Welcome to another episode of the CyberHub Podcast. Host and CISO James Azar brings you the latest updates from Hacker Summer Camp, recorded from Las Vegas.
Here are the key stories and action items from the episode:
Vulnerabilities in Microsoft Windows Update
Alon Leviev of SafeBreach Labs presented critical gaps in Microsoft's Windows update architecture at Hacker Summer Camp. Leviev demonstrated how attackers could perform software downgrade attacks, making fully patched Windows machines vulnerable to past exploits. This manipulation involved action list XML files, allowing bypasses of integrity verification and trusted installer enforcement.
Action Items:
Monitor for updates from Microsoft and apply mitigations to reduce risks.
FBI Warns About Royal Ransomware
The FBI issued a warning about the Royal ransomware, rebranded from BlackSuit, which has demanded over $500 million from victims. The group is believed to be a successor to the Conti cybercrime syndicate and has targeted various organizations, including the city of Dallas.
CrowdStrike Enhances Customer Control
Following an incident that crashed 8.5 million Windows devices, CrowdStrike is providing customers with more control over content updates for its Falcon sensor endpoint security technology. This move aims to prevent similar incidents in the future.
Action Items:
Review and adjust update settings to fit organizational needs.
Monitor CrowdStrike updates and implement recommended changes.
Vulnerable ICS Devices in the US
Census conducted an analysis revealing over 40,000 internet-exposed ICS devices in the US are vulnerable. These devices are primarily associated with building control and automation, with many hosted on wireless and consumer networks.
Action Items:
Secure and monitor internet-exposed ICS devices.
Work with customers to enhance the security of ICS devices.
Small Texas Town Water System Hack
A hacktivist group, Cyber Army of Russia Reborn, caused a water system overflow in a small Texas town by hacking into its control systems. This highlights the vulnerabilities in critical infrastructure.
Action Items:
Strengthen cybersecurity measures and conduct regular security audits.
Develop incident response plans for critical infrastructure attacks.
SEC Investigation into Progress Software
The SEC concluded its investigation into Progress Software's handling of the MoveIt transfer zero-day flaw, which exposed data of over 95 million people. No enforcement action will be recommended.
AWS Critical Vulnerabilities
AWS discovered six critical vulnerabilities in services like CloudFormation, Glue, EMR, SageMaker, Service Catalog, and CodeStar. These could lead to remote code execution, data exfiltration, AI model manipulation, and account takeovers.
Action Items:
Apply recommended mitigations and review security settings.
Monitor for updates from AWS and implement security best practices.
Ronin Network Security Incident
White hat hackers exploited an undocumented vulnerability in the Ronin Network bridge, withdrawing $12 million worth of Ethereum and USDC. They informed Ronin Network about the exploit and returned the funds.
Action Items:
Regularly audit and test for vulnerabilities.
Stay informed about platform security and updates.
Nexera Token Breach
Nexera suffered a breach with an alleged loss of $1.5 million worth of tokens. The company has paused its token contract and halted trading on decentralized exchanges.
Action Items:
Enhance security measures and communicate with exchanges to suspend trading activities.
Monitor for updates from Nexera and review security practices.
GAO Calls for EPA Cybersecurity Strategy
The GAO urged the EPA to develop a strategy to address rising risks of cyberattacks targeting the nation's drinking and wastewater systems.
State Department's $10 Million Bounty
The State Department announced a $10 million bounty for information on Iranian hackers linked to the IRGC.
Stay tuned for more updates from Hacker Summer Camp and beyond. Remember to subscribe, like, and share the CyberHub Podcast.
Stay cyber safe!
✅ Story Links:
https://www.securityweek.com/over-40000-internet-exposed-ics-devices-found-in-us-censys/
https://thecyberexpress.com/aws-vulnerabilities-black-hat-research/
https://thecyberexpress.com/nexera-crypto-hack-only-440k-only-stolen/
https://www.cybersecuritydive.com/news/federal-watchdog-epa-cyber-strategy/723427/
https://therecord.media/us-offers-reward-for-info-on-iranian-hackers-water-utilities
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
=============================
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post