Welcome to another packed edition of the CyberHub Podcast! It’s Tuesday, December 17, 2024, and we’re just days away from the holiday season and the new year. Despite the end-of-year slowdown, the cyber world shows no signs of pausing.
I’ve got a lot to unpack for you today, from ransomware gangs claiming responsibility to major breaches impacting millions. So grab your coffee—espresso if you’re lucky—and let’s dive in.
CLOP Ransomware Claims Responsibility for CLEO Exploit
The CLOP ransomware gang has finally stepped forward and confirmed to Bleeping Computer that they are behind data theft attacks exploiting vulnerabilities in CLEO’s secure file transfer products: Harmony, VLTrader, and Lexicom.
Two CVEs Identified: CVE-2024-50623 and CVE-2024-55956.
CVE-50623 allows reading and writing vulnerabilities.
CVE-55956 allows writing arbitrary files, creating one-way executable communication.
This is significant because earlier patches were thought to address a single issue, but Rapid7 confirms these are two separate flaws. CLOP, known for high-profile attacks like the Acelion FTA and SolarWinds Serve-U exploits, continues targeting FTP systems as a lucrative entry point. Expect copycat attacks and a long string of victims coming forward, reminiscent of the MOVEit breach earlier this year.
Texas Tech University Health Sciences Center Breach
Both Texas Tech University Health Sciences Center and its El Paso branch reported a cyberattack compromising data of 1.4 million patients. Key details include:
Data Exposed: Names, Social Security numbers, medical and billing info, diagnosis/treatment records, and financial account details.
Attackers leaked 2.1 million files (2.6 TB total) after the Interlock ransomware gang claimed responsibility in October.
This breach is particularly troubling as Texas Tech serves primarily underserved communities.
Rhode Island’s RI Bridges Data Breach
Rhode Island’s public assistance system, RI Bridges, managed by Deloitte, suffered a ransomware attack by the BrainCipher gang. The breach, discovered December 5, exposed personal information tied to key programs like Medicaid, SNAP, and healthcare coverage. Delays in benefits for critical services as Deloitte works to restore systems. Fraud risks are significant given the nature of exposed data.
FBI Warns of Hiatus RAT Targeting Cameras and DVRs
The FBI issued warnings about the Hiatus RAT malware actively scanning and infecting web cameras and DVR systems in the US, Canada, Australia, New Zealand, and the UK.
Targets: Hikvision and Digami devices using vulnerable ports.
Mitigation Tips:
Shut down exposed ports (e.g., TCP 23, 554, 80, etc.).
Segment cameras from main office networks.
Consider a rip-and-replace strategy for vulnerable systems.
CISA Adds Adobe ColdFusion and Windows CVEs to Exploit List
CISA warns of two newly exploited vulnerabilities:
Windows CVE-2024-35250: A critical vulnerability with proof-of-concept exploits circulating.
Adobe ColdFusion CVE-2024-20767: A critical improper access control issue patched in March but actively exploited.
Organizations are urged to prioritize patching, as these are low-complexity exploits requiring no user interaction.
Serbian Government Deploys NoviSpy via Qualcomm Zero-Day
Amnesty International uncovered a spyware attack, NoviSpy, deployed on Android devices in Serbia. Authorities used Celebrite tools to unlock confiscated phones and inject spyware during physical custody. Exploits Qualcomm CVE-2024-43047, a privilege escalation flaw patched by Android in November.
The spyware was first discovered on a journalist’s device, raising concerns about surveillance against activists and reporters.
CISA and EPA Highlight Cyber Risks to Water Systems
CISA and the EPA released a fact sheet addressing cyber risks to human-machine interfaces (HMIs) in water and wastewater systems. Water systems have been frequent targets (e.g., by Iran), posing risks to public safety. Organizations should review the guidelines and address vulnerabilities.
Arctic Wolf Acquires BlackBerry’s Silence for $160M
Arctic Wolf announced the acquisition of BlackBerry’s Silence unit for $160 million, a sharp drop from BlackBerry’s original $1.4 billion purchase in 2018.
Arctic Wolf likely aims to integrate Silence into its XDR offerings and capitalize on its customer base. A sobering reminder of overvaluations in cybersecurity and shifting market competition.
Key Actions for Security Leaders
Patch CLEO Products Immediately: Address CVE-2024-50623 and CVE-2024-55956 vulnerabilities.
Review Camera/DVR Security: Close vulnerable ports, isolate devices, and replace outdated systems.
Address Windows and Adobe ColdFusion Patching: Prioritize updates to mitigate active exploits.
Monitor Critical Infrastructure Risks: Water systems and other OT environments remain high-priority targets.
Cyber Hygiene for Android Devices: Ensure devices are up-to-date to address Qualcomm-related zero-days.
Engage with CISA’s Incident Response Plan: Provide feedback and update your organization’s IR plans accordingly.
Stay vigilant, patch consistently, and segment your networks. These are not just “good practices”; they are essential for survival in today’s threat landscape and follow us for more updates.
Stay safe, stay cyber-aware, and I’ll see you tomorrow at 9 a.m. sharp.
Cheers, security gang!
✅ Story Links:
https://www.securityweek.com/cisa-warns-of-exploited-adobe-coldfusion-windows-vulnerabilities/
https://thecyberexpress.com/exposed-human-machine-interfaces-in-wws/
https://therecord.media/cisa-first-draft-updated-cyber-plan
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
=============================
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post