π Whatβs trending in cybersecurity today?
Chinese Hackers, Salt Typhoon, US, Telecom Networks, Venom Spider, RevC2, Venom Loader, Malware Campaign, Backdoor, Private Keys, Solana, npm Library, Google Chrome, Type Confusion, Remote Code Execution, Veeam, Critical Flaw, FBI Nominee, Kash Patel, Sensitive Communications, PIH Health, Ransomware Attack, DXPLOIT, Hacktivist Group, Australia, Onestep Disability Services, Chemonics International, Breach, Pembina Trails School Division, Cyberattack, Federal Trade Commission, Data Brokers, Location Data, Europol, MATRIX, Australia, Sender ID, Register, SMS Scams, Apple, Employee, Monitoring, Sixgen, Kyrus
Listen to the full podcast
π¨Β Cyber Alerts
1.Β Chinese Hackers Persist in Telecom Networks
The U.S. government has revealed that Chinese hacking group Salt Typhoon continues to linger within the networks of major American telecommunications providers, weeks after the breach was first disclosed. Companies including AT&T, Verizon, and Lumen Technologies (formerly CenturyLink) remain affected, while T-Mobile claims to have largely repelled the attackers. Cybersecurity officials suspect the groupβs activities are linked to espionage, with evidence suggesting they targeted U.S. officials, presidential candidates, and wiretap systems potentially monitoring Chinese nationals under U.S. surveillance.
2.Β Venom Spider Unveils New Malware Arsenal
Venom Spider, also known as GOLDEN CHICKENS, continues to evolve its Malware-as-a-Service (MaaS) offerings, with the recent discovery of two new malware families β RevC2 and Venom Loader β by Zscaler ThreatLabz. These malware were deployed through campaigns between August and October 2024, targeting vulnerable systems with advanced attack methods. RevC2, a backdoor malware, uses WebSockets for command-and-control communication, enabling remote code execution and the theft of sensitive data like passwords and cookies.
3.Β Backdoor Discovered in Solana npm Library
Cybersecurity researchers have uncovered a backdoor in the popular Solana Web3.js npm library, which is widely used for building Node.js and web apps that interact with the Solana blockchain. The malicious code was found in versions 1.95.6 and 1.95.7, both of which have since been removed from the npm registry. The backdoor is designed to steal private keys from developers and users, potentially draining their cryptocurrency wallets. It is believed that the npm package maintainers fell victim to a phishing attack, allowing the attackers to compromise the package and inject the malicious code.
4.Β Chrome Type Confusion Flaw Allows RCE
A newly discovered high-severity type confusion vulnerability (CVE-2024β12053) in Google Chromeβs V8 JavaScript engine has been found to allow attackers to execute remote code, potentially compromising user systems. Reported by security researchers on November 14, 2024, the flaw could lead to unauthorized access, data theft, and other malicious activities if exploited. In response, Google has rolled out a security update (version 131.0.6778.108/.109 for Windows and Mac, and 131.0.6778.108 for Linux) that addresses the vulnerability.
5.Β Veeam Patches Critical RCE Flaw in VSPC
Veeam has released critical security updates to address a remote code execution (RCE) vulnerability in its Service Provider Console (VSPC), tracked as CVE-2024β42448, with a CVSS score of 9.9 out of 10. The flaw, discovered during internal testing, allows attackers to exploit authorized management agents on vulnerable systems, potentially leading to RCE on the VSPC server machine. Another vulnerability, CVE-2024β42449, could allow attackers to leak NTLM hashes of the serverβs service account and delete files.
π₯ Cyber Incidents
6.Β Major Hack Targets FBI Nominee Kash Patel
Kash Patel, former chief of staff to the U.S. Department of Defense and President-elect Donald Trumpβs nominee to lead the FBI, has reportedly been targeted in a hacking campaign by Iranian actors. Sources familiar with the matter revealed that the hackers accessed some of Patelβs communications. This attack follows a series of foreign hacking efforts targeting individuals close to Trump, including his legal team. While Iranian hackers have previously targeted members of Trumpβs administration, including his allies Roger Stone and Todd Blanche, the latest breach marks a continuation of such hostile actions.
