The latest cybersecurity news from host and CISO James Azar:
Stress Management and Holiday Pressures: The host begins by acknowledging the stress associated with the holiday season and end-of-year workloads. He emphasizes the importance of appreciating moments with loved ones and managing stress effectively, especially for those in the field of cybersecurity.
Xfinity Cyber Attack - Citrix Bleed Exploitation: The podcast discusses a cyber attack on Xfinity, a major telecom provider, resulting from the exploitation of Citrix Bleed, a critical vulnerability. Despite prompt action to mitigate the issue, personal customer information may have been compromised.
VF Corp Ransomware Attack: VF Corp, the parent company of popular brands like North Face and Timberland, faced a ransomware attack. The incident led to the theft of sensitive corporate and personal data, with the company working to minimize disruptions during the critical holiday shopping season.
Mr. Cooper's Cybersecurity Breach: The mortgage company Mr. Cooper reported a significant cyber attack affecting 14.7 million customers. Compromised data includes sensitive information like social security and bank account numbers, raising serious concerns about financial fraud.
FBI Alert on Play Ransomware: The FBI issued a warning about the Play ransomware group, known for its double extortion methods. The group targets various organizations globally, exploiting vulnerabilities in systems rather than relying on phishing emails.
Microsoft Uncovers Perforce Helix Core Vulnerabilities: Microsoft discovered critical vulnerabilities in Perforce Helix Core servers, widely used in gaming, government, and technology sectors. The most severe flaw allows unauthenticated remote code execution.
Iranian Attacks on African Telecoms: Iranian attackers, known as Seed Worm or Muddy Water, have been actively targeting telecoms across Africa, primarily for espionage purposes. Their tactics include using simple tools and exploiting vulnerabilities and phishing emails.
Check Point Software's SEC Settlement Talks: Check Point Software is in talks with the SEC regarding its involvement in the SolarWinds Orion vulnerability probe. The investigation is examining whether Checkpoint had undisclosed knowledge about the hack, potentially impacting the cybersecurity industry at large.
The host concludes the podcast by reminding listeners of the importance of staying informed and vigilant in the ever-evolving landscape of cybersecurity.
Story Links:
https://www.securityweek.com/vf-corp-disrupted-by-cyberattack-online-operations-impacted/
https://www.securityweek.com/mr-cooper-data-breach-impacts-14-7-million-individuals/
https://thehackernews.com/2023/12/double-extortion-play-ransomware.html
https://thehackernews.com/2023/12/iranian-hackers-using-muddyc2go-in-new.html
https://www.cybersecuritydive.com/news/check-point-sec-settlement-solarwinds/702398/
Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel!
Apply now to be a featured partner on the show: https://www.cyberhubpodcast.com/contact
******
Listen here: https://linktr.ee/cyberhubpodcast
SubStack:
******
Website: https://www.cyberhubpodcast.com
Youtube: https://www.youtube.com/c/TheCyberHubPodcast
Rumble: https://rumble.com/c/c-1353861
Facebook: https://www.facebook.com/CyberHubpodcast/
Linkedin: https://www.linkedin.com/company/cyberhubpodcast/
Twitter: https://twitter.com/cyberhubpodcast
Instagram: https://www.instagram.com/cyberhubpodcast
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Share this post