Good Morning Security Gang!
Welcome to another episode of the CyberHub Podcast. We've got a packed show today, covering significant cybersecurity vulnerabilities, major corporate advisories, and some breaking industry news. Let's dive in.
Critical Security Vulnerability in Veeam Backup Enterprise Manager
Veeam has identified a critical security vulnerability (CVE-2024-29849) in their Backup Enterprise Manager. This flaw allows unauthenticated attackers to sign into any account via the web interface, posing a severe risk to users.
Action Points:
1. Immediate Update: Upgrade to VBEM version 12.1.2.172 to patch the security flaw.
2. Mitigation Steps: If upgrading isn't possible, disable the VBEM SVC and REST SVC services or uninstall VBEM using Veeam's instructions.
QNAP Systems Vulnerability
QNAP Systems has rolled out patches for several vulnerabilities in their NAS devices, including CVE-2024-27130, which can be exploited for remote code execution.
Action Points:
1. Update Firmware: Ensure all QNAP devices are updated with the latest firmware to protect against these vulnerabilities.
2. Review Security Settings Regularly audit and update security settings on QNAP devices to minimize exposure.
Breach in AWS Accounts via Bitbucket Artifacts
Threat actors have been breaching AWS accounts by exploiting authentication secrets leaked as plain text in Bitbucket artifact objects, as discovered by Mandiant.
Action Points:
1. Secret Management: Use specialized products designed for secret management instead of Bitbucket to handle sensitive information.
2. Audit and Monitor: Regularly audit Bitbucket repositories and monitor for any exposed sensitive data.
Rockwell Automation's Advisory on ICS Devices
Rockwell Automation has advised customers to disconnect ICS devices not designed for online exposure from the internet due to increasing malicious activity.
Action Points:
1. Disconnect Non-Essential ICS Devices: Remove unnecessary online connections for ICS devices.
2. Implement Secure Configurations: Ensure ICS devices that must remain online are configured securely and monitored continuously.
Chrome 125 Security Update
Google has released Chrome 125, addressing six vulnerabilities, including several high-severity bugs reported by external researchers.
Action Points:
1. Update Chrome: Ensure all instances of Chrome are updated to the latest version to benefit from the security fixes.
2. Enable Auto-Updates: Configure Chrome to automatically update to avoid missing critical patches.
Sophisticated Crypto Mining Campaign
A sophisticated crypto mining campaign, dubbed Ghost Engine, has been identified, utilizing vulnerable drivers to disable security products and deploy the XMR rig miner.
Action Points:
1. Monitor PowerShell Activity: Watch for suspicious PowerShell executions and unusual process activity.
2. Network Traffic Analysis: Analyze network traffic for connections to known crypto mining pools.
UK Proposes Mandatory Ransomware Reporting
The UK is proposing mandatory ransomware attack reporting and a licensing regime for ransom payments, aimed at critical national infrastructure.
Industry News and Updates
Kevin Mandia to Step Down as CEO of Mandiant
Kevin Mandia, founder and CEO of Mandiant, will step down in nine days but will continue to serve on the board of Google's public sector and in an advisory role.
That's it for today's episode. Be sure to subscribe, follow us on social media, and stay tuned for more updates. Stay cyber safe!
✅ Story Links:
https://www.securityweek.com/qnap-rushes-patch-for-code-execution-flaw-in-nas-devices/
https://www.securityweek.com/chrome-125-update-patches-high-severity-vulnerabilities/
https://therecord.media/uk-proposal-mandatory-reporting-ransomware-attacks
https://www.darkreading.com/cyberattacks-data-breaches/russia-turla-apt-msbuild-tinyturla-backdoor
https://therecord.media/philippines-hacktivist-groups-leaked-versions-ransomware
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Website:
https://www.cyberhubpodcast.com
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Website: https://www.cyberhubpodcast.com
👉Rumble: https://rumble.com/c/c-1353861
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉Linkedin: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
=============================
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our series of podcasts that provide everything from highlighting CISO in our CISOTalk Podcast or our signature CyberHub Podcast giving you the latest news live daily.
For Collaboration and Business inquiries, please use the contact information below:
📩 Email: info@cyberhubpodcast.com
Share this post