In Other News: Gen Digital Makes $1B Buy, Recall Captures Sensitive Data, MITRE ATT&CK Evaluations

December 13, 2024 at 08:36AM SecurityWeek’s roundup highlights key cybersecurity stories, including China’s Salt Typhoon espionage revealing phone call recordings, WhatsApp’s fixed View Once feature, and Russia’s Secret Blizzard attacks in Ukraine. Notable developments include MITRE’s evaluations, Gen Digital’s $1 billion acquisition of MoneyLion, and Yahoo’s layoffs in its cybersecurity team. ### Key Takeaways from … Read more

Cleo patches critical zero-day exploited in data theft attacks

December 12, 2024 at 12:09PM Cleo has released urgent security patches for a zero-day vulnerability in its LexiCom, VLTransfer, and Harmony software, actively exploited in data theft attacks linked to the Termite ransomware gang. Customers are advised to upgrade to version 5.8.0.24 to enhance security and mitigate risks from these breaches. ### Meeting Takeaways 1. … Read more

No Doughnuts Today? Cyberattack Puts Krispy Kreme in a Sticky Situation

December 11, 2024 at 01:23PM Krispy Kreme confirmed a cyberattack that disrupted operations, including online ordering, referencing a “cybersecurity incident.” The company took immediate steps with cybersecurity experts to investigate and mitigate the impact. The incident, likely a data-extortion ransomware attack, is expected to materially affect business operations until resolved. ### Meeting Takeaways: Krispy Kreme … Read more

Lynx ransomware behind Electrica energy supplier cyberattack

December 11, 2024 at 11:30AM The Romanian National Cybersecurity Directorate has confirmed that the Lynx ransomware gang breached Electrica Group, a major electricity supplier. While the attack is under investigation, critical systems remain unaffected. Electrica is collaborating with cybersecurity authorities, and the directorate advises scanning for malware and not paying ransom demands. ### Meeting Takeaways: … Read more

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

December 11, 2024 at 09:42AM Cybersecurity researchers have identified an updated version of ZLoader malware, which now uses a DNS tunnel for communication. It features improved resilience against detection, interactive capabilities for attacks, and updates to evade analysis. ZLoader is increasingly linked to Black Basta ransomware, highlighting its role in facilitating cyberattacks. ### Meeting Takeaways … Read more

Cleo Vulnerability Exploitation Linked to Termite Ransomware Group

December 11, 2024 at 07:41AM The newly identified ransomware group Termite appears responsible for exploiting a vulnerability in Cleo’s file transfer software. This issue allows unauthorized file access and potential remote code execution, affecting around 1,700 servers, primarily in the US retail sector. Cleo plans to release a fix for the vulnerability soon. ### Meeting … Read more

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

December 11, 2024 at 01:36AM The U.S. government charged Chinese national Guan Tianfeng for hacking thousands of Sophos firewalls in 2020, exploiting a severe zero-day vulnerability. He allegedly conspired to access and exfiltrate data, targeting critical U.S. infrastructure. Sanctions were imposed against his company, Sichuan Silence, linked to Chinese intelligence agencies. ### Meeting Takeaways from … Read more

Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday

December 10, 2024 at 06:09PM Microsoft’s December 2024 Patch Tuesday introduces a significant security update addressing a Windows zero-day vulnerability (CVE-2024-49138) and 71 patches, bringing the year’s total to 1,020. Critical issues involve exploits in LDAP, Hyper-V, and RDP services, necessitating immediate action from security administrators to mitigate risks. ### Meeting Takeaways – December 2024 … Read more

Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

December 10, 2024 at 11:48AM Users of Cleo-managed file transfer software are urged to secure their systems due to exploitation of a remote code execution vulnerability (CVE-2024-50623). Despite patches, the issue persists, affecting products like Cleo Harmony and VLTrader. At least 10 companies have been compromised, with evidence of ransomware involvement. ### Meeting Takeaways – … Read more

US sanctions Chinese firm for hacking firewalls in ransomware attacks

December 10, 2024 at 11:40AM The U.S. Treasury sanctioned Sichuan Silence, a Chinese cybersecurity firm, and an employee for involvement in 2020 Ragnarok ransomware attacks on U.S. critical infrastructure. Guan Tianfeng exploited a zero-day vulnerability, compromising 81,000 firewalls globally, including over 23,000 in the U.S. A $10 million reward has been offered for information. **Meeting … Read more