Good morning, Security Gang!
Welcome to today's packed episode of the CyberHub Podcast. Host James and co-host Jason cover the latest in cybersecurity news, updates, and actionable advice. Here's a breakdown of the key stories discussed in today's episode:
Cisco Zero-Day Vulnerability (CVE-2024-20399)
A medium-severity zero-day vulnerability in Cisco's NXOS software, exploited by a China-linked cyber espionage group. The vulnerability allows authenticated local attackers to execute arbitrary commands with root privileges due to insufficient validation of arguments in specific CLI commands. Cisco MDS 9000, Nexus 3000, 5500, 5600, 6000, 7000, and 9000 series switches.
Actions:
1. Patch Immediately: Apply the released firmware updates to mitigate the risk.
2. Review Access Controls: Ensure only trusted administrators have access to vulnerable devices.
CDK Global Ransomware Attack
The Black Suit ransomware group attacked CDK Global, impacting over 15,000 car dealerships across the U.S. Disrupted operations, causing delays in sales, financing, inventory, and customer service. CDK hopes to restore operations by July 3rd or 4th, crucial for the Independence Day sales.
Actions:
1. Prepare Contingency Plans: Car dealerships should have manual processes in place for critical operations.
2. Evaluate Cyber Insurance: Review policies and ensure coverage for ransomware attacks.
HubSpot Account Breaches
Ongoing attempts to hack into HubSpot customer accounts, with at least 50 accounts compromised. Attackers target sales and marketing tools, exploiting weaknesses to gain unauthorized access.
Advice:
1. Enable MFA: Use multi-factor authentication for all HubSpot accounts.
2. Implement SSO: Single sign-on can enhance security for enterprise users.
Cognizant Data Leak
Intel Broker leaked data allegedly stolen from Cognizant Technology Solutions. 40,000 user records, including sensitive information such as policy numbers and client details. Cognizant is investigating the validity and extent of the breach.
Actions:
1. Monitor for Updates: Stay informed on Cognizant's findings and any required actions.
Unfurling Hemlock Malware Campaign
A new East European threat actor uses compressed Microsoft Cabinet files to distribute multiple malware types. Targets include individuals in the U.S., Germany, Russia, and other countries. Information stealers like Mystic Stealer, Rise Pro, Redline, and loaders like Smoke Loader and Amaday.
Actions:
1. Update Security Software: Ensure antivirus and anti-malware solutions are up to date.
2. Raise awareness about phishing and malware distribution tactics.
Indirector Attack on Intel Processors
New attack on Intel processors from Raptor Lake and Elder Lake generations. Uses high precision branch target injection to steal sensitive information. Researchers suggest enhanced use of indirect branch predictor barriers and improved branch prediction unit design.
Actions:
1. Apply Security Patches: Ensure systems are updated with the latest Intel security patches.
2. Monitor for Vulnerabilities: Stay alert for new advisories and mitigation techniques.
Google’s Vulnerability Reward Program
Google launches a VRP for kernel-based VMs, hypervisors, and KVMs. Up to $250,000 for finding zero-day vulnerabilities.
Actions:
1. Encourage Participation: Inform your red team about the VRP to enhance security research.
2. Leverage Findings: Apply lessons learned from discovered vulnerabilities to improve your security posture.
Landmark Admin Data Breach
Data breach impacting personal and medical information. Attackers accessed files containing names, addresses, Social Security numbers, medical and insurance information. Number of affected individuals is unknown.
Brain Cipher Ransomware Attack on Indonesia
Attack on Indonesia’s national data center by the Brain Cipher ransomware group. Attackers exploited the LockBit 3.0 builder to disrupt government and online services.
Stay Cyber Safe: Subscribe to the CyberHub Podcast for more updates and insights. Connect with us on social media and your favorite podcast platforms.
✅ Story Links:
https://www.securityweek.com/cisco-patches-nx-os-zero-day-exploited-by-chinese-cyberspies/
https://www.securityweek.com/hubspot-warns-of-ongoing-cyberattacks-targeting-customer-accounts/
https://thecyberexpress.com/unconfirmed-cognizant-data-leak/
https://www.darkreading.com/cloud-security/google-opens-250k-bug-bounty-contest-for-vm-hypervisor
https://therecord.media/indonesia-cyberattack-communications-minister-petition
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Website: https://www.cyberhubpodcast.com
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Rumble: https://rumble.com/c/c-1353861
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
=============================
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Cisco Zeroday, CDK Still Recovering, HubSpot warns customers of cyberattacks, Malware Cluster Bomb