Good Morning, Everyone! Welcome to the CyberHub Podcast - Thanksgiving Edition
It’s the final show of the week, and as we gather for Thanksgiving, I want to start with a heartfelt "thank you" to this amazing CyberHub Podcast community. For nearly seven years, your support, emails, and messages on LinkedIn, X, YouTube, and beyond have made this journey worthwhile. I’m grateful to have you here as we navigate the latest in cybersecurity together.
Let’s dive into today’s packed lineup, but first, coffee cup cheers to you all—double espresso, Lavazza style. Let’s get started.
Summary of Stories Discussed on Today’s Episode
Emerging VPN Vulnerabilities
A new VPN attack targeting Palo Alto Networks and SonicWall VPNs has surfaced, utilizing a tool called Nacho VPN, developed by AmberWolf.
Key Points:
Nacho VPN exploits vulnerabilities in Palo Alto GlobalProtect and SonicWall SMA-100 NetExtender clients.
Attackers leverage social engineering to trick users into connecting to rogue VPN servers, leading to remote code execution and privilege escalation.
Patches have been issued by vendors, but exploitation requires local or subnet-level access.
Insider Threat: Former Verizon Employee Convicted
Ping Li, a former Verizon employee, was sentenced to four years in prison for sharing sensitive data with China’s intelligence agency over a decade.
Why It Matters:
Li’s case underscores the risks of insider threats in critical infrastructure breaches, such as the recent telco attack.
Insider leaks often enable attackers to bypass technical defenses.
Cybersecurity Funding Trends: Israel Leads the Way
Despite a global slowdown in venture funding, Israel’s cybersecurity startups continue to secure significant investments, even amid conflict.
Stats:
Stream Security raised $30 million in Series B funding.
Investments in Israel buck the global trend, which has seen reduced funding since Q4 2021.
Insight: Israel’s resilience highlights the importance of fostering innovation in cybersecurity, regardless of geopolitical challenges.
Banshee Stealer Shut Down After Source Code Leak
The developers of Banshee Stealer, a Mac OS-focused malware, ceased operations after the source code was leaked online.
Key Details:
Initially sold for $3,000/month, the malware targeted Mac OS users’ credentials, crypto wallets, and web data.
The leak disrupts the malware’s distribution, but raises concerns about potential repurposing of the code by other threat actors.
Operation Serengeti: Global Cybercrime Bust
Interpol’s Operation Serengeti dismantled cybercrime networks across 19 African countries, resulting in:
1,006 arrests.
134,089 malicious infrastructures taken down.
Recovery of $44 million in stolen funds.
Here are some highlights from the report, focused on law enforcement action on particular regions:
Kenya: Cracked a case of online credit card fraud linked to $8.6 million in losses; funds were stolen via fraudulent scripts and redirected through SWIFT to companies in the UAE, Nigeria, and China. Nearly two dozen arrests were made.
Senegal: Dismantled a $6 million Ponzi scheme affecting 1,811 victims; seized over 900 SIM cards, $11,000 in cash, phones, laptops, and victims’ ID cards. Eight individuals, including five Chinese nationals, were arrested.
Nigeria: Arrested a man running online investment scams, earning $300,000 through false cryptocurrency promises.
Cameroon: Disrupted a multi-level marketing scam trafficking victims from seven countries; victims were held captive and forced to recruit others to gain freedom. Group collected at least $150,000 in membership fees.
Angola: Dismantled an international group running a virtual casino in Luanda; defrauded hundreds by offering winnings for recruiting new members. 150 arrests were made, with 200 computers and over 100 mobile phones seized.
Project Send Vulnerability Exploited by Threat Actors
Unpatched vulnerabilities in the open-source Project Send file-sharing application are actively being exploited.
CVE Details: CVE-2022-31279 affects PHP pages with insufficient authorization checks, allowing attackers to execute code.
Patch Status: Available but not widely applied.
Next Steps: Audit and patch any instances of Project Send in your environment.
VMware and IBM Patch Multiple High-Severity Vulnerabilities
VMware: Addressed local privilege escalation flaws in its Aria Operations products.
