π Whatβs trending in cybersecurity today?
Ivanti, CSA, Authentication Bypass, Fake Recruiters, AppLite Banker, Cleo, File Transfer, Microsoft, Remote Desktop Protocol, Critical Flaw, TCC Subsystem, iOS, iCloud, Spain, CNMC, Sensitive Records, Ransomware, Ohio, Wood County, Turkey, Toll App, Hizli Gecis Sistemi, Breach, Employee, Health Information, NHS Tayside, Patient Data, Leak, US, Telecom Security, Bill, Salt Typhoon, European Union, Cyber Resilience Act, China, Cybersecurity Firm, Sanctions, Firewall Compromise, Utility Companies, Ransomware Attacks, Astrix Security, Non-Human Identities.
Listen to the full podcast
π¨Β Cyber Alerts
1.Β Ivanti Alerts on Critical Auth Bypass Flaw
Ivanti has issued a critical warning about a newly discovered authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution, tracked as CVE-2024β11639. Reported by CrowdStrikeβs Advanced Research Team, the flaw allows remote attackers to gain administrative privileges on appliances running CSA version 5.0.2 or earlier without requiring authentication or user interaction. Ivanti strongly advises customers to upgrade to CSA 5.0.3 immediately, with detailed instructions available in their support documentation.
2.Β Recruitment Scam Spreads Malicious Apps
Cybersecurity researchers have uncovered a phishing campaign where fake recruiters lure job seekers into downloading malicious Android apps that deploy an updated version of the Antidot banking trojan, known as AppLite Banker. These attackers use enticing job offers, such as remote roles with competitive pay, to trick victims into installing apps from phishing pages. Once installed, the apps exploit Androidβs Accessibility Services to steal credentials, capture unlock patterns, and gain remote control of infected devices.
3.Β Cleo File Transfer Flaw Actively Exploited
A critical vulnerability in Cleoβs file transfer software, including LexiCom, VLTransfer, and Harmony, is currently being exploited by cybercriminals. Tracked as CVE-2024β50623, the flaw allows unauthenticated remote code execution due to an unrestricted file upload vulnerability, enabling attackers to execute arbitrary code on vulnerable systems. Huntress researchers discovered widespread exploitation of this issue starting December 3, 2024, with at least 10 organizations, including consumer product, logistics, and food supply companies, being compromised.
4.Β Critical Windows Vulnerability Allows RCE
Microsoft has disclosed a critical vulnerability in its Windows Remote Desktop Services, tracked as CVE-2024β49115, which could allow attackers to execute remote code on affected systems. The flaw stems from two weaknesses: CWE-591, involving sensitive data storage in improperly locked memory, and CWE-416, a use-after-free issue. By exploiting these flaws, attackers can gain remote control over the system without requiring user interaction or elevated privileges. Although there is no evidence of active exploitation, the vulnerability has been classified with a CVSS score of 8.1, marking it as a serious threat.
5.Β iOS TCC Vulnerability Exposes iCloud Data
A critical vulnerability in Appleβs iOS operating system has been discovered, exposing sensitive user data stored in iCloud to unauthorized access. Identified as CVE-2024β44131, this flaw affects the Transparency, Consent, and Control (TCC) subsystem, which is designed to notify users when apps attempt to access personal information. The vulnerability bypasses this mechanism, allowing malicious applications to access files, health data, contacts, and more without user consent. The exploit works by manipulating symbolic links within iOSβs Files.app, enabling attackers to intercept and redirect file operations.
π₯ Cyber Incidents
6.Β Spainβs CNMC Hit With Major Data Breach
The ComisiΓ³n Nacional de los Mercados y la Competencia (CNMC) in Spain has fallen victim to a significant cyberattack, resulting in the exfiltration of 2,000 million sensitive mobile phone records, equating to 240 GB of data. This breach, described as one of the most severe in recent times, has raised alarms regarding national security, prompting an investigation by Spainβs Audiencia Nacional. The case has been transferred from the Juzgado de InstrucciΓ³n 27 of Madrid to the Audiencia Nacional, where Judge MarΓa TardΓ³n will oversee the investigation.
7.Β Ransomware Disrupts Ohioβs Wood County
A ransomware attack on Wood County, Ohio, has caused significant disruption to the countyβs emergency services, forcing dispatchers to revert to pen and paper for recording calls. The attack, which occurred early on December 9, 2024, affected several public safety departments linked to the Wood County Sheriffβs Office, including emergency dispatch, jails, and the Bowling Green Police Division. While 911 services remain operational, officials reported that some records and historical police data are inaccessible.
