📧 Secure Transmission: Your Latest Intel

Welcome to our November 29, 2024 edition of Secure Transmission! This week, as we celebrate Thanksgiving and approach the holiday season, we’re reflecting on the importance of gratitude, resilience, and staying vigilant in the ever-evolving cybersecurity landscape.

Explore our highlights, including insights into Redtail malware analysis, the implications of supply chain attacks leveraging npm packages, and the latest on APT-C-60’s advanced espionage tactics.

We’re also spotlighting some of the best Black Friday deals for cybersecurity enthusiasts and professionals. Check out the incredible offers curated in this InfoSec Black Friday repository. Whether you’re upgrading your tools or fortifying your defenses, now is the perfect time to invest in security.

As always, your weekly dose of actionable intelligence begins here—stay informed, stay secure, and happy holidays! 🎉

🛡️ Key Cybersecurity Threats

💻 New Cyber Threat Group Targets Global Critical Sectors
Earth Estries, a Chinese APT group, targets critical sectors with sophisticated malware and espionage techniques.

🌐 Phishing Campaign Targets OpenSea NFT Users
Attackers impersonate the OpenSea platform to steal cryptocurrency from victims’ wallets.

🚨 Emergence of Perfctl Malware Threatens Linux Servers
Perfctl malware bypasses security measures to exploit Linux servers for cryptocurrency mining and proxyjacking.

🔑 New Technique Combines RF Attacks and Software Trojans for Data Extraction
A novel method enables efficient data extraction using RF side-channel attacks combined with software Trojans.

📊 Study Examines Backdoor Attacks in Image Editing Models
Researchers highlight vulnerabilities in diffusion models, introducing TrojanEdit to explore backdoor threats.

⚠️ Notable Vulnerabilities

🔒 Microsoft Bing XSS Vulnerability Identified in Recent Research
A cross-site scripting (XSS) vulnerability in Bing could allow attackers to exploit interconnected Microsoft applications.

🛡️ Vulnerability CVE-2024-5830 Identified in Chrome’s V8 Engine
A type confusion vulnerability in Chrome’s V8 engine allows remote code execution and has been patched.

📊 Study Examines Vulnerabilities in Bloom Filter-Based PSI Protocols
Researchers expose risks in Bloom filter-based protocols, proposing strategies to reduce false positives.

🚨 Critical Vulnerability Identified in Apple’s Web Content Filter
A vulnerability in Safari’s content filter allows users to bypass Screen Time restrictions on Apple devices.

🔍 Study Reveals Security Vulnerabilities in Ethereum Nodes
Ethereum nodes face significant attack volumes, exposing flaws in peer-to-peer network security.

🕵️ Cybercrime Highlights

💻 Phishing Detection Systems Evaluated Against LLM-Rephrased Emails
Study highlights how LLM-rephrased phishing emails evade traditional detection systems, calling for improved measures.

🌐 Supply Chain Attack Discovered in @0xengine/xmlrpc Package
A malicious package was found to include cryptocurrency mining and sensitive data theft capabilities.

🚨 Trellix Identifies Malware Exploiting Security Software Vulnerabilities
Trellix discovers malware campaigns targeting kernel-level security software to disable protective measures.

🔑 Increase in Financial Fraud Linked to Online Services Growth
Financial fraud is on the rise, with attackers leveraging machine learning for sophisticated scams.

📊 Phishing Campaign Targets OpenSea NFT Users
Attackers impersonate OpenSea, targeting cryptocurrency wallets with fake websites to steal assets.

🔧 Tools this week

🛠️ AgentDojo Framework Assesses AI Agents’ Adversarial Robustness
AgentDojo provides a comprehensive suite to evaluate the adversarial robustness of AI agents against prompt injection attacks.

🔒 Guide to Securing Node.js Applications and Best Practices
A practical guide based on OWASP recommendations to enhance Node.js application security and prevent breaches.

🚀 K8s Pro Sentinel Introduces Enhanced Secret Management for Kubernetes
A new operator for Kubernetes improves the security and management of Secrets within clusters.

