In this episode of the Cyber Hub Podcast, host James Azar discusses several key cybersecurity developments, including international law enforcement actions against cybercrime, vulnerabilities in popular software, and recent cyber attacks by notorious groups.
Global LockBit Crackdown
An international task force, involving countries like the US, UK, Germany, France, and many others, has successfully disrupted the LockBit ransomware services. This operation, named Operation Cronus, led to the takedown of 34 servers and the seizure of over 200 crypto wallets. Decryption tools have been made available on the NoMoreRansom portal for victims to recover their data. The action points for businesses include visiting the NoMoreRansom portal if affected by LockBit and enhancing collaboration with international cybersecurity initiatives.
El Al Flight Cybersecurity Incident
Israel's National Airline, El Al, faced a cyber threat where hostile elements attempted to take over the communication network of a flight from Thailand to Ben Gurion International Airport. The action point here is for airlines to review and strengthen their in-flight communication network security to prevent such incidents.
Microsoft Exchange Vulnerability
A critical vulnerability in Microsoft Exchange Server 2019, identified as CVE-2024-21410, allows for privilege escalation through NTLM relay attacks. This issue affects thousands of servers worldwide. Organizations using Microsoft Exchange should urgently apply the latest security patches and review their server configurations to mitigate this risk.
Evolution of Anitasa Banking Trojan
The Anitasa banking trojan has evolved, targeting over 600 mobile banking applications globally. The recent campaign saw the trojan being promoted in Slovakia, Slovenia, and the Czech Republic via the Google Play Store. Users should be cautious about downloading apps from the store and banks need to continuously update their app security to counter such threats.
Black Hat and Cactus Ransomer Group Activities
The Black Hat group, also known as Alpha V, has been linked to cyber attacks on Loan Depot and Prudential Financials, while the Cactus Ransomer Group claimed responsibility for a data breach at Schneider Electric's sustainability practice, stealing 1.5 terabytes of data. Companies should monitor for indicators of compromise associated with these groups and enhance their cybersecurity defenses.
ESET Vulnerability Patch Release
ESET released patches for a high-severity vulnerability (CVE-2024-0353) affecting its Windows-based security products. The flaw was found in the real-time file system protection feature. Users of ESET products are advised to apply these patches immediately to ensure protection against potential exploitation.
Action Points Summary:
- For those impacted by LockBit, utilize the NoMoreRansom portal for data recovery and engage with international cybersecurity initiatives for collective defense.
- Airlines should enhance in-flight network security to thwart takeover attempts.
- Organizations using Microsoft Exchange 2019 must apply security patches promptly and check server configurations.
- Banking app users and providers should be vigilant about the evolving Anitasa trojan, especially in newly targeted regions.
- Companies should stay informed about the activities of ransomware groups like Black Hat and Cactus Ransomer and strengthen their cyber defenses accordingly.
- Users of ESET's security products should install the latest patches to protect against the identified vulnerability.
James Azar concludes the episode by emphasizing the importance of staying cyber safe and promises more insights in the next episode.
Show Notes and Story Links:
https://www.hackread.com/israeli-el-al-flights-hackers-mid-air-hijacking/
https://www.securityweek.com/anatsa-android-banking-trojan-continues-to-spread-via-google-play/
https://gbhackers.com/eset-privilege-escalation-flaw/
https://thehackernews.com/2024/02/iran-and-hezbollah-hackers-launch.html
Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel!
Apply now to be a featured partner on the show: https://www.cyberhubpodcast.com/contact
******
Listen here: https://linktr.ee/cyberhubpodcast
SubStack:
******
Website: https://www.cyberhubpodcast.com
Youtube: https://www.youtube.com/c/TheCyberHubPodcast
Rumble: https://rumble.com/c/c-1353861
Facebook: https://www.facebook.com/CyberHubpodcast/
Linkedin: https://www.linkedin.com/company/cyberhubpodcast/
Twitter: https://twitter.com/cyberhubpodcast
Instagram: https://www.instagram.com/cyberhubpodcast
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Share this post