Top of the morning security gang. Welcome to another episode of the CyberHub Podcast. Today’s episode is pre-recorded due to a tight travel schedule, but we have plenty to discuss. Don’t forget to subscribe on your favorite podcast platform
North Korean Threat Actor Moonstone Sleet
Microsoft has identified a new North Korean threat actor, Moonstone Sleet, previously known as Storm1789. This state-sponsored group targets education, defense, industrial-based software, and IT organizations for espionage and revenue generation. Moonstone Sleet combines tactics used by other North Korean threat actors with unique methodologies, establishing itself as a formidable adversary. They have created fake companies and job opportunities to engage potential targets and employ Trojanized versions of legitimate tools, custom malware, and ransomware.
Action Points:
1. Awareness and Training: Organizations should educate HR and employees on recognizing suspicious job offers and potential insider threats.
2. Network Security: Implement advanced threat detection and response measures to identify and mitigate custom malware and ransomware attacks.
OpenAI Forms New Safety and Security Committee
OpenAI has announced the formation of a new safety and security committee led by company directors Brett Taylor, Adam D'Angelo, Nicole Sligman, and CEO Sam Altman. The committee will evaluate and develop safety measures and security decisions for OpenAI projects over the next 90 days, following criticisms of underinvestment in AI safety.
Action Points:
1. Follow Updates: Keep an eye on OpenAI’s recommendations and implementations for AI safety and integrate similar measures where applicable.
2. Engage Stakeholders: Ensure that all stakeholders, including developers and users, are aware of and comply with enhanced AI safety protocols.
Fortinet Command Injection Vulnerability
Urgent Patch Required for Critical Vulnerability, a command injection vulnerability in Fortinet’s SIEM solution, CVE-2024-23108, has been exploited, enabling remote code execution as root without authentication. Despite a patch released in February, many devices remain unpatched, posing significant risks.
Action Points:
1. Immediate Patching: Fortinet customers should urgently patch their systems to mitigate this critical vulnerability.
2. Regular Updates: Implement a regular update and patch management schedule to ensure all systems remain secure.
Malicious Android Apps on Google Play Store
Over 90 malicious Android apps, including the Antassa banking trojan, have been found on the Google Play Store, with over 5.5 million installations. These apps target financial institutions across Europe, the US, UK, and Asia, stealing e-banking credentials.
Action Points:
1. App Vetting: Users should be cautious when downloading apps and use reputable security software to scan for malware.
2. Bank Security: Financial institutions should enhance security measures and educate customers on recognizing and avoiding malicious apps.
Netflix Bug Bounty Program Success
Netflix has paid over $1 million in rewards since launching its bug bounty program in 2016. With nearly 8,000 vulnerability reports submitted by 5,600 researchers, Netflix continues to enhance its security by addressing critical vulnerabilities.
Action Points:
1. Participate in Bug Bounty Programs: Encourage security researchers to participate in bug bounty programs to identify and mitigate vulnerabilities.
2. Continuous Improvement: Regularly review and update security measures based on vulnerability reports and recommendations.
BreachForums Resurrected
BreachForums, dismantled by a U.S.-coordinated law enforcement action, has resurfaced nearly two weeks later. The new site is selling a 1.3 terabyte database of Ticketmaster customer details, raising concerns about a potential FBI honeypot.
Action Points:
1. Monitor Dark Web Activity: Regularly monitor dark web marketplaces for potential breaches related to your organization.
2. Data Protection: Implement robust data protection measures to prevent unauthorized access and breaches.
Cybercrime Indictments: Legal Actions Against Cybercriminals
Evgeny Doroshenko, a Russian national, has been indicted for wire and computer fraud, acting as an initial access broker. Meanwhile, Malachi Mullings from Georgia has been sentenced to 10 years for laundering over $4.5 million through BEC schemes and romance scams.
That’s it for today’s episode. We’ll be back tomorrow at 9 a.m. Eastern with the latest cybersecurity updates. Stay cyber safe!
✅ Story Links:
https://www.securityweek.com/netflix-paid-out-over-1-million-via-bug-bounty-program/
https://thehackernews.com/2024/05/breachforums-returns-just-weeks-after.html
https://thehackernews.com/2024/05/us-sentences-31-year-old-to-10-years.html
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Website:
https://www.cyberhubpodcast.com
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Website: https://www.cyberhubpodcast.com
👉Rumble: https://rumble.com/c/c-1353861
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉Linkedin: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our series of podcasts that provide everything from highlighting CISO in our CISOTalk Podcast or our signature CyberHub Podcast giving you the latest news live daily.
Share this post