Good morning, security gang!
Welcome to another episode of the CyberHub Podcast. Host James Azar kicks off the show with excitement for Hacker Summer Camp and a promise of a packed episode.
Today’s show is sponsored by Nudge Security. Free 14-day trial to all CyberHub Podcast community members at https://www.nudgesecurity.com/cyberhub
Rockwell Automation Vulnerability
Researchers from Clarity discovered a high-severity security bypass vulnerability (CVE-2024-6242) in Rockwell Automation’s PLC Control Logic 1756 devices, impacting other controllers as well. Patches and mitigations have been released.
Action Items:
Apply the released patches and mitigations immediately to secure your systems.
Cloudflare Tunnels Abuse
Since February, threat actors have been abusing Cloudflare tunnels to deliver remote access trojans (RATs) like AsyncRAT, GooLoader, Remcos, VenomRAT, and Xworm. Attackers use business-relevant lures in multiple languages to distribute malware through these tunnels.
Action Items:
Monitor for unusual activity related to Cloudflare tunnels.
Educate employees about phishing attempts and ensure they are cautious with email and document requests.
Chinese Threat Actors - Storm Bamboo
The Chinese hacking group Storm Bamboo is compromising ISPs and launching DNS poisoning attacks via insecure software update mechanisms. This method redirects update requests to attacker-controlled servers, leading to malware installation.
Action Items:
Implement HTTPS for updates: Ensure all software updates use HTTPS.
Audit and Update: Regularly audit and update network infrastructure and DNS components.
Use Digital Signatures: Verify software updates with digital signatures.
Monitor DNS Activity: Use network security monitoring tools to detect DNS poisoning.
Arrest of Chinese Nationals in Fraud Scheme
Five Chinese nationals have been arrested in Southern California and Nevada for defrauding over 2,000 seniors out of $27 million through scam call centers in India.
Taiwanese Institute Breach
APT-41, a Chinese nation-state actor, breached a Taiwanese government-affiliated research institute, using Shadowpad and Cobalt Strike to exfiltrate documents. This highlights the sophisticated tactics of Chinese cyber actors.
Action Items:
Strengthen cybersecurity measures and regularly update systems.
Be vigilant against similar attacks and monitor for indicators of compromise.
Slubstick Linux Kernel Attack
Researchers from the Graz University of Technology discovered a new Linux kernel cross-cache attack named Slubstick, which can convert limited heap vulnerabilities into arbitrary memory read and write capabilities.
Action Items:
Review the detailed research paper and apply recommended patches and mitigations.
Monitor systems for signs of exploitation using the identified CVEs.
Criminals Email Hacked Company Customers
Sable International, an immigration services company, suffered a cyber attack, leading to attackers emailing customers directly. This incident highlights the importance of having robust incident response plans.
Action Items:
Ensure incident response plans include customer communication strategies.
Be aware of potential phishing attempts from attackers posing as legitimate companies.
TikTok Lawsuit by DOJ and FTC
The DOJ and FTC filed a lawsuit against TikTok for violating children's privacy laws, alleging that the company allowed children to create accounts and share content without proper parental consent.
Action Items:
Monitor children’s online activities and ensure they comply with age-appropriate platforms.
Ensure compliance with privacy laws and regulations regarding children's data.
NSO Group and WhatsApp Legal Battle
A federal judge denied WhatsApp’s appeal to depose additional witnesses in its case against NSO Group, related to the use of Pegasus spyware. The Israeli government’s involvement adds complexity to the case.
James Azar wraps up the episode, inviting listeners to Hacker Summer Camp and encouraging them to stay cyber-safe. He also highlights the importance of feedback and engagement on social media and podcast platforms.
Subscribe, follow, share, like, and comment on the podcast to stay updated on the latest cybersecurity news and insights.
✅ Story Links:
https://www.securityweek.com/cloudflare-tunnels-abused-for-malware-delivery/
https://thecyberexpress.com/stormbamboos-dns-poisoning-attack/
https://therecord.media/elder-fraud-arrests-doj-five-chinese-nationals
https://thehackernews.com/2024/08/apt41-hackers-use-shadowpad-cobalt.html
https://therecord.media/hackers-email-victims-customers-data-breach
https://thehackernews.com/2024/08/doj-and-ftc-sue-tiktok-for-violating.html
https://therecord.media/maker-of-pegasus-spyware-deposition-whatsapp-lawsuit
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
=============================
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
For Collaboration and Business inquiries, please use the contact information below:
📩 Email: info@cyberhubpodcast.com
Share this post