In Other News: Gen Digital Makes $1B Buy, Recall Captures Sensitive Data, MITRE ATT&CK Evaluations

December 13, 2024 at 08:36AM SecurityWeek’s roundup highlights key cybersecurity stories, including China’s Salt Typhoon espionage revealing phone call recordings, WhatsApp’s fixed View Once feature, and Russia’s Secret Blizzard attacks in Ukraine. Notable developments include MITRE’s evaluations, Gen Digital’s $1 billion acquisition of MoneyLion, and Yahoo’s layoffs in its cybersecurity team. ### Key Takeaways from … Read more

Iranian Hackers Use IOCONTROL Malware to Target OT, IoT Devices in US, Israel

December 13, 2024 at 06:03AM A state-sponsored Iranian hacking group, CyberAv3ngers, has employed custom malware, IOCONTROL, to target IoT and operational technology devices in the U.S. and Israel. This malware exploits vulnerabilities in industrial control systems, leading to significant disruptions. The U.S. government offers a $10 million reward for information on the group. ### Meeting … Read more

Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites

December 12, 2024 at 05:30AM Threat actors are exploiting vulnerabilities in the Hunk Companion and WP Query Console WordPress plugins for backdoor access to websites. The Hunk Companion flaw (CVE-2024-9707) allows unauthorized plugin installation, while WP Query Console (CVE-2024-50498) poses a remote code execution risk. Administrators should update to Hunk Companion version 1.9.0 immediately. ### … Read more

Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug

December 11, 2024 at 05:52PM The US government has charged Chinese national Guan Tianfeng for allegedly hacking 81,000 Sophos firewall devices in 2020 using a severe zero-day vulnerability (CVE-2020-12271). An arrest warrant has been issued, and a $10 million reward is offered for information about him and his operations in China. ### Meeting Takeaways: 1. … Read more

Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation

December 11, 2024 at 05:48PM In the 2024 MITRE ATT&CK Evaluation, Cynet achieved 100% Detection Visibility and 100% Protection, marking a significant milestone. The evaluation highlights the importance of understanding the cybersecurity vendor landscape. Cynet’s effectiveness makes it a preferred choice for SMEs and MSPs seeking robust cybersecurity solutions. ### Meeting Takeaways from 2024 MITRE … Read more

Russian Turla hackers hit Starlink-connected devices in Ukraine

December 11, 2024 at 01:56PM Russian cyber-espionage group Turla, also known as “Secret Blizzard,” is targeting Ukrainian military devices via Starlink by leveraging infrastructure from other threat actors, like Storm-0156 and Storm-1837. Their operations involve deploying custom malware, including Tavdig and KazuarV2, to gather intelligence on military activities. ### Meeting Takeaways: Turla Cyber Operations Targeting … Read more

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

December 11, 2024 at 01:36PM Russian threat actor Secret Blizzard has been using malware, specifically the Amadey bot, to deploy the Kazuar backdoor on Ukrainian military systems. This marks their continued strategy to utilize other hackers’ access for espionage. Microsoft reports the group uses various cyberattack methods to obtain covert intelligence. ### Meeting Takeaways – … Read more

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

December 11, 2024 at 01:36AM The U.S. government charged Chinese national Guan Tianfeng for hacking thousands of Sophos firewalls in 2020, exploiting a severe zero-day vulnerability. He allegedly conspired to access and exfiltrate data, targeting critical U.S. infrastructure. Sanctions were imposed against his company, Sichuan Silence, linked to Chinese intelligence agencies. ### Meeting Takeaways from … Read more

Cybercrime Gangs Abscond With Thousands of AWS Credentials

December 10, 2024 at 11:21AM Cybercriminal gangs exploited public website vulnerabilities to steal AWS cloud credentials from numerous organizations, uncovered by researchers from CyberCyber Labs. The attackers, linked to groups Nemesis and ShinyHunters, misconfigured an AWS S3 bucket containing stolen data. AWS confirmed the incident was due to customer application flaws, not their systems. ### … Read more

Ongoing Phishing and Malware Campaigns in December 2024

December 10, 2024 at 05:12AM Cybersecurity threats are evolving, with ongoing zero-day attacks using corrupted files largely undetected, as seen in a recent analysis by ANY.RUN. Additionally, fileless malware and phishing tactics are on the rise. Utilizing advanced tools like ANY.RUN’s Interactive Sandbox helps organizations identify and analyze these threats effectively. ### Meeting Takeaways (Dec … Read more