James Azar kicks off this episode of the *CyberHub Podcast* with his signature "coffee cup cheers," highlighting a packed show featuring updates on TikTok, SEC settlements, multiple zero-day vulnerabilities, and emerging reports on the cybersecurity landscape.
Broadcasting live from Atlanta, GA, he encourages viewers to explore his latest Substack article comparing the cybersecurity policies of President Donald Trump and Vice President Kamala Harris, setting the tone for a deep dive into today’s key topics.
SEC Settlements on SolarWinds Breach Fallout
The SEC reached settlements with four tech companies—Avaya Holdings, Checkpoint, Mimecast, and Unisys—related to the SolarWinds breach. These companies were accused of misleading investors about the breach's impact. Unisys paid a $4 million penalty, while others paid around $1 million. Although these companies denied wrongdoing, Azar criticized the SEC's aggressive stance, arguing that victims of cybercrime should not be punished while real perpetrators evade justice.
TikTok Insider Threat
ByteDance, TikTok's parent company, fired an intern for allegedly sabotaging an AI training session, causing significant internal disruptions. While the company claims the damage was minimal insiders share with Azar the damage to the AI training models to be in the tens of Millions of Dollars. Azar emphasizes the importance of thorough background checks and alignment of employee values with company goals to prevent insider threats.
Action Item for Cybersecurity Pros
Implement stringent background checks and continuously monitor insider activity, particularly for employees with access to critical systems.
Samsung Mobile Vulnerability – CVE-2024-44068
Google's Threat Analysis Group (TAG) uncovered a zero-day vulnerability in Samsung mobile processors that could allow arbitrary code execution. This vulnerability, part of Samsung's October 2024 patch, impacts various Exynos processors. A warning has been issued to ensure immediate patching.
“An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920. A use-after-free in the mobile processor leads to privilege escalation,” a NIST advisory reads.
Action Item for Cybersecurity Pros
Prioritize patching the CVE-2024-44068 vulnerability across Samsung mobile devices to mitigate exploitation risks.
Microsoft SharePoint Vulnerability – CVE-2024-38094
CISA is warning of an active exploit and urging everyone to address a remote code execution vulnerability in Microsoft SharePoint (CVE-2024-38094) is actively being exploited. This issue allows an authenticated attacker to execute arbitrary code, posing a significant risk to organizations using SharePoint.
Action Item for Cybersecurity Pros
Apply the latest Microsoft patches and ensure that proper access control measures are in place to limit exposure.
“NotLockBit” Ransomware Targeting macOS
A new ransomware strain, dubbed "NotLockBit," is targeting macOS systems, mimicking the infamous LockBit malware. This is one of the first fully functional ransomware attacks designed for macOS, employing double extortion techniques and encryption strategies to lock users out of their data. The extension used is .abcd in this malware and its written in Go.
Action Item for Cybersecurity Pros
Monitor macOS environments for unusual activity, especially ransomware indicators. Partner with MDR/XDR teams to ensure comprehensive ransomware protection.
SANS 2024 ICS and OT Cybersecurity Report
SANS released its latest report on the state of operational technology (OT) and industrial control system (ICS) cybersecurity. While detection capabilities have improved, the lack of effective incident response plans remains a significant concern. Ransomware continues to impact critical infrastructure, with non-ransomware incidents on the rise.
Action Item for Cybersecurity Pros
Review and update incident response plans, especially in ICS/OT environments. Focus on cross-network vulnerabilities and prioritize safety alongside cybersecurity measures.
Russian DDoS Attacks on Japanese Industry
Russian hacking groups ZeroFiveSeven and Russian Cyber Army have launched DDoS attacks on Japanese logistics and shipbuilding firms. These attacks are seen as a response to Japan's increasing defense spending and military collaborations with regional allies.
Action Item for Cybersecurity Pros
Strengthen DDoS defenses, particularly for industries like logistics and manufacturing, which are critical to national infrastructure.
U.S. Cyber Command Overhaul
U.S. Cyber Command is set for a relaunch following an internal review. The study suggests the creation of a warfare innovation center, a talent management task force, and new recruitment models to ensure readiness in future cyber conflicts.
Action Item for Cybersecurity Pros
Stay informed on changes in government cybersecurity strategies, as these shifts may influence partnerships between public and private sector cyber teams.
Closing Thoughts
Azar wrapped up by encouraging cybersecurity professionals to stay vigilant, keep updated with the latest vulnerabilities and reports, and leverage these insights to inform their cybersecurity strategies. He emphasized the importance of engaging with the community through platforms like Substack for deeper analysis and discussion.
Actionable Summary for Cybersecurity Professionals:
Focus on accurate reporting and transparency regarding breaches.
Ensure background checks and security controls for insider threat mitigation.
Patch Samsung and Microsoft vulnerabilities immediately.
Increase ransomware detection efforts, especially for macOS environments.
Strengthen incident response plans in OT environments.
Prepare for DDoS attacks, especially in critical industries like logistics.
Follow developments in government cybersecurity strategies to anticipate future changes.
✅ Story Links:
https://www.securityweek.com/google-warns-of-samsung-zero-day-exploited-in-the-wild/
https://www.securityweek.com/cisa-warns-recent-microsoft-sharepoint-rce-flaw-exploited-in-attacks/
https://www.securityweek.com/notlockbit-ransomware-can-target-macos-devices/
https://www.bankinfosecurity.com/ics-detection-improves-response-still-lacking-a-26584
https://www.darkreading.com/cyberattacks-data-breaches/russia-linked-hackers-attack-japan-govt-ports
https://therecord.media/cyber-command-2-0-project-progress-military-congress
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
=============================
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post