Cybersec Feeds Overview, Dec 30, 2024 - Jan 5, 2025 #

This brief consolidates key updates from 80+ sources, including government organizations, cybersecurity vendors, threat intelligence teams, security research labs, and blogs from cybersecurity communities and professionals. It highlights the most significant threats, vulnerabilities, and developments from the past week to keep you informed.

Gov Feeds #

• CISA has added the Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability (CVE-2024-3393) to its Known Exploited Vulnerabilities Catalog, indicating active exploitation. Timely remediation of such vulnerabilities is critical for federal and other organizations to mitigate risks (CISA Adds One Known Exploited Vulnerability to Catalog).
• A significant cybersecurity breach at the U.S. Department of Treasury has been attributed to a Chinese threat actor exploiting a vulnerability in BeyondTrust software, giving them remote access to user workstations and unclassified documents. This incident highlights ongoing geopolitical cyber threats and the need for enhanced threat detection and response (CTO at NCSC Summary: week ending January 5th).
• The U.S. Department of Justice has enacted rules to address risks posed by foreign adversaries accessing sensitive personal data of Americans, including members of the military and intelligence communities. This initiative aims to counter malign foreign influence and protect national security (CTO at NCSC Summary: week ending January 5th).
• North Korea continues to leverage cyber theft as a significant funding mechanism for its weapons of mass destruction (WMD) development, further emphasizing the threat posed by state-sponsored cyber activities (CTO at NCSC Summary: week ending January 5th).
• NATO is actively investigating measures to protect undersea internet cables, which are critical to member countries’ national security. This initiative underscores the need for infrastructure resilience against potential cyberattacks targeting essential communication lines (CTO at NCSC Summary: week ending January 5th).

Articles #

Vendor Feeds #

• There is an increasing prevalence of malware targeting Windows, Linux, and MS-SQL servers, with significant statistics from Q4 2024 indicating a high occurrence of brute-force attacks, particularly on Linux SSH servers, and exploitation of vulnerable configurations in MS-SQL products. Organizations should prioritize configuration management and monitoring to defend against these threats (Statistical Report on Malware Targeting Windows Web Servers in Q4 2024, Statistical Report on Malware Targeting Linux SSH Servers in Q4 2024, Statistical Report on Malware Targeting MS-SQL Servers in Q4 2024).

• The Clop ransomware gang is exploiting a critical zero-day vulnerability (CVE-2024-50623) in Cleo’s Secure File Transfer products, which has led to mass extortion attempts against multiple organizations. Companies using these products should apply patches immediately and enhance their breach detection strategies to mitigate exposure (30th December – Threat Intelligence Report).

• A new Multi-Turn Jailbreak technique for manipulating Large Language Models (LLMs) exposes significant safety gaps and has shown an over 60% increase in attack success rates. Security teams should assess their models’ defenses against such evasion tactics and consider updates based on the findings to enhance their models (Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability).

• The rise of data breaches continued through 2024, with a reported increase of 1,170% in victims from Q2 2023 to Q2 2024, driven largely by attacks on high-profile organizations. The landscape suggests a need for robust data protection strategies and ongoing employee awareness to mitigate insider threats (Data breaches in 2024: Could it get any worse?).

• The Digital Operational Resilience Act (DORA), effective in January 2025, will significantly affect EU financial institutions by imposing stringent operational resilience requirements, emphasizing the need for immediate compliance planning and risk management strategies to avoid severe penalties for non-compliance (DORA Regulation (Digital Operational Resilience Act): A Threat Intelligence Perspective).

• Misconfigurations, especially in default settings for routers, create entry points for attackers, with data showing that 86% of respondents have never changed their router admin password. Organizations must enforce best practices for device management to bolster their defense against potential exploits (Router reality check: 86% of default passwords have never been changed).

• Quantum computing poses an emerging risk to encryption-based security protocols. Organizations should begin transitioning to post-quantum cryptographic standards to protect sensitive data from future decryption threats (Breaking Encryption: How To Prepare For Tomorrow’s Quantum Risk Today).

Articles #

News Feeds #

• An extensive compromise of at least 33 malicious Chrome extensions has been uncovered, affecting approximately 2.6 million users by siphoning off sensitive data over several months. This highlights persistent vulnerabilities in third-party software supply chains and necessitates increased scrutiny of browser extension security (Time to check if you ran any of these 33 malicious Chrome extensions, Chrome Extension Compromises Highlight Software Supply Challenges).

• A serious high-severity vulnerability in the WPForms plugin for WordPress has been identified, enabling attackers to exploit inadequate authorization checks to perform unauthorized actions such as issuing refunds or canceling subscriptions. Users are advised to update to the latest version (9.1.2.2 or later) immediately to mitigate potential financial and operational risks (CERT-In Alerts WordPress Users to Critical WPForms Plugin Vulnerability).

• The U.S. Treasury Department has sanctioned a Chinese technology vendor, Integrity Technology Group, for its complicity in cyberattacks attributed to the Flax Typhoon hacking group, which targeted U.S. critical infrastructure. The sanctions are part of a broader strategy to counter significant cybersecurity threats from state-sponsored actors (U.S. sanctions take aim at Chinese company said to aid hackers’ massive botnet, Treasury Dept. Sanctions Chinese Tech Vendor for Complicity).

