🚨 Zscaler Data Breach, Ascension Cyber attack, LockBit is Back, Iran Targets Israel, F5 BIG-IP Flaw

Zscaler Responds to Alleged Data Breach

An intel broker, known for selling stolen data on cybercrime forums, claimed to have breached a major cybersecurity company, later identified as Zscaler. The hacker offered critical logs and credentials for $20,000 in cryptocurrency. Zscaler conducted an investigation and found no impact on customer or production environments, revealing that only an isolated test server was affected. The server did not contain customer data and was taken offline for forensic analysis.

Action Points:

1. Conduct comprehensive security audits to ensure test environments do not expose sensitive data.

2. Review and strengthen network isolation policies to limit unauthorized access.

Ascension Faces Cybersecurity Incident

Ascension, a major U.S. healthcare provider, took some systems offline after detecting unusual activity, impacting several services. Partners were asked to sever connections until further notice. The breach follows other recent healthcare attacks, raising concerns about cybersecurity readiness in the industry.

Action Points:

1. Review and improve incident response plans to minimize service disruption.

2. Implement network segmentation to limit potential damage from cyber threats.

Boeing and Wichita Targeted by LockBit Ransomware

LockBit ransomware attackers demanded a $200 million ransom from Boeing, which did not pay. Data was leaked, but Boeing worked with the FBI to investigate further. Meanwhile, the city of Wichita remains disrupted after a LockBit ransomware attack impacted public services, including water bill payments, public Wi-Fi, and libraries.

Action Points:

1. Enhance employee training to recognize phishing attacks that often lead to ransomware infections.

2. Implement offline backups and regularly test disaster recovery procedures.

Critical Vulnerability Found in TinyProxy Servers

A flaw in the TinyProxy service, used for small networks, could allow remote code execution (RCE) via a simple HTTP request. More than 57,000 servers remain vulnerable. Despite fixes being released, Cisco Talos criticized the vulnerability description as lacking useful details.

Action Points:

1. Update to the latest version of TinyProxy immediately.

2. Monitor network traffic for suspicious HTTP requests that may exploit the vulnerability.

Multiple Vulnerabilities Found in F5's Big IP Next Central Manager

Eclipsium identified five vulnerabilities in F5's Big IP Next Central Manager, with two receiving CVEs. Both vulnerabilities involve SQL injection, potentially allowing an attacker to execute malicious SQL statements.

Action Points:

1. Apply the latest F5 security updates to address known vulnerabilities.

2. Review access control policies to minimize exposure to potential attacks.

Poland Targeted by Russian APT28

Poland reported a large-scale malware campaign by APT28 (Fancy Bear), attributed to Russia's military intelligence. The attack followed a series of critical infrastructure hacks against NATO countries.

Action Points:

1. Strengthen cybersecurity defenses in critical infrastructure sectors to prevent espionage attempts.

2. Enhance cross-border information sharing among NATO countries for quicker incident detection and response.

Iran's Campaign to Sow Discord in Israel

Iran has been implicated in a three-year campaign to incite political discord in Israel. The group Emerald Divide exploited social tensions and the October 7 attack to undermine unity.

Action Points:

1. Increase public awareness of disinformation campaigns to prevent social manipulation.

2. Monitor social media for coordinated influence operations and report suspicious content to authorities.

Secure-by-Design Pledge by 70 Software Firm

70 software firms, led by CISA's Assistant Director Jen Easterly, pledged to incorporate secure-by-design principles in their products. Notable signatories include Microsoft, Google, AWS, Cisco, and IBM.

Action Points:

1. Implement secure coding practices throughout the software development lifecycle.

2. Encourage vendors to provide detailed security documentation and proactive vulnerability disclosures.

Stay tuned for more insights on tomorrow's episode, featuring Kristoff and James Azar at 11 a.m. ET!

✅ Story Links: 

https://www.securityweek.com/zscaler-investigates-hacking-claims-after-data-offered-for-sale/

https://www.bleepingcomputer.com/news/security/ascension-healthcare-takes-systems-offline-after-cyberattack/

https://cyberscoop.com/boeing-confirms-attempted-200-million-ransomware-extortion-attempt/

https://www.bleepingcomputer.com/news/security/city-of-wichita-breach-claimed-by-lockbit-ransomware-gang/

https://www.darkreading.com/cloud-security/critical-bug-50k-tinyproxy-servers-dos-rce

https://www.securityweek.com/f5-patches-dangerous-vulnerabilities-in-big-ip-next-central-manager/

https://therecord.media/poland-cyber-espionage-russia-gru

https://www.darkreading.com/threat-intelligence/three-year-iranian-influence-op-preys-divides-israeli-society

https://therecord.media/secure-by-design-companies-cisa-rsa

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1  

✅ Important Links to Follow: 

👉Website:

https://www.cyberhubpodcast.com

👉Substack:

CISO Talk by James Azar

The latest on Cybersecurity, Privacy, Technology & Geo-Politics and all from a practitioner and intel point of view

👉Listen here: https://linktr.ee/cyberhubpodcast   

✅  Stay Connected With Us.

👉Website: https://www.cyberhubpodcast.com

👉Rumble: https://rumble.com/c/c-1353861 

👉Facebook: https://www.facebook.com/CyberHubpodcast/ 

👉Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ 

👉Twitter (X): https://twitter.com/cyberhubpodcast 

👉Instagram: https://www.instagram.com/cyberhubpodcast 

✅ For Business Inquiries:  info@cyberhubpodcast.com

=============================

✅ Other Videos You Might Be Interested In Watching: 

👉 My thoughts on Israel from this morning's episode and the current state of cybersecurity attacks  

 

👉 A Deep Dive into the MGM Resorts Ransomware - An Inside look into the current FACTS  

 

👉 The Latest on the MGM Resorts Ransomware Attack & its impact on Vegas and Cybersecurity overall  

 

👉 What Does Omer Adam & Tel Aviv have to do with Cybersecurity? Find out on CISO Talk  

 

👉 Iran is targeting Israel using its proxies that are Hamas & Hizballah & using cyber-warfare  

 

 =============================

✅ About The CyberHub Podcast.

The Hub of the Infosec Community. 

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. 

Tune in to our series of podcasts that provide everything from highlighting CISO in our CISOTalk Podcast or our signature CyberHub Podcast giving you the latest news live daily.

For Collaboration and Business inquiries, please use the contact information below:

📩 Email:  info@cyberhubpodcast.com 

🔔 Make sure to subscribe and follow us on your favorite podcast-listening platform.

https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1 

=================================

#ransomware #cybersecurity #zeroday #dataprotection #russianhacking #cyberwar #cybernews

Disclaimer: We do not accept any liability for any loss or damage incurred from you acting or not acting as a result of watching any of our publications. You acknowledge that you use the information we provide at your own risk. Do your own research. 

Copyright Notice: This video and our YouTube channel contain dialogue, music, and images that are the property of The CyberHub Podcast. You are authorized to share the video link and channel and embed this video in your website or others as long as a link back to our YouTube channel is provided. 

© The CyberHub Podcast