CISO Talk by James Azar
CyberHub Podcast
Iranian Cyberattack on Israel’s Payment Provider, Texas Oilfield Ransomware Attack, TSA Expands Cyber Rules
0:00
-15:10

Iranian Cyberattack on Israel’s Payment Provider, Texas Oilfield Ransomware Attack, TSA Expands Cyber Rules

Honoring Veterans and Navigating Global Cyber Threats, Veterans Day Special Edition – Examining a Massive Cyber Attack on Israel’s Financial Sector, New TSA Cybersecurity Rule Ongoing Ransomware

In today’s Veterans Day special edition of the CyberHub Podcast, James Azar opened with gratitude for the service and sacrifices made by veterans, especially those who tune into the show. After honoring the day, the show swiftly moved into a series of pressing cybersecurity stories from around the world, affecting both businesses and government agencies alike.

Key Stories and Insights

Massive Cyber Attack in Israel Disrupts Payment Systems

A major Distributed Denial of Service (DDoS) attack targeted Hyp CreditGuard, a payment processing service in Israel, causing widespread disruption. Although the attack initially appeared contained, financial systems were down for nearly 10-12 hours, impacting essential retailers, gas stations, and shopping malls. The Iranian government has claimed responsibility, framing it as retaliation amidst growing tension between Iran and Israel. The attack raises questions about backup payment systems and retailer readiness for such threats.

Hyp wasn’t rated as critical infrastructure by the Israeli government leaving their coordination with Israel’s CERT as optional rather then required.

Ransomware Hits Texas-Based Oil Firm

A Texas oil service company disclosed to the SEC that it had been hit by ransomware. Though early in the investigation, the company managed to revert to older systems to continue operations, avoiding major disruption. This incident underscores the vulnerability of critical infrastructure and the importance of backup systems.

TSA Proposes New Cybersecurity Mandates

The TSA is expanding cybersecurity rules for freight and passenger railroads, rail transit, and pipelines. The new regulations require prompt cyber incident reporting to CISA and annual cybersecurity assessments. Originally developed in response to the Colonial Pipeline attack, the mandate seeks to enhance protections for critical infrastructure.

Leave a comment

Debt Relief Firm Setforth Data Breach Affects 1.5 Million

Debt relief provider Setforth disclosed that a data breach compromised the personal data of 1.5 million individuals in May 2024. The breach impacted sensitive information, including social security numbers. Setforth is offering a year of identity theft protection to affected individuals, highlighting the growing need for robust data security measures.

Palo Alto Networks Expedition Exploit and Patch

A vulnerability in Palo Alto Networks’ Expedition tool, patched in June, is still being actively exploited. The flaw, which allows attackers to gain admin control, continues to be a threat despite available security updates. This emphasizes the need for immediate patching of known vulnerabilities.

Veeam Backup Enterprise Manager Vulnerability

A high-severity vulnerability in Veeam's backup management software allows unauthenticated remote access, putting sensitive backups at risk. Veeam has released a hotfix, urging users to update to the latest version to protect against potential exploits.

Share

Typosquatting Python Package "Fabrice" Steals AWS Credentials

A malicious Python package named "Fabrice," downloaded over 37,000 times, posed as the legitimate “Fabric” library and was designed to steal AWS credentials. This highlights the dangers of typosquatting and the importance of verifying package sources in development.

Sophisticated Phishing Campaign Impersonates Legal Notices

A new phishing campaign is tricking global companies with emails alleging copyright infringement. The emails contain an info-stealing malware, “Rhadamanthys,” capable of capturing sensitive data, including cryptocurrency wallet keys. This campaign emphasizes the need for increased phishing awareness and vigilance among organizations.

The profile of impersonated brands weaves in neatly with the story the attackers peddle: that recipients have posted some sort of content on social media that violated a copyright.

Action Items for Cybersecurity Teams

1. Re-evaluate Payment System Backup Plans

Retailers should assess the robustness of their backup payment systems to ensure operational continuity during cyber incidents.

2. Strengthen Infrastructure Cybersecurity

Critical infrastructure companies, especially in oil, rail, and pipeline sectors, should review TSA’s updated guidelines and implement necessary cybersecurity upgrades.

3. Stay Current on Vulnerability Patching

Organizations using Palo Alto Networks and Veeam should immediately apply available patches to protect against known exploits.

4. Enhance Awareness on Package Security

Development teams should implement strict package verification processes to avoid typosquatting risks like those seen with the “Fabrice” package.

5. Increase Phishing Vigilance

Companies should reinforce anti-phishing training and awareness, particularly regarding sophisticated scams disguised as legal notices.

6. Review Data Security and Incident Response Plans

Firms holding sensitive personal data, like Setforth, must ensure they have robust data protection protocols and effective incident response measures in place.

Conclusion

As Veterans Day reminds us of the strength and dedication of our military service members, today’s cybersecurity stories highlight the need for vigilance and resilience in the face of evolving threats. Thank you to our veterans, and to all cybersecurity professionals on the front lines, striving to keep systems safe and secure.

✅ Story Links: 

https://therecord.media/cyberattack-causes-credit-card-readers-in-israel-to-malfunction

https://www.darkreading.com/cyberattacks-data-breaches/mystery-hackers-texas-oilfield-supplier-ransomware-attack

https://www.wsj.com/articles/tsa-wants-to-expand-cyber-rules-for-pipelines-and-railroads-011b9d96?mod=cybersecurity_news_article_pos1

https://www.securityweek.com/debt-relief-firm-forth-discloses-data-breach-impacting-1-5-million-people/

https://www.securityweek.com/palo-alto-networks-expedition-vulnerability-exploited-in-attacks-cisa-warns/

https://www.securityweek.com/veeam-patches-high-severity-vulnerability-as-exploitation-of-previous-flaw-expands/

https://www.bleepingcomputer.com/news/security/malicious-pypi-package-with-37-000-downloads-steals-aws-keys/

https://www.darkreading.com/cyberattacks-data-breaches/fake-copyright-infringement-emails-rhadamanthys

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1  

✅ Important Links to Follow: 

👉Substack:

👉Listen here: https://linktr.ee/cyberhubpodcast   

Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/ 

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/ 

👉Twitter (X): https://twitter.com/cyberhubpodcast 

👉Instagram: https://www.instagram.com/cyberhubpodcast 

✅ For Business Inquiries:  info@cyberhubpodcast.com

=============================

About The CyberHub Podcast.

The Hub of the Infosec Community. 

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. 

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.

Discussion about this podcast

CISO Talk by James Azar
CyberHub Podcast
Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines and how these stories help keep practitioners sharp and ready.