📊 Static Application Security Testing (SAST) in Software Development
SAST tools identify vulnerabilities in source code early in the software development lifecycle.

🔍 New Benchmark CS-Eval Introduced for LLMs in Cybersecurity
CS-Eval offers a comprehensive framework to evaluate the performance of LLMs in cybersecurity tasks.

📜 Policy Updates

🛡️ Study Reveals Shortcomings in Website Consent Revocation Practices
Many websites fail to comply with GDPR requirements for consent revocation, highlighting significant privacy concerns.

🔒 Analysis Reveals Impact of Third-Party Scripts on User Privacy
Restricting third-party script access improves privacy but compromises website functionality.

🚨 Decrease in Server Visibility Detected in Russia
A monitoring script finds a sharp decline in accessible servers, raising concerns about potential ISP filtering.

📊 Dataset Pruning and Privacy Risks in Machine Learning
Privacy concerns emerge as dataset pruning techniques reveal sensitive information in excluded data.

🔍 OWASP Updates Top 10 for LLM Applications and Generative AI
OWASP introduces updates to its Top 10 list for LLM applications, focusing on AI security and education.

🌐 Industry Insights

💼 AWSecure Entry System Enhances Cloud-Based Access Control
A cloud-based access control system leveraging AWS and Raspberry Pi enhances security and operational efficiency.

📊 Automation Enhances Data Protection Strategies for Businesses
Automation tools like RPA and machine learning are transforming data protection strategies in response to cyber risks.

🔍 Importance of Implementation Security Testing in Hardware Security
A call for standardization and collaboration in addressing vulnerabilities in hardware security testing.

🚀 New Framework Developed to Enhance Cybersecurity for Micro Businesses
SEANCE, a user-friendly threat modeling framework, aims to bolster cybersecurity for micro businesses.

🔒 E-commerce Businesses Prepare for Holiday Cybersecurity Challenges
As Black Friday approaches, e-commerce businesses face heightened risks of ransomware and other cyberattacks.

🎓 Education Spotlight

📚 Study Reveals Most Commonly Used Passwords in 2024
NordPass reveals “secret” as the most used password in 2024, emphasizing the need for better password practices.

🔍 Walkthrough of Hack The Box Capture The Flag Challenge
A detailed guide through a Hack The Box CTF challenge, covering scanning and exploitation techniques.

🚀 Poll Highlights Importance of Communication Skills in Cybersecurity
A survey of cybersecurity professionals underscores communication as a vital skill for industry success.

🔒 OWASP Updates Top 10 for LLM Applications and Generative AI
OWASP introduces updated guidance for LLM applications, advancing security education in generative AI.

🔑 Study Examines Cybersecurity Risks of AI Jailbreak Prompts
An exploration of AI jailbreak prompts’ risks, with strategies to counteract manipulation and enhance security.

🛠️ Tools

bandit 1.8.0 | Bandit is a tool designed to find common security vulnerabilities… | Major updates include removing Python 3.8 support, adding insecure cryptography ciphers, and dependency updates for enhanced compatibility.

chainloop v0.120.0 - v0.133.0 | Chainloop is an Open Source evidence store… | Enhancements include improved project and version queries, optimized workflows, and better database handling.

cloudformation-guard 3.1.2 | Guard offers policy-as-code for CloudFormation templates… | Updates include Amazon Linux 2023 runtime support, better writer error handling, and a VSCode development container.

cowrie v2.6.1 | Cowrie SSH/Telnet Honeypot… | Security enhancements include support for additional commands, dependency updates, and improved configuration descriptions.

faraday v5.9.0 | Open Source Vulnerability Management Platform… | Added configurable vulnerability retrieval limits, improved attachment validations, and fixed issues with multiple command deletions.

kanidm v1.4.3 | Kanidm: A simple, secure, and fast identity manager… | Updates include hardened transport handling, OAuth2 fixes, and server configuration improvements for better stability and usability.

mitmproxy v11.0.1 | An interactive TLS-capable intercepting HTTP proxy… | This release includes general bug fixes and updated TLS interception capabilities for enhanced performance.

ockam ockam_v0.142.0 | Orchestrate end-to-end encryption and cryptographic identity management… | Introduced enhanced support for Docker, precompiled binaries, and Homebrew installations.

prowler 4.6.0 | Open Source Security tool for AWS, Azure, and GCP… | Added new cloud security checks, expanded Azure coverage, and various fixes for improved multi-cloud operations.

