Welcome back to the Cyber Hub Podcast with James Azar. This morning, James is broadcasting from an undisclosed location and navigating the challenges of life on the road. Despite the lack of a local coffee spot, he remains dedicated to bringing the latest cybersecurity updates.
Major Stories of the Day
Salt Typhoon Attack on U.S. Telecom Infrastructure
A sophisticated attack, attributed to Chinese APT Salt Typhoon, has compromised U.S. telecom networks. This breach has reportedly intercepted call logs, text messages, and even recorded audio from political campaigns, impacting high-value targets associated with President-elect Trump and Vice President Harris. Federal agencies are restricting phone use for work communications, pushing Congress to seek further investigation.
Halliburton Ransomware Impact
Halliburton has faced a ransomware attack costing $35 million, with continued disruptions likely. This breach mirrors recent incidents at other firms, highlighting how operational recovery post-attack takes months, impacting productivity and financial stability.
Ahold Delhaize Cybersecurity Incident
The U.S. food giant’s Hannaford e-commerce service has been down since last week, with limited impact on store operations. Ahold Delhaize’s proactive measures, like canceling pickup orders and securing pharmacies, reflect the critical importance of backup systems in retail cybersecurity resilience.
Hot Topic Data Breach
A breach at retail chain Hot Topic has exposed data of nearly 57 million customers. The attacker, going by “Satanic,” accessed sensitive personal and payment information and attempted to sell it online, underscoring the importance of robust customer data security.
FBI Warning on Fake Emergency Data Requests
The FBI warns of a spike in cybercriminals exploiting fake emergency data requests to harvest personal information. Threat actors use compromised government emails to fraudulently obtain user data from service providers, posing a growing threat to U.S. companies.
Emergency data requests have been abused by Lapsus$ and other threat actors, but the FBI has observed a spike in cybercrime forum posts related to the process of emergency data requests.
Critical Vulnerabilities in HPE Aruba Products
Hewlett Packard Enterprise released security updates for vulnerabilities in its Aruba access points. Two critical flaws could enable command injections, posing risks to network security. Users are urged to patch these immediately.
The flaws affect Access Points running Instant AOS-8 and AOS-10 -
AOS-10.4.x.x: 10.4.1.4 and below
Instant AOS-8.12.x.x: 8.12.0.2 and below
Instant AOS-8.10.x.x: 8.10.0.13 and below
The most severe among the six newly patched vulnerabilities are CVE-2024-42509 (CVSS score: 9.8) and CVE-2024-47460 (CVSS score: 9.0), two critical unauthenticated command injection flaws in the CLI Service that could result in the execution of arbitrary code.
Machine Learning Vulnerabilities in Open Source Projects
JFrog identified numerous security flaws in ML-related open source projects, risking server takeovers. These vulnerabilities could allow attackers to compromise critical ML infrastructures, emphasizing the need for secure supply chain practices.
A brief description of the identified flaws is below -
CVE-2024-7340 (CVSS score: 8.8) - A directory traversal vulnerability in the Weave ML toolkit that allows for reading files across the whole filesystem, effectively allowing a low-privileged authenticated user to escalate their privileges to an admin role by reading a file named "api_keys.ibd" (addressed in version 0.50.8)
An improper access control vulnerability in the ZenML MLOps framework that allows a user with access to a managed ZenML server to elevate their privileges from a viewer to full admin privileges, granting the attacker the ability to modify or read the Secret Store (No CVE identifier)
CVE-2024-6507 (CVSS score: 8.1) - A command injection vulnerability in the Deep Lake AI-oriented database that allows attackers to inject system commands when uploading a remote Kaggle dataset due to a lack of proper input sanitization (addressed in version 3.9.11)
CVE-2024-5565 (CVSS score: 8.1) - A prompt injection vulnerability in the Vanna.AI library that could be exploited to achieve remote code execution on the underlying host
CVE-2024-45187 (CVSS score: 7.1) - An incorrect privilege assignment vulnerability that allows guest users in the Mage AI framework to remotely execute arbitrary code through the Mage AI terminal server due to the fact that they have been assigned high privileges and remain active for a default period of 30 days despite deletion
CVE-2024-45188, CVE-2024-45189, and CVE-2024-45190 (CVSS scores: 6.5) - Multiple path traversal vulnerabilities in Mage AI that allow remote users with the "Viewer" role to read arbitrary text files from the Mage server via "File Content," "Git Content," and "Pipeline Interaction" requests, respectively
Exploits in ZIP File Compression
Researchers uncovered a tactic in which attackers exploit the structural flexibility of ZIP files to evade detection. This tactic enables malware to hide within complex ZIP files, making it difficult for traditional security tools to detect threats during phishing attacks.
Tor Network IP Spoofing Attack
A coordinated IP spoofing attack aimed to disrupt the Tor network by triggering abuse complaints against relay servers. This attempt to weaken Tor highlights the ongoing pressure against anonymity tools from likely state-sponsored actors.
U.S. Supreme Court to Review Facebook Lawsuit
The Supreme Court is set to decide on the continuation of a longstanding shareholder lawsuit against Facebook related to the Cambridge Analytica scandal. This case could set a precedent for privacy and shareholder rights in data misuse cases.
Key Action Items
Federal Compliance: Limit work communications on mobile devices and switch to encrypted messaging options where possible.
Business Resilience: Implement backup payment systems, especially if your business depends heavily on online transactions.
Customer Data Protection: Evaluate current data security measures and adopt additional protections for sensitive customer information.
Employee Training: Educate staff about fake emergency data requests and stress verification methods to prevent accidental data leaks.
Immediate Patching: Apply updates for HPE Aruba access points to mitigate critical vulnerabilities.
Supply Chain Security: Audit machine learning dependencies and patch vulnerabilities in open-source projects to secure ML pipelines.
Detecting Malicious Files: Strengthen phishing defenses to detect complex ZIP file structures used in advanced phishing attacks.
Privacy Safeguards: Stay informed on legal developments around data privacy, particularly concerning shareholder rights in cases of data misuse.
Stay safe, security gang! Subscribe to our Substack at jamesazar.substack.com for more updates.
✅ Story Links:
https://www.securityweek.com/cyberattack-cost-oil-giant-halliburton-35-million/
https://www.cybersecuritydive.com/news/grocery-ahold-delhaize-cyberattack/732562/
https://thehackernews.com/2024/11/hpe-issues-critical-security-patches.html
https://thehackernews.com/2024/11/security-flaws-in-popular-ml-toolkits.html
https://www.securityweek.com/ip-spoofing-attack-tried-to-disrupt-tor-network/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
=============================
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post