Welcome back to CyberHub Podcast!
It’s our last show of the week, and we have a packed lineup, covering significant news like the FBI and CISA's latest update on the massive telecom breach, a Windows zero-day vulnerability, and much more.
Grab your coffee, and let’s dive in.
FBI & CISA Confirm Chinese Telecom Breach
The FBI and CISA have released a statement confirming that Chinese hackers breached multiple U.S. broadband providers, accessing private communications of certain government officials and sensitive data, including law enforcement wiretap requests. Known as “Salt Typhoon,” the attack affected companies like AT&T, Verizon, and Lumen Technologies. The hackers reportedly had access to federal systems used for network wiretaps, allowing them to collect internet traffic data from millions of U.S. customers. Canada also reported that China-backed actors targeted government networks, making this a widespread issue in North America. Investigations are ongoing, and security agencies are bracing for the fallout.
DemandScience Data Breach
DemandScience, a B2B data aggregation company, confirmed that a data leak, which first appeared in February, contained personal details of 122 million individuals. The leak included names, email addresses, job titles, and social media links. The breach was traced back to a decommissioned system from DemandScience’s former entity, Pure Incubation. Despite their attempts to downplay the breach, cybersecurity experts emphasize the need for companies to secure data from decommissioned systems.
Windows Zero-Day Vulnerability Exploited
A new Windows zero-day vulnerability (CVE-2024-43451), reportedly exploited by Russian hackers, has been identified by ClearSky. The flaw exists in the MSHTML engine, which, if exploited, allows attackers to gain system access through minimal user interactions, like right-clicking or deleting files. Targeting Ukrainian entities, this vulnerability highlights the need for rapid patching, especially as zero-day exploits are often actively weaponized within hours of disclosure.
Intel and AMD Patch Critical Vulnerabilities
Intel and AMD issued security advisories addressing high-severity vulnerabilities affecting their hardware products. Intel’s advisories cover 80 vulnerabilities, while AMD’s relate to eight critical issues. Users of affected systems, especially those managing servers, should prioritize these updates to safeguard against potential exploits that could lead to privilege escalation, denial-of-service attacks, and remote code execution.
Ivanti Patches Multiple Vulnerabilities
Ivanti rolled out patches for 50 vulnerabilities in its security products, including eight critical ones. The flaws, affecting Connect Secure, Policy Secure, and Endpoint Manager, pose risks such as remote code execution and privilege escalation. Ivanti’s swift patch release aims to mitigate threats targeting its secure access and policy management solutions.
D-Link NAS Vulnerability
A critical command injection vulnerability (CVE-2024-10914) was identified in D-Link’s NAS devices, impacting several outdated models. D-Link confirmed that these end-of-life devices will not be patched, urging users to upgrade instead. Security experts warn that affected devices are exposed to arbitrary code injection, leaving users with no choice but to retire or replace these devices.
China’s APT-41 Targeting South Asia
APT-41, a notorious China-backed threat actor, was observed deploying a Windows-based surveillance toolkit dubbed “Deep Data Framework,” specifically targeting South Asian entities. Researchers at Blackberry discovered that this highly modular malware can steal data from apps like WhatsApp, Signal, Telegram, and WeChat. Additionally, it collects system data, browsing history, and other sensitive information. Organizations with assets in South Asia are advised to monitor for potential indicators of compromise from APT-41.
NIST’s CVE Backlog Progress
NIST updated the cybersecurity community on its progress clearing a backlog of 18,000 vulnerabilities in the National Vulnerability Database. Although falling short of their September deadline, they report substantial progress and the onboarding of a full team of analysts, expected to prevent further backlogs and ensure timely vulnerability disclosures.
U.S. DOJ Indictment of Snowflake Attackers
The U.S. Department of Justice unsealed charges against Connor Riley Mushaka and John Aaron Bins, who breached over 165 organizations through stolen Snowflake credentials, exfiltrating data from major telecom companies and demanding ransom payments. Their exploitation of crypto laundering tactics underscores the complexity of tracing stolen assets. Both attackers face charges that could result in prison sentences ranging from five to 25 years per count, with a total potential sentence of 60 years.
Action Items
Review Telecommunication Security
Ensure that your organization’s telecommunications infrastructure is updated and protected against breaches, especially if it involves sensitive information such as wiretap or customer data.
Update Windows Systems
Patch all systems affected by the Windows zero-day vulnerability (CVE-2024-43451) immediately to avoid exploitation risks, especially if systems interact with Ukrainian networks or clients.
Apply Intel and AMD Security Updates
Address the latest advisories for Intel and AMD products, particularly if managing high-availability or critical systems.
Patch Ivanti Solutions
Apply the latest Ivanti patches for Connect Secure, Policy Secure, and Endpoint Manager products to mitigate critical vulnerabilities.
Retire or Replace End-of-Life D-Link NAS Devices
For users with vulnerable D-Link NAS devices, upgrade to supported models or switch to alternative NAS providers to prevent unauthorized access risks.
Monitor for APT-41 Indicators
If your organization has assets in South Asia, conduct a review of network traffic and logs for signs of APT-41’s Deep Data Framework malware toolkit to prevent potential espionage.
Stay Informed of CVE Progress
Track NIST’s updates on CVE backlogs and integrate any relevant vulnerabilities into your organization’s patch management cycle.
Verify MFA and Access Controls for Cloud Services
Confirm that all cloud services, such as Snowflake, are protected with multi-factor authentication and strong access controls to prevent unauthorized access and data breaches.
Closing Remarks
That wraps up our CyberHub Podcast for today! Don’t forget to subscribe on your favorite platforms, and keep up with our exclusive content at jamesazar.substack.com. Stay cyber safe, and join us next Monday for the latest insights into the ever-evolving world of cybersecurity.
✅ Story Links:
https://www.securityweek.com/ivanti-patches-50-vulnerabilities-across-several-products/
https://www.darkreading.com/cyberattacks-data-breaches/toolkit-expands-apt41s-surveillance-powers
https://www.securityweek.com/nist-explains-why-it-failed-to-clear-cve-backlog/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
=============================
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post