SecObserve v1.22.4, v1.22.5 | Open Source vulnerability management solution… | Features include improved license group imports, better token refresh handling, and fixes for license policy filtering issues.

snallygaster 0.8.0 | A tool for detecting common security misconfigurations… | New release improves scanning efficiency, fixes regex patterns for better results, and adds new checks for misconfigured endpoints.

syft v0.78.0 | A CLI tool and Go library for generating SBOMs… | Key updates include expanded SBOM capabilities, better vulnerability scanning integrations, and dependency improvements.

tfsec 1.26.3 | Security scanner for Terraform configurations… | Added checks for AWS Lambda vulnerabilities, refined severity levels for clearer reporting, and fixed false positives in some modules.

trivy 0.43.1 | Vulnerability scanner for containers and other artifacts… | Updates include better SBOM support, more comprehensive package scanning, and improved false-positive reduction techniques.

wasmtime v7.1.0 | A fast and secure WebAssembly runtime… | Enhanced WASI support, fixed memory leaks, and added optimizations for faster module execution.

whatsapp-web.js v1.19.3 | A JavaScript library for interacting with WhatsApp Web… | Improved API stability, added new event hooks, and fixed security issues with WebSocket connections.

zaproxy 2.12.1 | ZAP is a free security scanner for web applications… | Enhanced alert tagging, added new active scan rules, and improved integration with CI/CD pipelines.

zig 0.11.0 | A general-purpose programming language and toolchain… | Introduced breaking changes in syntax, refined performance of the compiler, and improved error diagnostics.

Curated Links Payload

🧰 Tools Spotlight

Ionix launches Cloud Exposure Validator to enhance cloud security management. This tool integrates exposure management with cloud security platforms like Wiz and Palo Alto Networks to address alert fatigue and improve prioritization of critical vulnerabilities. Early users have reported significant operational efficiency improvements, making it a valuable addition for security teams handling complex cloud environments.

Dynamic analysis reveals phishing SVG file secrets. This practical technique demonstrates a secure, hands-on method for analyzing obfuscated phishing SVG files using a virtual machine. It’s especially valuable for defenders seeking safer ways to examine potentially harmful files while minimizing exposure to online threats.

Microsoft unveils Windows Recall in Insider Preview. Microsoft’s innovative Recall feature enables users to take “snapshots” of PC activity for local, searchable retrieval, backed by robust privacy measures like BitLocker and Windows Hello. While still in preview, it’s a promising tool for enhancing endpoint productivity and data security.

🩹 Vulnerabilities

Critical vulnerabilities in Veritas Enterprise Vault expose servers to remote code execution. Veritas Technologies disclosed multiple critical vulnerabilities in its Enterprise Vault software on November 15, 2024, with a CVSS v3.1 score of 9.8, indicating a high risk of exploitation. These vulnerabilities, affecting all supported versions from 15.1 to 14.0, stem from the deserialization of untrusted data in the .NET Remoting service, allowing attackers with Remote Desktop Protocol (RDP) access to execute malicious code remotely. Veritas has recommended several mitigation strategies, including restricting server access and ensuring proper firewall configurations, while a patch is expected in the third quarter of 2025. The vulnerabilities were reported by Trend Micro’s Zero-Day Initiative, emphasizing the need for robust security measures to protect organizational data.

Critical vulnerability discovered in 7-Zip allows remote code execution](https://www.zerodayinitiative.com/advisories/ZDI-24-1532/?ref=decrypt.lol). A newly identified integer underflow vulnerability (CVE-2024-11477) in 7-Zip’s Zstandard decompression implementation could enable remote attackers to execute arbitrary code on affected systems. The flaw arises from inadequate validation of user-supplied data, potentially leading to memory write issues. Users are advised to update to version 24.07, which addresses this security risk. The vulnerability was reported to the vendor on June 12, 2024, with a public advisory released on November 20, 2024. The discovery was credited to Nicholas Zubrisky of Trend Micro Security Research.