Here are the details from VMware’s VMSA-2024-0022 bulletin:
CVE-2024-38830 – Local privilege escalation vulnerability (CVSS 7.8). Exploitable by actors with local administrative privileges to gain root access on the appliance.
CVE-2024-38831 – Local privilege escalation vulnerability (CVSS 7.8). Enables malicious commands via properties file modifications, allowing privilege escalation to root.
CVE-2024-38832 – Stored cross-site scripting vulnerability (CVSS 7.1). Allows script injection by users with editing access to views.
CVE-2024-38833 – Stored cross-site scripting vulnerability (CVSS 6.8). Permits malicious script injection through email templates.
CVE-2024-38834 – Stored cross-site scripting vulnerability (CVSS 6.5). Targets cloud provider editing functionality for script injection.
IBM: Fixed RCE vulnerabilities in its Data Virtualization Manager and Security SOAR platforms.
Both companies urge immediate patching to mitigate risks.
Australia’s Cybersecurity Legislation Passed
Australia’s newly passed Cybersecurity Act mandates:
On November 25, 2024, Australia enacted its first standalone Cyber Security Act, marking a significant advancement in the nation's cyber defense framework. citeturn0search4 This legislation introduces several key measures to enhance Australia's cyber resilience:
Mandatory Ransomware Payment Reporting: Certain businesses are now required to report any ransomware payments to the Department of Home Affairs and the Australian Signals Directorate within 72 hours. Non-compliance may result in penalties of approximately AUD $94,000.
Security Standards for Smart Devices: The Act empowers the government to mandate minimum cyber security standards for internet-connected devices, aiming to protect consumers from vulnerabilities associated with the Internet of Things (IoT).
Limited Use Obligation: Information voluntarily provided to the National Cyber Security Coordinator during cyber incidents is subject to restrictions on its use and disclosure, fostering greater trust between businesses and government agencies.
Cyber Incident Review Board: A new board has been established to conduct post-incident reviews of significant cyber security events, providing recommendations to improve future responses and resilience.
These initiatives are part of the broader 2023–2030 Australian Cyber Security Strategy, which aims to position Australia as a global leader in cyber security by 2030.
Minister for Cyber Security Tony Burke emphasized that the Act is "an important step in bringing Australia’s cyber laws into the 21st century," reflecting the government's commitment to safeguarding the nation's digital infrastructure.
Perspective: While ambitious, these reforms signal a step forward in Australia’s journey to becoming a global cybersecurity leader.
Action List
Update VPN Clients: Ensure all employees and systems are using patched versions of GlobalProtect, SonicWall, and other VPN software.
Enhance Insider Threat Monitoring: Implement behavioral analytics to detect and deter insider risks.
Invest in Cybersecurity Innovation: Look to markets like Israel for inspiration on sustaining funding in cybersecurity.
Prepare for Leaked Malware: Monitor threat intelligence for developments related to the Banshee Stealer source code leak.
Secure File Sharing Tools: Audit and patch open-source applications like Project Send.
Apply Patches Immediately: Address vulnerabilities in VMware, IBM, and other critical software.
Review Compliance with New Legislation: For those operating in or with Australian entities, ensure adherence to the new Cybersecurity Act requirements.
That wraps up today’s show! For the full transcript and action plan, visit JamesAzar.Substack.com.
Enjoy your Thanksgiving 🍗, stay cyber-safe, and see you next week!
✅ Story Links:
https://therecord.media/former-verizon-worker-sentenced-china
https://www.darkreading.com/application-security/israel-defies-downturn-security-funding
https://www.securityweek.com/source-code-of-3000-a-month-macos-malware-banshee-stealer-leaked/
https://www.securityweek.com/projectsend-vulnerability-exploited-in-the-wild/
https://www.securityweek.com/vmware-patches-high-severity-vulnerabilities-in-aria-operations/
https://www.bankinfosecurity.com/victims-must-disclose-ransom-payments-under-australian-law-a-26918
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
=============================
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post