In the final Cyber Hub podcast episode of 2023, host James Azar discussed significant cybersecurity incidents of the year, starting with a sophisticated attack on Apple devices.
Here's a summary of the key points discussed:
Apple's System on Chip Vulnerabilities Targeted: The episode highlighted a significant security breach involving Apple's system on chip. Kaspersky employees' iPhones were compromised using zero-day vulnerabilities, leading to the deployment of TriangleDB spyware. Apple has since released patches for these vulnerabilities.
Named "Operation Triangulation," this attack exploited a feature in Apple's system on a chip, bypassing protections and installing spyware on iPhones of senior Kaspersky employees. The malware, TriangleDB, was designed for stealth, involving multiple evasion tactics. Apple has since patched the vulnerabilities, but the incident raises serious questions about the exploitation of such hardware features.
Ransomware Bonanza: The podcast discussed various ransomware attacks impacting industries and individuals worldwide. Notable mentions include the disruption of emergency services in German hospitals by LockBit 3.0 and a breach at LoanCare, impacting 1.3 million individuals' personal information.
The Ohio Lottery Cyber Incident: The Ohio Lottery faced a cybersecurity incident with a ransomware group claiming to have stolen significant data. The incident led to operational disruptions, including limitations on cashing prizes over $599.
Rugami Malware Loader Surge: A new malware loader named Rugami has seen a surge in detections, distributing a range of information stealers. The malware is being sold as a service and has been observed exploiting various distribution methods.
Critical Zero Day in Apache Office ERP System: A zero-day vulnerability in the Apache office ERP system was discussed, highlighting the risks of authentication bypass in enterprise resource planning systems. A patch for this vulnerability has been released.
Underwater Communication Cables at Risk: The podcast touched upon geopolitical tensions impacting cybersecurity. It mentioned the threats to global underwater communication cables at the Bab el-Mandab Strait by Houthi rebels, underscoring the potential for widespread disruption in global communications and trade.
The episode concluded with a promise of a special broadcast to recap the significant events of 2023 and a look ahead, emphasizing the importance of being prepared for emerging cybersecurity challenges in 2024. James Azar reminded listeners to stay informed and cyber-safe.
Show Notes and Story Links:
https://thehackernews.com/2023/12/new-rugmi-malware-loader-surges-with.html
https://thehackernews.com/2023/12/critical-zero-day-in-apache-ofbiz-erp.html
https://www.calcalistech.com/ctechnews/article/rjqzsbdwp
Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel!
Apply now to be a featured partner on the show: https://www.cyberhubpodcast.com/contact
******
Listen here: https://linktr.ee/cyberhubpodcast
SubStack:
******
Website: https://www.cyberhubpodcast.com
Youtube: https://www.youtube.com/c/TheCyberHubPodcast
Rumble: https://rumble.com/c/c-1353861
Facebook: https://www.facebook.com/CyberHubpodcast/
Linkedin: https://www.linkedin.com/company/cyberhubpodcast/
Twitter: https://twitter.com/cyberhubpodcast
Instagram: https://www.instagram.com/cyberhubpodcast
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Share this post