CISA warns of critical vulnerability in Array Networks AG and vxAG gateways. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw, tracked as CVE-2023-28461, to its Known Exploited Vulnerabilities catalog due to reports of active exploitation. This vulnerability, which has a CVSS score of 9.8, allows for remote code execution due to missing authentication. Array Networks released a patch in March 2023, and federal agencies are advised to apply it by December 16, 2024. The vulnerability has been exploited by the China-linked cyber espionage group Earth Kasha, which has targeted various international entities. Cybersecurity experts recommend organizations enhance their risk visibility and maintain strong patch management practices to mitigate potential threats.

High-severity macOS vulnerability allows local privilege escalation. Security researcher Gergely Kalman has identified a critical flaw in Apple’s MallocStackLogging framework, designated CVE-2023-32428, which has a CVSS score of 7.8. This vulnerability enables attackers to gain local privilege escalation on macOS systems by exploiting the framework’s ability to load into processes without special permissions. Despite Apple’s mitigations, such as secure flags and randomized log filenames, significant weaknesses remain, allowing attackers to redirect log file writes and manipulate privileged binaries. The flaw affects macOS Ventura 13.3 and earlier, but has been patched in macOS Ventura 13.4 and other platforms. Users are urged to update their devices to prevent exploitation. Kalman expressed disappointment over the $22,500 reward for his discovery, considering the severity of the vulnerability.

Critical flaw in ProjectSend under active exploitation. A severe security vulnerability in the ProjectSend open-source file-sharing application, identified as CVE-2024-11680 with a CVSS score of 9.8, is reportedly being exploited in the wild. Initially patched in May 2023, the fix was not officially released until August 2024. The flaw allows attackers to execute arbitrary PHP code on affected servers due to an improper authorization check, enabling sensitive actions like user registration and file upload manipulation. VulnCheck has noted that exploitation attempts began in September 2024, with only 1% of approximately 4,000 exposed servers running the latest patched version. Users are urged to update to the latest version immediately to protect against these active threats.

Significant security vulnerabilities found in Advantech EKI wireless access points. A recent analysis by Nozomi Networks revealed nearly two dozen vulnerabilities in Advantech’s industrial-grade wireless access points, with six classified as critical. These flaws could allow unauthenticated remote code execution with root privileges, compromising device security and enabling attackers to implant backdoors or trigger denial-of-service conditions. The vulnerabilities stem from improper handling of OS commands and missing authentication for critical functions. Successful exploitation requires physical proximity to the device, where an attacker can broadcast a rogue access point. Firmware updates have been released to address these issues, underscoring the importance of timely security patches in industrial IoT environments.

🛡️ Threats: Emerging Cybersecurity Risks

New insights into Linux malware from Redtail bash script analysis. The latest report details the analysis of a Redtail bash script that targets Linux systems, highlighting the use of password-protected zip files for malware distribution. The article includes associated files for download, such as packet captures (PCAP) that document web server scans and the infection process. Traffic analysis using Wireshark reveals the initial HTTP requests for the Redtail script and subsequent requests for an ELF file hosted on a specific IP address. This investigation provides valuable information for understanding the behavior and impact of the Redtail malware on Linux environments.

APT-C-60 targets Japanese organization with SpyGlace malware. A cyber espionage group known as APT-C-60 has been linked to a sophisticated attack on an unnamed organization in Japan, utilizing a job application-themed phishing email to deliver the SpyGlace backdoor. The attack, which occurred in August 2024, exploited a vulnerability in WPS Office and involved the use of legitimate services like Google Drive and Bitbucket to facilitate the malware’s deployment. The infection chain included a decoy document and a series of downloads that ultimately established a connection to a command-and-control server, allowing the attackers to execute commands and steal files. This incident highlights the evolving tactics employed by cybercriminals in the Asia region, particularly the use of virtual disks to bypass security measures.

