Blastradius Attacks, Patch Tuesday with multiple zerodays, Evolve Bank Data Breach, Iran Threats

CyberHub Podcast

1×

0:00

Current time: 0:00 / Total time: -15:44

-15:44

Blastradius Attacks, Patch Tuesday with multiple zerodays, Evolve Bank Data Breach, Iran Threats

Today’s top cybersecurity news and the latest threats from Practicing CISO James Azar, tune in to hear how practitioner’s breakdown the latest to bolster their cybersecurity programs

James Azar

Jul 10, 2024

Transcript

CyberHub Podcast Recap: Patch Tuesday and Major Security Incidents

Good morning, Security Gang!

Today’s episode of the CyberHub Podcast is packed with critical updates and actionable insights. Here’s a breakdown of the latest cybersecurity news and what you need to do to stay protected.

RADIUS Protocol Vulnerability

Researchers have discovered a 30-year-old design flaw in the RADIUS protocol, which is widely used in network access control. The flaw, known as "Blast Radius," can allow attackers to bypass multi-factor authentication (MFA) and gain unauthorized access to networks.

Action Items:

Upgrade all RADIUS servers immediately to mitigate this vulnerability.
Conduct a thorough review of your network access controls to identify potential risks.

Evolve Bank and Trust Data Breach

Evolve Bank and Trust notified 7.6 million Americans of a data breach following a LockBit ransomware attack. The breach exposed personal and financial information.

Action Items:

Enroll in the offered credit monitoring and identity protection services by October 31.
Monitor financial accounts for any suspicious activity and report anomalies immediately.

Arabian Travel Agency Data Breach

A significant data breach at the Arabian Travel Agency compromised sensitive information of over 1.2 million individuals, including Air India customers and UAE visa applicants.

Fujitsu Data Breach

Fujitsu confirmed a data breach impacting sensitive information after malware spread to 49 computers within their network.

Patch Tuesday Updates

Microsoft released patches for 143 security flaws, including two critical vulnerabilities under active exploitation.

Action Items:

Prioritize patching systems affected by CVE-2024-38080 and CVE-2024-38112.
Regularly update all software to the latest versions to mitigate vulnerabilities.

Adobe Security Updates

Adobe released critical patches for Premiere Pro, InDesign, and Bridge, addressing several high-severity vulnerabilities.

Action Items:

Apply Adobe’s latest patches to affected software immediately.
Regularly check for updates and apply them as soon as they become available.

ICS Vulnerabilities

Siemens and Schneider Electric released patches for multiple vulnerabilities in their industrial control systems, including critical flaws that could allow privilege escalation and code execution.

Action Items:

Apply the latest security updates from Siemens and Schneider Electric.
Conduct a security audit of all industrial control systems to ensure they are protected.
OpenSSH Vulnerability

A new OpenSSH vulnerability (CVE-2024-6409) has been identified, affecting Red Hat Enterprise Linux 9.

Action Items:

Update to the latest versions of OpenSSH to mitigate the risk.
Regularly review security advisories for any additional patches.

Iranian Cyber Espionage

Iranian-linked cyber actors are using custom Android spyware, "Guard Zoo," to conduct espionage across the Middle East.

Upcoming Events

AI in Cybersecurity: Join us for a conversation with Steve Orrin, CTO at Intel Federal, discussing the practical implementation and impact of AI in cybersecurity. Tune in on YouTube and LinkedIn at 11 a.m. Eastern.

Stay cyber safe, everyone!

Discussion about this podcast

CyberHub Podcast

Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines and how these stories help keep practitioners sharp and ready.

Listen on