHS) has announced proposed updates to the HIPAA Security Rule, marking the first significant changes since 2013. The proposed updates aim to strengthen cybersecurity in the healthcare sector by addressing rising concerns over breaches, particularly those involving ransomware and hacking. Key proposals include making all specifications under the rule mandatory, eliminating the distinction between “required” and “addressable” provisions.
Japan is expanding its cybersecurity initiatives to include national hospitals and the defense industry under a new public-private information-sharing framework. The government is considering implementing an “active cyber defense” system that would allow it to monitor, penetrate, and neutralize cyberattacks against critical sectors, including healthcare and defense. This proactive approach is aimed at ensuring the continuity of essential services and the security of sensitive information.
Telegram has blocked access to Russian state-owned media channels across several European countries, including Poland, Belgium, France, and Italy, due to violations of local laws. Affected outlets such as RIA Novosti, Izvestia, and NTV confirmed the blockages, with Telegram users in these regions seeing a message stating that the content was unavailable for legal reasons. Moscow has strongly condemned the action, labeling it political censorship and threatening retaliatory measures against international human rights organizations.
The Europe maritime cybersecurity market is poised for significant growth, with projections estimating it will reach $3.49 billion by 2033, up from $972.3 million in 2023. This surge is driven by the increasing reliance on digital technologies within the maritime sector, which has made shipping operations, port infrastructure, and regulatory frameworks more vulnerable to cyberattacks. As cyber threats become more sophisticated, the need for robust cybersecurity measures has grown, with risks ranging from financial losses to environmental damage and safety hazards.
The notorious hacker known as Blockchain Bandit has resurfaced after nearly two years of inactivity, transferring 51,000 Ether, worth approximately $172 million, into a single wallet. The hacker, who had previously accumulated the stolen Ether by guessing weak private keys between 2016 and 2018, moved the funds in batches of 5,000 Ether on December 30, 2024. This move follows an earlier period of dormancy, with the stolen funds last being moved in January 2023. Blockchain Bandit’s unique method of “Ethercombing” involved brute-forcing weak private keys, a technique that led to the theft of over 49,000 Ether.
Copyright © 2024 CyberMaterial. All Rights Reserved.