Cybercriminals exploit Godot Engine in widespread malware campaign. A new malware campaign utilizing the Godot Engine has infected over 17,000 systems since June 2024, according to Check Point. The attackers leverage crafted GDScript code to execute malicious commands, evading detection by most antivirus software. The campaign employs a network of around 200 GitHub repositories and over 225 fake accounts to distribute the GodLoader malware, which targets Windows but can easily adapt to macOS and Linux. This incident highlights the risks associated with open-source platforms and the need for enhanced cybersecurity measures, as the malware’s cross-platform capabilities allow for widespread infection across various devices. Users are urged to download software only from trusted sources to mitigate these threats.

Malicious npm package exploits software supply chain vulnerabilities. Researchers from Checkmarx have uncovered a year-long software supply chain attack involving the npm package @0xengine/xmlrpc, which initially appeared as a benign library before incorporating malicious code. This code, introduced in version 1.3.4, is designed to steal sensitive data and mine cryptocurrency from infected systems. The malware collects information such as SSH keys and environment variables, exfiltrating it via services like Dropbox. The attack leverages both direct npm installations and hidden dependencies in legitimate repositories, highlighting the need for ongoing vigilance in software supply chain security. Additionally, Datadog Security Labs reported a related campaign targeting Windows users with counterfeit packages on npm and PyPI, further emphasizing the risks developers face from malicious actors.

Matrix botnet exploits IoT vulnerabilities for DDoS attacks. A threat actor known as Matrix has been linked to a large-scale distributed denial-of-service (DDoS) campaign that targets vulnerabilities in Internet of Things (IoT) devices, creating a disruptive botnet. This operation, described as a “do-it-all-yourself” approach to cyberattacks, primarily affects IP addresses in China and Japan, with financial motivations driving the attacks. Matrix exploits known security flaws and weak credentials in devices like IP cameras and routers, utilizing publicly available scripts and tools to deploy malware, including the Mirai botnet. The campaign is reportedly advertised as a DDoS-for-hire service via a Telegram bot, highlighting the need for improved security practices to mitigate such opportunistic attacks.

Understanding the latest multi-stage cyber attack scenarios. Multi-stage cyber attacks are increasingly sophisticated, employing tactics such as embedding malicious links in documents and using QR codes to mislead victims into revealing sensitive information. Attackers often utilize trusted domains for multi-stage redirects, complicating detection efforts by security tools. Email attachments, particularly those containing archives, remain a common vector for these attacks, allowing threat actors to conceal malicious payloads effectively. Tools like ANY.RUN’s interactive sandbox can analyze these threats, providing insights into their execution and helping organizations bolster their defenses against such complex cyber threats.

Russia’s “Operation Undercut” targets Western support for Ukraine. The U.S. government has identified a new Russian influence campaign, dubbed “Operation Undercut,” which aims to undermine support for Ukraine amid its ongoing conflict with Russia. This campaign, run by the Social Design Agency (SDA), also seeks to influence perceptions regarding the Middle East conflict, EU politics, and the 2024 U.S. presidential election. Researchers from Recorded Future’s Insikt Group noted that the campaign employs AI-generated videos and impersonates legitimate media to amplify anti-Ukraine sentiment and portray Western involvement as ineffective. Although initial engagement with the content has been limited, U.S. authorities are actively working to counter these efforts, having previously seized domains linked to similar campaigns.

🔓 Breaches: Recent Data Compromises

Massive credit card data breach exposes over 1.2 million cards. A significant data breach has resulted in the leak of sensitive financial information for more than 1.2 million credit cards on the dark web, raising alarms among cybersecurity experts. The leaked database, which includes cardholder names, numbers, expiration dates, CVV codes, and some billing addresses, is freely accessible, increasing the risk of exploitation for fraudulent activities and identity theft. This incident is considered one of the largest credit card breaches in recent years, affecting individuals globally. Experts advise those impacted to monitor their bank statements closely, enable transaction alerts, and consider using virtual credit cards for online purchases to mitigate risks.

