CISO Talk by James Azar
CyberHub Podcast
Chinese Hackers Compromised Private Communication, 122 Million Breach Victims, Windows 0day Exploited by Russia
0:00
Current time: 0:00 / Total time: -19:06
-19:06

Chinese Hackers Compromised Private Communication, 122 Million Breach Victims, Windows 0day Exploited by Russia

The CyberHub Podcast dives deep into breaking news from the FBI and CISA on telecom hacks linked to Chinese actors, a Windows zero-day exploited by Russian hackers, a massive data leak affecting 122M

Welcome back to CyberHub Podcast!

It’s our last show of the week, and we have a packed lineup, covering significant news like the FBI and CISA's latest update on the massive telecom breach, a Windows zero-day vulnerability, and much more.

Grab your coffee, and let’s dive in.

FBI & CISA Confirm Chinese Telecom Breach

The FBI and CISA have released a statement confirming that Chinese hackers breached multiple U.S. broadband providers, accessing private communications of certain government officials and sensitive data, including law enforcement wiretap requests. Known as “Salt Typhoon,” the attack affected companies like AT&T, Verizon, and Lumen Technologies. The hackers reportedly had access to federal systems used for network wiretaps, allowing them to collect internet traffic data from millions of U.S. customers. Canada also reported that China-backed actors targeted government networks, making this a widespread issue in North America. Investigations are ongoing, and security agencies are bracing for the fallout.

DemandScience Data Breach

DemandScience, a B2B data aggregation company, confirmed that a data leak, which first appeared in February, contained personal details of 122 million individuals. The leak included names, email addresses, job titles, and social media links. The breach was traced back to a decommissioned system from DemandScience’s former entity, Pure Incubation. Despite their attempts to downplay the breach, cybersecurity experts emphasize the need for companies to secure data from decommissioned systems.

Windows Zero-Day Vulnerability Exploited

A new Windows zero-day vulnerability (CVE-2024-43451), reportedly exploited by Russian hackers, has been identified by ClearSky. The flaw exists in the MSHTML engine, which, if exploited, allows attackers to gain system access through minimal user interactions, like right-clicking or deleting files. Targeting Ukrainian entities, this vulnerability highlights the need for rapid patching, especially as zero-day exploits are often actively weaponized within hours of disclosure.

Intel and AMD Patch Critical Vulnerabilities

Intel and AMD issued security advisories addressing high-severity vulnerabilities affecting their hardware products. Intel’s advisories cover 80 vulnerabilities, while AMD’s relate to eight critical issues. Users of affected systems, especially those managing servers, should prioritize these updates to safeguard against potential exploits that could lead to privilege escalation, denial-of-service attacks, and remote code execution.

Leave a comment

Ivanti Patches Multiple Vulnerabilities

Ivanti rolled out patches for 50 vulnerabilities in its security products, including eight critical ones. The flaws, affecting Connect Secure, Policy Secure, and Endpoint Manager, pose risks such as remote code execution and privilege escalation. Ivanti’s swift patch release aims to mitigate threats targeting its secure access and policy management solutions.

D-Link NAS Vulnerability

A critical command injection vulnerability (CVE-2024-10914) was identified in D-Link’s NAS devices, impacting several outdated models. D-Link confirmed that these end-of-life devices will not be patched, urging users to upgrade instead. Security experts warn that affected devices are exposed to arbitrary code injection, leaving users with no choice but to retire or replace these devices.

China’s APT-41 Targeting South Asia

APT-41, a notorious China-backed threat actor, was observed deploying a Windows-based surveillance toolkit dubbed “Deep Data Framework,” specifically targeting South Asian entities. Researchers at Blackberry discovered that this highly modular malware can steal data from apps like WhatsApp, Signal, Telegram, and WeChat. Additionally, it collects system data, browsing history, and other sensitive information. Organizations with assets in South Asia are advised to monitor for potential indicators of compromise from APT-41.

NIST’s CVE Backlog Progress

NIST updated the cybersecurity community on its progress clearing a backlog of 18,000 vulnerabilities in the National Vulnerability Database. Although falling short of their September deadline, they report substantial progress and the onboarding of a full team of analysts, expected to prevent further backlogs and ensure timely vulnerability disclosures.

