CISO Talk by James Azar
CyberHub Podcast
Sophos Battle with China, Microsoft Warns Chinese Hackers use Quad7 Botnet, LLM Advance, Israel and US warn of Iran Cyber Threats
0:00
-15:59

Sophos Battle with China, Microsoft Warns Chinese Hackers use Quad7 Botnet, LLM Advance, Israel and US warn of Iran Cyber Threats

One day before Election Day, let’s dive into this packed CyberHub Podcast episode, covering the latest in cybersecurity.

Good Morning, Security Gang! Happy Monday, and welcome to November 4th, 2024!

It's a packed show today, and we’re diving right into a wave of critical cybersecurity stories impacting industries around the world. With Election Day just around the corner, especially here in the battleground state of Georgia, we're all feeling the non-stop alerts and notifications. But let's set that aside for a moment—grab your coffee, double espresso, or whatever gets you going, and join us for today’s insights.

We’ve got a lot to cover: from China’s persistent efforts to infiltrate cybersecurity companies like Sophos and their relentless attacks on internet-facing devices, to the increasing sophistication of the Quad-7 botnet targeting SOHO routers, and major breakthroughs as large language models assist in vulnerability detection. Plus, there’s fresh intel on the ever-creative exploits being used to compromise SharePoint, critical vulnerabilities in industrial automation, and a DDoS-for-hire crackdown in Germany.

There’s a lot to unpack, so stay tuned as we explore these developments and share actionable steps to stay secure in today’s volatile cyber landscape. Grab your cup, and let’s get started!

Sophos vs. Chinese APTs: A Year-Long Showdown

Sophos has revealed a year-long cyber “cat-and-mouse” saga with Chinese government-backed hacking groups. These threat actors exploited multiple vulnerabilities to target Sophos’ infrastructure since 2018, including their Indian satellite office, which they accessed via a compromised wall-mounted display. Using custom tools like the “Termite” rootkit and various trojanized files, these attackers showed an ability to adapt and escalate tactics. Sophos countered with a unique implant that allowed the tracking of sophisticated exploits and even involved collaboration with the Netherlands’ National Cybersecurity Center.

The FBI is now requesting public help to identify these attackers, including groups like APT-41 and APT-31. The bureau advises using secure channels like Signal, WhatsApp, and Telegram for communication.

Microsoft Uncovers Chinese Quad-7 Botnet Targeting Routers

Microsoft warns of the “Quad-7” botnet, which utilizes hacked small office/home office (SOHO) routers to conduct password-spraying attacks. Microsoft observed Chinese threat actors using the botnet for credential theft in a covert, minimal-attempt pattern to avoid detection. This campaign specifically targets routers from TP-Link, ASUS, and others, deploying malware to maintain remote access and steal login details.

Google’s AI Discovers Critical Vulnerability in SQLite

In a major win for AI in cybersecurity, Google’s large language models identified a critical SQLite vulnerability. The exploit, which was addressed promptly, is the first public case of an AI tool discovering an unknown memory safety issue in real-world software. This success demonstrates AI's potential for companies with extensive legacy codebases, offering a promising avenue for cost-effective vulnerability detection and remediation.

Share

SharePoint Vulnerability CVE-2023-29357 Exploited in the Wild

Microsoft’s SharePoint platform faces critical vulnerability CVE-2023-29357, actively exploited to facilitate lateral movement and network breaches. Though patched in July, Rapid7 recently reported seeing the flaw used to compromise entire domains. Organizations are urged to ensure this CVE is addressed to prevent unauthorized access.

Mitsubishi and Rockwell Automation Vulnerabilities

Factory automation software from Mitsubishi Electric and Rockwell Automation has revealed critical vulnerabilities, including CVE-2023-6943 and CVE-2023-9.8. Exploits could lead to remote code execution and device tampering, posing risks to essential manufacturing systems. Organizations using these products should prioritize these updates for network protection.

Iran’s Eminent Pasargad Threat Group Targets Surveillance Systems

Iran-linked group Eminent Pasargad, rebranded as “Araya Sapphire,” is intensifying cyber-attacks on surveillance camera systems, particularly in Israel, Gaza, and Iran. The group uses AI for fake identities and voice modulation, complicating attribution. This activity underscores the growing intersection of AI and state-sponsored cyber activities.

LastPass Chrome Extension Scams

LastPass is battling scammers who are exploiting the review section of its Chrome extension by posting fake customer support numbers. Users who call these numbers are tricked into providing remote access, compromising their accounts. The attackers target a range of services, including Amazon, Netflix, and PayPal. Users are reminded to verify support contacts directly through company websites.

German Police Dismantle DDoS-for-Hire Platforms

In a crackdown on DDoS-for-hire operations, German police have shut down the platform Dstat.cc and arrested two individuals. This action, part of an international “Operation Power Off” effort, seizes the infrastructure behind DDoS and illegal drug marketplaces, curbing resources for hacktivists and cybercriminals.

Action Items from today’s episode:

  1. Monitor Zero-Day Threats: Ensure vigilance against zero-day vulnerabilities, especially for systems facing internet exposure.

  2. Patch Vulnerabilities: Immediately apply patches for Microsoft SharePoint, Mitsubishi Electric, and Rockwell Automation CVEs to secure critical assets.

  3. Secure SOHO Routers: For companies with remote employees, secure all SOHO routers and consider password-spraying prevention tactics.

  4. Leverage AI for Cybersecurity: Investigate using AI to analyze legacy code for vulnerabilities.

  5. Verify Support Channels: Encourage users to confirm customer service contact info on official websites to avoid scams.

  6. Collaborate with Authorities: Support the FBI and other agencies in tracking cyber threats through secure communication methods.

  7. Deter DDoS Attacks: Strengthen defenses against DDoS attacks as law enforcement agencies continue to target DDoS-for-hire services.

Stay vigilant and cyber-safe! Don’t forget to vote tomorrow, and we’ll be back with the latest updates.

Leave a comment

✅ Story Links: 

https://www.securityweek.com/sophos-used-custom-implants-to-surveil-chinese-hackers-targeting-firewall-zero-days/

https://www.securityweek.com/fbi-seeking-information-on-chinese-hackers-targeting-sophos-firewalls/

https://www.bleepingcomputer.com/news/security/microsoft-chinese-hackers-use-quad7-botnet-to-steal-credentials/

https://therecord.media/google-llm-sqlite-vulnerability-artificial-intelligence

https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-rce-bug-exploited-to-breach-corporate-network/

https://www.darkreading.com/vulnerabilities-threats/critical-auth-bugs-smart-factory-cyberattack

https://www.securityweek.com/us-israel-describe-iranian-hackers-targeting-of-olympics-surveillance-cameras/

https://www.bleepingcomputer.com/news/security/lastpass-warns-of-fake-support-centers-trying-to-steal-customer-data/

https://therecord.media/german-police-arrest-two-ddos-for-hire-platform

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1  

✅ Important Links to Follow: 

👉Substack:

👉Listen here: https://linktr.ee/cyberhubpodcast   

Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/ 

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/ 

👉Twitter (X): https://twitter.com/cyberhubpodcast 

👉Instagram: https://www.instagram.com/cyberhubpodcast 

✅ For Business Inquiries:  info@cyberhubpodcast.com

=============================

About The CyberHub Podcast.

The Hub of the Infosec Community. 

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. 

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.

Discussion about this podcast

CISO Talk by James Azar
CyberHub Podcast
Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines and how these stories help keep practitioners sharp and ready.