Blue Yonder faces service disruption due to ransomware attack. The US-based supply chain SaaS vendor Blue Yonder has reported significant disruptions to its managed services following a ransomware incident on November 21. While the company is working with external cybersecurity firms to restore systems, it has not provided a timeline for when operations will resume. Customers, including major retailers like Morrisons and Sainsbury’s in the UK, are experiencing supply chain issues, with some reverting to backup processes. Starbucks has also reported difficulties with payroll and scheduling systems, although it continues to operate. The incident underscores the vulnerability of supply chains to cyberattacks, reminiscent of previous disruptions like the Colonial Pipeline attack, but it appears to have minimal impact on US Thanksgiving shopping.

International Game Technology suffers cyberattack, disrupting IT systems. International Game Technology (IGT), a leading gambling technology vendor, reported a cyberattack on November 17 that led to the disruption of its internal IT systems. In response, the U.K.-based company proactively took certain systems offline to mitigate the impact. While IGT has not disclosed the specifics of the attack or its overall effects, it is actively communicating with customers and implementing alternatives to ensure business continuity. This incident follows a series of ransomware attacks targeting the casino industry, prompting warnings from the FBI about vulnerabilities in vendor-controlled systems. IGT, which operates globally with approximately 10,500 employees, reported $43 million in net income on $587 million in revenue in Q3. The Nevada Gaming Control Board has not confirmed any impact on casino operations.

New York fines Geico and Travelers over $11 million for data leak. New York state regulators have imposed fines exceeding $11 million on Geico and Travelers due to a 2020 data breach that compromised the driver’s license numbers of approximately 120,000 residents. The breach facilitated fraudulent unemployment claims during the COVID-19 pandemic, with hackers exploiting poor data security practices. Geico will pay $4.75 million to the Attorney General and $5 million to the Department of Financial Services, while Travelers faces fines of $350,000 and $1.2 million, respectively. Both companies are required to enhance their data security measures, including regular system reviews and penetration tests, following warnings about vulnerabilities in their systems. This action is part of a broader effort by New York officials to hold companies accountable for inadequate consumer data protection.

New York secures $11.3 million settlement from insurance firms over data breaches. The State of New York has reached a settlement with GEICO and Travelers, totaling $11.3 million, due to inadequate data security practices that compromised the personal information of over 120,000 residents. New York Attorney General Letitia James emphasized the importance of robust cybersecurity measures, noting that the breaches facilitated fraudulent unemployment claims during the COVID-19 pandemic. GEICO will pay $9.75 million, while Travelers will contribute $1.55 million. Both companies have agreed to enhance their cybersecurity protocols, including implementing comprehensive security programs and maintaining better access controls. The breaches were linked to cyber-attacks on GEICO’s quoting tools and a compromised agent portal at Travelers, which lacked sufficient protective measures.

Ransomware attack disrupts Blue Yonder’s services ahead of Thanksgiving. Supply chain management software provider Blue Yonder experienced a ransomware attack that affected its managed services hosted environment, leading to operational issues for Morrisons, a U.K. grocery chain, particularly in its warehouse management system for fresh food and produce. Blue Yonder is collaborating with external cybersecurity experts to investigate the incident and has implemented measures to mitigate damage, although no estimated restoration time has been provided. Morrisons reported that it is currently relying on backup systems to maintain operations. The attack comes just before the Thanksgiving holiday, a critical period for retailers, and there is no known claim of responsibility or details on the data accessed during the breach.

🕵️‍♀️ Cybercrime: Unveiling the Latest Offenses

Spotify, Audible, and Amazon exploited for dubious forex trading promotions. Cybercriminals are misusing these platforms to promote fraudulent forex trading sites and pirated software through zero-second audio “podcasts” that rank high in search results. The scams include signal scams, pyramid schemes, and robot scamming, which can lead to significant financial losses for unsuspecting users. While forex trading itself is legitimate, the presence of unethical brokers and external scammers poses a risk. Users are advised to conduct thorough research, avoid platforms with dubious promotions, and be cautious of sharing personal information. Malwarebytes emphasizes the importance of cybersecurity and encourages users to protect their devices from such threats.

