👉 What’s happening in cybersecurity today?
NjRat, Pro Edition, GitHub, Four-Faith Routers, Default Credentials, VulnCheck, Oracle WebLogic, PoC Exploit, D-Link Router, Remote Attacks, VulDB, Chrome Extensions, Malicious Code, Data Theft, Pro-Russian Hackers, DDoS Attack, Italy, Foreign Ministry, Airports, Zippo, Japan, Ransomware Attack, Vallianz Holdings, Judge Baker Children’s Center, Breach, Community Health Northwest Florida, Cyberattack, IT Systems, Biden Administration, Data Sale, Foreign Adversaries, US, Department of Justice, Trump, Supreme Court, TikTok Ban, Salt Typhoon, Cyberattack, US, Telecom, Nation-State Actors, Collaboration, Microsoft, Vietnam, Crypto Scam.
Listen to the full podcast
🚨 Cyber Alerts
The discovery of NjRat 2.3D Pro Edition on GitHub has raised significant cybersecurity concerns. Known as Bladabindi, NjRat is a Remote Access Trojan (RAT) capable of keylogging, credential theft, webcam access, and ransomware deployment. Its modular design and ability to evade detection make it a favorite among cybercriminals. The public availability of its latest version on an open-source platform lowers the barrier for both experienced hackers and amateur threat actors, increasing the risk of widespread cyberattacks.
A high-severity vulnerability (CVE-2024-12856) has been discovered in select Four-Faith routers, affecting models F3x24 and F3x36. The flaw, an OS command injection bug, is critical due to its potential for remote exploitation. However, the vulnerability requires successful authentication to trigger, though it can be exploited without authentication if the routers’ default credentials are unchanged. The exploitation, detailed by VulnCheck, involves attackers using these default credentials to execute commands and establish persistent remote access through a reverse shell.
A Proof-of-Concept (PoC) exploit for a critical vulnerability in Oracle WebLogic Server, tracked as CVE-2024-21182, has been publicly released, significantly raising the risk of exploitation. The PoC, shared on GitHub by the user “k4it0k1d,” enables attackers to exploit the flaw in Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 without needing credentials. This exploit takes advantage of the vulnerable T3 and IIOP protocols, which are often enabled by default for remote communication.
A critical vulnerability (CVE-2024-13030) has been discovered in the web management interface of the D-Link DIR-823G router, affecting firmware version 1.0.2B05_20181207. This flaw allows attackers to bypass authentication and remotely gain unauthorized access to the device, enabling them to manipulate settings and potentially take control of the router. The issue stems from improper access control in the router’s Home Network Administration Protocol (HNAP1), impacting several configuration functions.
In a cyberattack campaign that began in mid-December 2024, hackers compromised at least 16 popular Chrome extensions, exposing over 600,000 users to potential data theft. The attack was first detected when a phishing incident targeted Cyberhaven, a data protection company, allowing the hackers to publish a malicious version of their Chrome extension. The malicious code, active from December 24 to December 26, was designed to steal sensitive data such as passwords and session tokens, particularly targeting users of AI and social media platforms.
💥 Cyber Incidents
A cyberattack claimed by the pro-Russian hacker group Noname057(16) targeted several key websites in Italy on December 28, 2024. The attack, primarily affecting the Foreign Ministry’s website and Milan’s Linate and Malpensa airports, was attributed to a Distributed Denial of Service (DDoS) method, overwhelming the sites with excessive traffic and rendering them temporarily inaccessible. However, the disruption did not significantly impact airport operations or flight schedules.
Zippo Japan’s official online shop and repair services were targeted by a ransomware attack, causing significant disruption to its operations. The cyberattack led to the encryption of servers, rendering the affected systems, including the online shop and repair services, inaccessible. As a result, customers were unable to access these services, and the company faced communication issues, including the inability to receive emails.
Vallianz Holdings Limited recently reported a ransomware attack on its servers, prompting swift containment measures. While the incident temporarily disrupted certain systems, preliminary assessments suggest no significant impact on the company’s overall operations. Vallianz is collaborating with external cybersecurity experts to investigate the attack further and mitigate potential risks.
Judge Baker Children’s Center, a leading provider of mental health services for children, has reported a data security incident that may have affected personal and protected health information. The breach, which occurred between July 26 and 28, 2024, involved unauthorized access to the organization’s systems. After discovering unusual activity, the center took immediate steps to secure its environment and enlisted cybersecurity experts to investigate. On October 28, 2024, they determined that sensitive information, including names, Social Security numbers, and medical details, could have been impacted.
Community Health Northwest Florida (CHNWFL) recently detected a cyberattack on its systems, prompting immediate precautionary measures to ensure security. As a result, the organization temporarily took its systems offline to assess the scope of the breach. Fortunately, there is no evidence suggesting that patient data has been compromised.
📢 Cyber News
The Biden administration has finalized a rule aimed at blocking the sale of sensitive American data to adversarial nations such as Russia, China, and Iran. Set to take effect in early 2025, the regulation addresses national security threats posed by the acquisition of personal data by foreign entities. The rule targets various types of sensitive information, including genomic, biometric, health, geolocation, and financial data, as well as U.S. governmental data.
President-elect Donald Trump has asked the U.S. Supreme Court to delay the enforcement of a law that mandates ByteDance, the parent company of TikTok, to sell the app or face a ban in the United States. The law, titled the Protecting Americans from Foreign Adversary Controlled Applications Act, is set to take effect on January 19, just one day before Trump’s inauguration. In his filing, Trump argues that the timing interferes with his ability to manage U.S. foreign policy.
The U.S. government has confirmed that a ninth telecommunications company has fallen victim to the ongoing “Salt Typhoon” cyberattack campaign, attributed to Chinese hackers. The breach, which targets telecom giants like AT&T, Verizon, and Lumen Technologies, has resulted in the theft of critical metadata, including phone call and text message details. The hackers exploited vulnerabilities in telecom infrastructure, allowing persistent access to communication networks.
The 2024 Microsoft Digital Defense Report highlights the growing role of nation-state actors in cyberattacks, noting an alarming increase in collaborations between state-sponsored hackers and cybercriminal groups. The report points out that North Korean threat actors, for example, have stolen over $3 billion in cryptocurrency since 2017, using these funds to support state initiatives, including nuclear programs.
Vietnamese police successfully thwarted a cryptocurrency scam orchestrated by the fraudulent company Million Smiles, which defrauded victims of over $1.17 million. The scam involved promoting a fictitious cryptocurrency called QFS (Quantum Financial System) with false promises of financial benefits and ancestral connections. Authorities intercepted plans for a large-scale promotional event targeting 300 potential victims, seizing documents, computers, and other evidence during a raid.
Copyright © 2024 CyberMaterial. All Rights Reserved.
