In the latest CyberHub podcast, host James Azar delves into a plethora of critical cybersecurity issues facing the globe. The episode, dated December 14, 2023, starts with a light-hearted nod to the holiday season before plunging into serious matters.
Key points include:
1. Vault Typhoon Threat: The U.S. is tracking a resilient botnet, Vault Typhoon, linked to the Chinese government. This sophisticated network, using end-of-life SOHO routers, has been targeting U.S. critical infrastructure, particularly in strategic areas like Guam.
2. Microsoft Disrupts Storm 1152: A significant operation by Microsoft has disrupted Storm 1152, a Vietnamese-led cybercrime ecosystem. This network created over 750 million fraudulent Microsoft accounts to facilitate various cybercrimes, including identity theft and phishing.
3. Apache Struts Vulnerability: Hackers are exploiting a recently patched vulnerability in Apache Struts, reminiscent of the infamous Equifax breach. This vulnerability could lead to remote code execution, prompting companies like Cisco to investigate potential impacts on their products.
4. Russian Cyber Espionage: APT29, a Russian cyber espionage group, has been exploiting vulnerabilities in Team City software since September. Known for their involvement in previous high-profile cyber incidents, they've been using this exploit to conduct widespread cyber attacks.
5. Iranian Cyber Operations: The Iranian-sponsored oil rig group is reported to be deploying new downloader malware’s, focusing on gaining persistent access to Israeli networks.
6. Dell's Security Advisory: Dell has issued advisories for serious vulnerabilities in its PowerProtect products. These vulnerabilities, if exploited, could lead to significant data breaches.
7. Controversy Over FISA Section 702: The U.S. Senate passed a bill extending Section 702 of the Foreign Intelligence Surveillance Act, which allows warrantless surveillance. This move sparked debate over privacy rights.
8. UN Cybercrime Treaty Criticisms: The United Nations' draft on a cybercrime treaty faces criticism for potentially criminalizing cybersecurity research and neglecting human rights issues.
The podcast concludes with a reminder of the ever-evolving nature of cyber threats and the need for vigilance in staying cyber safe.
Story Links:
https://www.securityweek.com/chinese-apt-volt-typhoon-linked-to-unkillable-soho-router-botnet/
https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html
https://www.securityweek.com/dell-urges-customers-to-patch-vulnerabilities-in-powerprotect-products/
https://therecord.media/section-702-inches-closer-after-senate-approves-temporary-renewal
https://therecord.media/un-cybercrime-treaty-draft-criticized
Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel!
Apply now to be a featured partner on the show: https://www.cyberhubpodcast.com/contact
Listen here: https://linktr.ee/cyberhubpodcast
SubStack:
Website: https://www.cyberhubpodcast.com
Youtube: https://www.youtube.com/c/TheCyberHubPodcast
Rumble: https://rumble.com/c/c-1353861
Facebook: https://www.facebook.com/CyberHubpodcast/
Linkedin: https://www.linkedin.com/company/cyberhubpodcast/
Twitter: https://twitter.com/cyberhubpodcast
Instagram: https://www.instagram.com/cyberhubpodcast
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Share this post