Former Verizon employee sentenced for espionage. Ping Li, a 59-year-old IT worker from Florida, was sentenced to four years in prison for sharing sensitive information with China’s Ministry of State Security (MSS). Li, who pleaded guilty to conspiring as an agent for China, leaked data about Chinese dissidents, cybersecurity incidents, and hacking events targeting U.S. companies. His activities date back to at least 2012, during which he communicated with MSS officers and provided information through anonymous accounts. Following his prison term, Li will face three years of supervised release and must pay a $250,000 fine. This case highlights ongoing concerns regarding Chinese espionage efforts targeting telecommunications firms in the U.S.

Kansas City man indicted for hacking to promote cybersecurity services. Nicholas Michael Kloster, 31, faces charges for allegedly breaching the computer networks of a health club and a nonprofit organization to market his cybersecurity expertise. The indictment details incidents from April and May 2024, where Kloster accessed sensitive systems, sent unsolicited emails to gym owners offering his services, and even manipulated his gym membership fee. He reportedly caused $5,000 in damages to the nonprofit after installing a VPN and changing passwords. Additionally, Kloster is accused of using stolen credit card information to buy hacking tools. If convicted, he could face up to 15 years in prison, along with fines and restitution for the victims.

Thai police arrest driver of van sending 1 million scam texts. Authorities in Bangkok apprehended a 35-year-old Chinese man for operating an SMS blaster that spammed nearly one million phishing texts over three days. The device, capable of sending 100,000 messages per hour, targeted residents with fraudulent messages claiming their points were about to expire, directing them to a phishing site impersonating Thailand’s largest mobile operator, AIS. The scam aimed to harvest credit card information for unauthorized transactions. Police are pursuing additional suspects linked to the fraud ring, which coordinated through private Telegram channels. AIS assisted in identifying the device’s location but has withheld specific methods to deter future spammers. Despite low success rates for phishing attempts, the high volume of messages can lead to substantial profits for scammers.

Banshee Stealer malware operation shuts down after source code leak. The cybercriminals behind Banshee Stealer, a macOS malware that was marketed for $3,000 a month, have reportedly ceased operations following the leak of its source code. The leak, which was reported by Vx-Underground, has raised questions about the identity and motives of the leaker. Banshee Stealer, believed to be developed by Russian threat actors, was designed to extract sensitive data from infected macOS devices, including passwords, system information, and cryptocurrency wallet data. It targeted multiple browsers and could steal extensive user information. Despite its shutdown, cybersecurity experts caution that the malware remains a significant threat due to its capabilities and the potential for its code to be repurposed.

INTERPOL’s Operation Serengeti leads to over 1,000 arrests in Africa. A coordinated effort by INTERPOL has resulted in the arrest of 1,006 suspects across 19 African nations and the dismantling of 134,089 malicious networks, targeting various cybercrimes including ransomware and online scams. Conducted from September 2 to October 31, 2024, the operation revealed that over 35,000 victims suffered financial losses nearing $193 million. Notably, authorities arrested eight individuals linked to a $6 million Ponzi scheme in Senegal, uncovering significant evidence of fraud. The operation also highlighted the growing sophistication of cybercrime in Africa, prompting INTERPOL to emphasize the importance of international collaboration in combating these threats.

🌐 Industry Highlights: Innovations & Investments

ANY.RUN announces Black Friday 2024 deals for cybersecurity tools. The company is offering time-limited promotions from November 25 to December 8, 2024, aimed at enhancing collaboration among cybersecurity professionals. Key offers include a “Hunter Plan” where purchasing one annual subscription grants a complimentary license for a colleague, and special bundles for the Enterprise Plan that provide additional licenses for free with bulk purchases. Current Enterprise users can also benefit from a 24-month renewal that includes six months of free service. Additionally, ANY.RUN is doubling search requests for its TI Lookup subscription, allowing users to maximize their threat intelligence capabilities. These deals are designed to support over 500,000 cybersecurity professionals in improving malware analysis and incident response.