7.Β Ransomware Shuts Down PIH Health Network
PIH Health experienced a significant network disruption on December 1, 2024, after a ransomware attack infected a segment of its system. As a precaution, the healthcare provider took its entire network offline, impacting communication systems and IT infrastructure across three hospitals in Downey, Los Angeles, and Whittier, as well as outpatient facilities and home health services. While phone lines have been rerouted to PIH Health Good Samaritan Hospital, in-person services remain open, with some procedures rescheduled.
8.Β Onestep Disability Services Website Defaced
On December 4, 2024, the Australian disability services organization, OneStep Disability Services, became the latest target of the pro-Palestinian hacktivist group DXPLOIT. The group defaced the organizationβs website, displaying a message promoting pro-Islamic content and condemning oppression. The defacement, accompanied by the groupβs logo, read, βPAWNED BY DXPLOITβ and included a statement about the peaceful nature of Islam, distancing the religion from terrorism. Upon discovering the attack, OneStep quickly restored the website and assured users that no personal data had been compromised, as no sensitive information was stored on the site.
9.Β Chemonics International Suffers Data Breach
Chemonics International, Inc. recently reported a security breach involving unauthorized access to certain user accounts. The breach, which began in May 2023 and was discovered in December 2023, affected personal data, though there is no evidence of misuse. Following the discovery, Chemonics implemented response protocols, including password resets and account deactivation, and initiated a detailed investigation with cybersecurity experts.
10.Β Pembina Trails School Division Hit by Breach
Canadaβs Pembina Trails School Division is currently dealing with a cybersecurity incident that has caused disruptions to its network systems. The issue was first detected on Monday, December 2, when unusual activity was noticed by the tech team. Immediate action was taken to address the situation, and the division is now working with a cybersecurity management firm to investigate and restore services. As a result, some services, including phone lines, were temporarily impacted, though most phone lines have now been restored.
π’ Cyber News
11.Β FTC Bans Brokers From Selling Location Data
The Federal Trade Commission (FTC) has reached settlements with two U.S. data brokers, Gravy Analytics and Mobilewalla, prohibiting them from collecting and selling Americansβ sensitive location data. The FTC accused both companies of unlawfully tracking individuals near sensitive locations, such as healthcare facilities and military bases, without proper consent. Gravy Analytics, along with its subsidiary Venntel, was found to have used location data for commercial and government purposes, including selling sensitive information like health and political affiliations.
12.Β Europol Dismantles Messaging Platform MATRIX
Europolβs recent takedown of the encrypted messaging platform MATRIX marks a significant victory in the fight against organized crime. The platform, which facilitated illicit activities like drug trafficking, arms deals, and money laundering, was dismantled in a coordinated operation involving law enforcement from France, the Netherlands, Germany, Italy, Lithuania, and Spain. The investigation, which began after MATRIX was discovered on the phone of a criminal involved in a high-profile murder, led to the seizure of over 40 servers, millions of intercepted criminal messages, and several arrests.
13.Β Australia Fights SMS Scams with ID Register
The Australian government is taking a strong stance against SMS scams with the introduction of a mandatory Sender ID Register. Announced by Minister for Communications Michelle Rowland on December 3, 2024, the register requires telecommunications companies to verify the legitimacy of SMS senders before messages are delivered. If the senderβs ID is not on the register, the Australian Communications and Media Authority (ACMA) will either block the message or display a warning. This initiative aims to combat the growing prevalence of SMS scams.
14.Β Employee Sues Apple Over Device Monitoring
An Apple ad tech employee has filed a lawsuit against the company over its invasive monitoring practices. The lawsuit alleges that Apple requires employees to use work-issued devices, which are heavily restricted, leading many workers to use personal devices or connect their work devices to personal iCloud accounts. To do so, employees are reportedly forced to allow Apple to install software that grants the company access to personal data, including information stored on the device and iCloud, even when employees are off duty.
15.Β Sixgen Acquires Kyrus to Boost Cybersecurity
Sixgen has strengthened its cybersecurity capabilities by acquiring Kyrus, a Washington D.C.-area firm specializing in hardware and software reverse engineering and big data analytics. This acquisition is set to bolster Sixgenβs national security and critical infrastructure operations, particularly within the U.S. governmentβs civilian, defense, and intelligence sectors. Kyrus, founded in 2009 and employing around 100 staff, is known for its exceptional engineering talent, providing reverse engineering services and securing systems without source code.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