8.Β Turkish Toll App Hizli Gecis Sistemi Hacked
On December 10, 2024, the HGS (Hizli Gecis Sistemi) mobile application, a widely used electronic toll collection system in Turkey, was targeted by a cyberattack. The attack involved unauthorized access to the appβs messaging system, resulting in offensive messages and ransom threats sent to users, demanding Bitcoin payments. Although there were no breaches of user data or sensitive information, the incident raised concerns about the security of the app and other platforms using the same notification service, OneSignal.
9.Β Rumpke Waste & Recycling Suffers Data Breach
Rumpke Waste & Recycling recently reported a security breach involving sensitive employee information. On October 11, 2024, the company discovered a dark web posting from an attacker claiming to have accessed its IT systems. The breach, which occurred starting July 20, 2024, involved unauthorized access through a compromised user account. Affected individuals include current and former employees, along with their spouses and dependents enrolled in the companyβs health benefits plan from 2015 to July 2024. The compromised data includes personal information such as names, addresses, health insurance details, and financial account information.
10.Β NHS Tayside Blunder Leads to Data Leak
NHS Tayside is under scrutiny after accidentally releasing the personal medical records of 125 patients due to an error in a Freedom of Information (FOI) request. The incident occurred on December 9, 2024, when the health board mistakenly sent a spreadsheet containing sensitive data, including home addresses, birthdates, health conditions, and medical treatment details. The error was discovered before the records were published online, thanks to intervention from The Courier. NHS Tayside has since apologized, launched an internal review, and reported the breach to the Information Commissionerβs Office (ICO).
π’ Cyber News
11.Β US Proposes Bill to Secure Telecom Networks
U.S. Senator Ron Wyden of Oregon has introduced the βSecure American Communications Actβ to address the recent Salt Typhoon cyberattacks on American telecommunications companies. The bill mandates the Federal Communications Commission (FCC) to enforce stringent cybersecurity regulations for telecom providers, requiring them to conduct annual vulnerability tests, patch security flaws, and undergo independent audits for compliance. This move comes after Chinese state-sponsored hackers, known as Salt Typhoon, breached multiple U.S. telecoms earlier this year, gaining access to sensitive customer data and internet traffic.
12.Β EUβs Cyber Resilience Act Takes Effect
The European Unionβs Cyber Resilience Act (CRA) has officially entered into force, aiming to strengthen the security of connected devices across the region. The law mandates that product manufacturers provide security support, including regular software updates to address vulnerabilities. While the full compliance deadline isnβt until December 2027, the CRA applies to a wide range of devices, from smartwatches to home appliances, requiring manufacturers to adhere to security standards throughout the lifecycle of their products.
13.Β US Sanctions Chinese Cybersecurity Firm
The U.S. Department of the Treasuryβs Office of Foreign Assets Control (OFAC) has sanctioned Chinese cybersecurity firm Sichuan Silence Information Technology Company, Limited, and its employee, Guan Tianfeng, for their involvement in a 2020 cyberattack. The attack compromised tens of thousands of firewalls globally, including over 23,000 in the U.S., with critical infrastructure companies among the victims. Guan exploited a zero-day vulnerability to deploy malware and attempted to launch Ragnarok ransomware, potentially threatening the safety of U.S. energy companies.
14.Β Utility Companies Face Surge in Ransomware
Utility companies are facing a significant increase in cyber threats, with a 42% surge in ransomware attacks over the past year, according to a new report from ReliaQuest. The report highlights how cybercriminals are increasingly targeting utilities, focusing on the vulnerabilities that arise from the blend of IT and operational technology (OT) systems. Ransomware groups, particularly Play, have intensified their attacks on the sector, with Playβs successful attacks rising by 233%. Spear phishing remains the most common attack vector, with utility workers often exposed due to their access to both IT and OT environments.
15.Β Astrix Security Raises $45M for Non-Human ID
Astrix Security, a Tel Aviv-based startup specializing in securing non-human identities, has successfully raised $45 million in a Series B funding round led by Menlo Ventures. The round also saw participation from Workday Ventures, Bessemer Venture Partners, CRV, and F2 Venture Capital, bringing the companyβs total funding to $85 million. Astrix focuses on protecting API keys, service accounts, and other non-human identities, an often-overlooked aspect of identity and access management.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