• Microsoft is actively pursuing legal measures to disrupt a hacking-as-a-service operation that exploited its Azure platform, facilitating the generation of harmful content. This initiative emphasizes the need for robust defenses against evolving cybercriminal tactics that misuse generative AI technology (Microsoft moves to disrupt hacking-as-a-service scheme that’s bypassing AI safety measures).

• Recently reported critical vulnerabilities in Microsoft’s Active Directory could allow threat actors to crash multiple servers and potentially gain remote code execution. IT teams must prioritize patching efforts to safeguard against these high-risk vulnerabilities that could lead to widespread disruption (Unpatched Active Directory Flaw Can Crash Any Microsoft Server).

• The implementation of new cybersecurity regulations under the updated HIPAA rules will impose stricter requirements on healthcare organizations starting in 2025, including mandatory multifactor authentication and encryption for electronic protected health information (ePHI). This significant shift reflects an increasing focus on securing sensitive health data against rising threats (New HIPAA Cybersecurity Rules Pull No Punches, Proposed HIPAA Amendments Will Close Healthcare Security Gaps).

Articles #

Personal Feeds #

• Recent incidents in the blockchain sector resulted in the theft of over $2.3 million, showcasing a concerning trend of straightforward smart contract hacks among existing protocols. Increased vigilance by the security community has prevented larger holiday-related hacks as of late (BlockThreat - Week 51, 2024).
• A U.S. Army soldier has been arrested for allegedly stealing and leaking customer call records from AT&T and Verizon, highlighting insider threats as a critical concern. This incident emphasizes the ongoing need for internal security measures to prevent such breaches (U.S. Army Soldier Arrested in AT&T, Verizon Extortions).
• A significant rise in card draining scams involving tampering with gift cards has been identified, particularly as an organized crime tactic. Criminals are using sophisticated methods to exploit consumers, indicating a need for enhanced physical security measures at retail locations (Gift Card Fraud).
• The U.S. government has identified a ninth telecom victim in connection with the Salt Typhoon espionage campaign, which is linked to Chinese state-sponsored cyber activities. This trend signals the importance of robust incident response and threat monitoring (Salt Typhoon’s Reach Continues to Grow).
• Google’s new policy that permits device fingerprinting is seen as a major setback for privacy, necessitating companies to reassess their data protection strategies to safeguard user information (Google Is Allowing Device Fingerprinting).
• Funding for cybersecurity startups reached a high of $16.1 billion in 2024, reflecting an ongoing increase in investment and innovation within the sector, indicating an opportunity for collaboration and incorporation of new technologies into existing defense strategies (Correction: 2024 Cybersecurity Investments hit $16.1 Billion!).
• The discourse on using insights from cybersecurity startups to enhance organizational defenses emphasizes the need for CISOs to integrate security practices across all departments rather than treating them as isolated issues (Stop Playing Defense! How CISOs Can Use Startup Secrets to Fortify Their Security).

Articles #

Community Feeds #

• A recurrent Remote Code Execution (RCE) vulnerability affecting AWS has been identified for the third time within four years, indicating potential lapses in vulnerability processing and patching practices (AWS introduced same RCE vulnerability three times in four years).
• Newly discovered vulnerabilities, such as CVE-2024-54819 (I Librarian SSRF) and methods for bypassing BitLocker encryption on Windows 11, highlight the ongoing need for organizations to prioritize patch management and system hardening (CVE-2024-54819 - I Librarian SSRF, Dumping Memory to Bypass BitLocker on Windows 11).
• Attack vectors using advanced techniques such as Userland Exec to bypass SELinux protections and the delivery of threats via Python scripts are becoming prevalent, suggesting a need for enhanced monitoring and endpoint protections (Userland Exec bypassing bypassing SELinux’s execmem, mprotect, and W^X, SwaetRAT Delivery Through Python).
• Growing concerns regarding sextortion tactics in phishing emails have emerged, utilizing disguised Unicode characters to evade detection, emphasizing the need for updated filters capable of recognizing these sophisticated evasion techniques (No Holiday Season for Attackers).
• The current trend indicates a gradual increase in the adoption of TLS 1.2 and TLS 1.3 protocols on web servers, but the presence of outdated SSL protocols remains concerning, urging organizations to update their security practices (Changes in SSL and TLS support in 2024).
• The introduction of tools like CF-Hero for reconnaissance of Cloudflare-protected web applications underscores the importance of proactive security measures and the necessity for continuous intelligence gathering efforts (GitHub - musana/CF-Hero).
• Continuous monitoring and review of employed hash sets for both malicious and “good” software are advocated to maintain integrity and ensure the legitimacy of files across networks (Goodware Hash Sets).

Articles #

Disclaimer #

The summaries in this brief are generated autonomously by the OpenAI LLM model based on the provided system and user prompts. While every effort is made to consolidate accurate and relevant insights, the model may occasionally misinterpret, misrepresent, or hallucinate information. Readers are strongly advised to verify all key points by consulting the original sources linked in the brief for complete context and accuracy.

This document is created with BlackStork and is based on the template available on GitHub.

Reach out if you have questions or suggestions.