Sysdig appoints William Welch as new CEO to drive growth in cloud security. William “Bill” Welch, a seasoned cybersecurity executive with experience at companies like Talkdesk, Duo Security, Zscaler, and Symantec, has been named Chief Executive Officer of Sysdig. His leadership is expected to enhance Sysdig’s position in the rapidly growing cloud-native application protection platform (CNAPP) market, projected to exceed $63 billion by 2028. Welch’s appointment comes as Sysdig aims to leverage its open-source project, Falco, which has become a standard for runtime threat detection. He plans to engage with Sysdig’s global network of customers and partners in his first 90 days, while outgoing CEO Suresh Vasudevan will continue as an independent adviser on the board.

MONITORAPP launches on-premises ZTNA appliance ‘AIZTNA’. The new appliance expands MONITORAPP’s offerings in response to the growing global demand for Zero Trust Network Access (ZTNA) solutions, particularly among hybrid workforces in sectors like government and finance. ‘AIZTNA’ provides robust security features, including identity-based access control, device verification, and micro-segmentation to enhance internal security. This on-premises solution complements MONITORAPP’s existing cloud-based AIONCLOUD Secure Remote Access, allowing organizations to customize their security measures while ensuring compliance and operational efficiency. CEO Kyle Lee emphasized the appliance’s potential to serve as a critical security asset for various industries, reinforcing the company’s commitment to comprehensive security solutions.

🏛️ Policy

U.S. establishes TRAINS Taskforce to address AI national security risks. The U.S. Department of Commerce’s AI Safety Institute has launched the Testing Risks of AI for National Security (TRAINS) Taskforce, uniting experts from various federal agencies, including Defense, Energy, and Homeland Security. This initiative aims to identify and manage the national security implications of rapidly evolving AI technologies, focusing on areas such as cybersecurity and conventional military capabilities. The Taskforce will facilitate coordinated research, develop new AI evaluation methods, and conduct joint risk assessments to ensure safe and trustworthy AI innovation. U.S. Secretary of Commerce Gina Raimondo emphasized the importance of this effort in maintaining American leadership in AI while safeguarding public safety and national security. The Taskforce is expected to expand its membership as it progresses.

Bipartisan senators propose new cybersecurity standards for healthcare. A group of US senators has introduced the Health Care Cybersecurity and Resiliency Act of 2024, which mandates multi-factor authentication and other minimum cybersecurity standards for American hospitals and healthcare organizations. The legislation aims to enhance coordination between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) and requires HHS to implement a cybersecurity incident response plan within a year. Additionally, breached entities must report the number of affected individuals and detail corrective actions taken. The bill also includes provisions for federal training on cybersecurity best practices and grants to improve security, particularly for rural clinics. This initiative follows significant cyberattacks that have disrupted healthcare services and compromised sensitive patient data.

U.S. Supreme Court allows class action lawsuit against Meta over Cambridge Analytica scandal. The Supreme Court’s recent decision permits a multibillion-dollar class action lawsuit to proceed against Meta, stemming from privacy violations linked to the Cambridge Analytica scandal. Investors allege that Meta’s failure to adequately disclose the misuse of user data led to significant financial losses when the extent of the violations became public, resulting in a drop in stock prices. Meta, which operates Facebook and Instagram, has expressed disappointment in the ruling and plans to continue its defense in the District Court. This lawsuit follows a previous $5 billion settlement with the Federal Trade Commission in 2019 regarding the same privacy issues.

Thank you for tuning in to this week’s edition of Secure Transmission! We’re grateful to have you as part of our community, and we hope this newsletter helps you navigate the ever-changing cybersecurity landscape with confidence.

Happy holidays from all of us at Secure Transmission—may your season be filled with peace, joy, and of course, secure systems!

We’re also on BlueSky! Connect with us @decryptlol.bsky.social.

If you found value in this week’s edition, consider sharing it with your colleagues and community. Stay vigilant, stay informed, and we’ll see you next week with more vital updates to keep you ahead of the curve. 🎄