CybersecurityHQ News Roundup - December 19, 2024

News By Daniel Michan Published on December 19, 2024

CISA Releases Mobile Security Guidance After Chinese Telecom Hacking

The Cybersecurity and Infrastructure Security Agency (CISA) has issued comprehensive mobile security guidance aimed at protecting senior government officials and political figures from sophisticated espionage campaigns, such as those linked to the China-based Salt Typhoon group. The recommendations emphasize the use of encrypted messaging apps like Signal, hardware-based MFA, and the latest device firmware updates to mitigate threats. The guidance is accessible to the public and includes specific security configurations for iOS and Android devices. Learn more from CISA.

Ukrainian Raccoon Infostealer Operator Sentenced to Five Years in US Prison

Mark Sokolovsky, a Ukrainian national behind the Raccoon Infostealer malware, has been sentenced to 60 months in prison in the US. Operated as malware-as-a-service, Raccoon Infostealer facilitated the theft of over 50 million credentials through phishing campaigns. Sokolovsky also agreed to $910,000 in restitution as part of his plea agreement. This case highlights the risks posed by readily available cybercrime tools. Read more at DOJ.

Cisco to Acquire Threat Detection Startup SnapAttack

Cisco announced plans to acquire SnapAttack, a cybersecurity company specializing in threat detection engineering and intelligence, to enhance its Splunk security products. This acquisition will empower organizations to proactively identify and respond to evolving threats. SnapAttack, which spun out of Booz Allen Hamilton in 2021, marks another step in Cisco's security expansion after its recent acquisitions of Robust Intelligence and Splunk. Details here.

Fortinet Patches Critical FortiWLM Vulnerability

Fortinet has issued patches for a critical vulnerability (CVE-2023-34990) in its FortiWLM wireless management system. Exploitation could allow unauthorized remote code execution. Impacted versions include 8.6.0-8.6.5 and 8.5.0-8.5.4. Users are urged to update to the latest versions, 8.6.6 or 8.5.5, to mitigate the risk. See Fortinet's advisory.

SandboxAQ Raises $300M at a $5.3B Valuation

SandboxAQ, an Alphabet spinoff leveraging AI and quantum technologies, has secured $300 million in funding. With applications in cybersecurity, cryptography, and navigation, SandboxAQ is positioning itself as a leader in quantum-secure solutions. Its cryptographic management platform, AQtive Guard, addresses both current and future quantum threats. Explore more.

Chrome 131 Update Resolves High-Severity Memory Bugs

Google has rolled out updates for Chrome, addressing five vulnerabilities, including high-severity memory safety flaws in its V8 JavaScript engine. With bounties as high as $55,000 paid to researchers, Google continues transitioning parts of Chrome’s codebase to Rust, further enhancing security. Users are advised to update their browsers immediately. Read Google’s release.

Juniper Routers Targeted by Mirai Botnet

Juniper Networks has disclosed that its session smart routers using default passwords have been compromised by the Mirai botnet. The malware exploited weak credentials to launch DDoS attacks. Juniper advises immediate password changes, system reimaging, and implementation of robust security practices. More from Juniper.

Malicious npm Libraries Downloaded Thousands of Times

Cybercriminals are deploying typosquatted npm packages, impersonating popular tools like TypeScript and Node.js libraries. These malicious packages deliver trojans and secondary payloads, targeting developers in supply chain attacks. Developers are urged to verify package authenticity before installation. Full analysis at Sonatype.

Dutch DPA Fines Netflix €4.75M for GDPR Violations

The Dutch Data Protection Authority has fined Netflix €4.75 million for failing to provide sufficient transparency about its data practices between 2018 and 2020. Violations included unclear disclosures about data sharing and retention. Netflix has since updated its policies but is contesting the fine. Read the decision.

Chinese Cybersecurity Center Accuses US of Tech Espionage

China's cybersecurity agency has accused the US of cyberattacks on research institutions and tech companies. Allegations include exploiting Microsoft Exchange vulnerabilities and deploying Trojan malware to steal sensitive data. This comes amid rising tensions over cybersecurity policies between the two nations. Learn more.

Retailers Face Increased Cyber Threats During Holidays

With cyberattacks on retailers peaking during the holiday season, threats like phishing, ransomware, and fake websites are on the rise. Experts recommend strengthening IT infrastructure, enforcing employee training, and implementing multi-factor authentication to safeguard operations. VikingCloud report.

Milestone Patches Hikvision Driver Vulnerability

Milestone has released patches for a vulnerability in Hikvision drivers integrated with XProtect that stored login credentials in plaintext logs. Users are urged to update to the latest version of XProtect Device Pack to eliminate risks. Advisory here.