Thanks for reading CISO Talk by James Azar! This post is public so feel free to share it.

Share

U.S. DOJ Indictment of Snowflake Attackers

The U.S. Department of Justice unsealed charges against Connor Riley Mushaka and John Aaron Bins, who breached over 165 organizations through stolen Snowflake credentials, exfiltrating data from major telecom companies and demanding ransom payments. Their exploitation of crypto laundering tactics underscores the complexity of tracing stolen assets. Both attackers face charges that could result in prison sentences ranging from five to 25 years per count, with a total potential sentence of 60 years.

Action Items

  1. Review Telecommunication Security

    Ensure that your organization’s telecommunications infrastructure is updated and protected against breaches, especially if it involves sensitive information such as wiretap or customer data.

  2. Update Windows Systems

    Patch all systems affected by the Windows zero-day vulnerability (CVE-2024-43451) immediately to avoid exploitation risks, especially if systems interact with Ukrainian networks or clients.

  3. Apply Intel and AMD Security Updates

    Address the latest advisories for Intel and AMD products, particularly if managing high-availability or critical systems.

  4. Patch Ivanti Solutions

    Apply the latest Ivanti patches for Connect Secure, Policy Secure, and Endpoint Manager products to mitigate critical vulnerabilities.

  5. Retire or Replace End-of-Life D-Link NAS Devices

    For users with vulnerable D-Link NAS devices, upgrade to supported models or switch to alternative NAS providers to prevent unauthorized access risks.

  6. Monitor for APT-41 Indicators

    If your organization has assets in South Asia, conduct a review of network traffic and logs for signs of APT-41’s Deep Data Framework malware toolkit to prevent potential espionage.

  7. Stay Informed of CVE Progress

    Track NIST’s updates on CVE backlogs and integrate any relevant vulnerabilities into your organization’s patch management cycle.

  8. Verify MFA and Access Controls for Cloud Services

    Confirm that all cloud services, such as Snowflake, are protected with multi-factor authentication and strong access controls to prevent unauthorized access and data breaches.

    Share CISO Talk by James Azar

Closing Remarks

That wraps up our CyberHub Podcast for today! Don’t forget to subscribe on your favorite platforms, and keep up with our exclusive content at jamesazar.substack.com. Stay cyber safe, and join us next Monday for the latest insights into the ever-evolving world of cybersecurity.

✅ Story Links: 

https://www.bleepingcomputer.com/news/security/chinese-hackers-compromised-us-government-officials-private-communications-in-recent-telecom-breach/

https://www.bleepingcomputer.com/news/security/leaked-info-of-122-million-linked-to-b2b-data-aggregator-breach/

https://www.securityweek.com/windows-zero-day-exploited-by-russia-triggered-with-file-drag-and-drop-delete-actions/

https://www.securityweek.com/chipmaker-patch-tuesday-intel-publishes-44-and-amd-publishes-8-new-advisories/

https://www.securityweek.com/ivanti-patches-50-vulnerabilities-across-several-products/

https://www.bleepingcomputer.com/news/security/critical-bug-in-eol-d-link-nas-devices-now-exploited-in-attacks/

https://www.darkreading.com/cyberattacks-data-breaches/toolkit-expands-apt41s-surveillance-powers

https://www.securityweek.com/nist-explains-why-it-failed-to-clear-cve-backlog/

https://www.bleepingcomputer.com/news/security/us-indicts-snowflake-hackers-who-extorted-25-million-from-3-victims/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1  

✅ Important Links to Follow: 

👉Substack:

👉Listen here: https://linktr.ee/cyberhubpodcast   

Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/ 

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/ 

👉Twitter (X): https://twitter.com/cyberhubpodcast 

👉Instagram: https://www.instagram.com/cyberhubpodcast 

✅ For Business Inquiries:  info@cyberhubpodcast.com

=============================

About The CyberHub Podcast.

The Hub of the Infosec Community. 

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. 

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.

Discussion about this podcast

CISO Talk by James Azar
CyberHub Podcast
Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines and how these stories help keep practitioners sharp and ready.