CybersecurityHQ News Roundup - December 22, 2024

News By Daniel Michan Published on December 22, 2024


Botnet of 190,000 BadBox-Infected Android Devices Discovered

Bitsight has uncovered a botnet consisting of over 190,000 Android devices infected with BadBox malware. The malware, likely introduced through supply chain compromises, targets devices such as Yandex smart TVs and Hisense smartphones, with infections concentrated in Russia, China, and India. BadBox enables threat actors to deploy residential proxying, ad fraud, and remote code installations. The finding underscores the importance of selecting trusted brands to safeguard consumer data. Read more.

Ransomware Group Claims Theft of Personal, Financial Data From Krispy Kreme

The Play ransomware group has taken responsibility for a cyberattack on Krispy Kreme, claiming the theft of IDs, payroll data, and financial information. The group is threatening to leak the stolen data if the company does not pay a ransom by December 21. Krispy Kreme operations are partially disrupted, with online ordering affected in the U.S. This highlights the need for robust ransomware defenses in retail. Details here.

Another NetWalker Ransomware Affiliate Gets 20-Year Prison Sentence in the U.S.

Romanian national Daniel Christian Hulea has been sentenced to 20 years for his role as a NetWalker affiliate, extorting over $21.5 million from organizations globally. Hulea’s sentencing follows a broader law enforcement effort to dismantle ransomware networks, signaling serious consequences for cybercriminals worldwide. Full story.

CISA Urges Immediate Patching of Exploited BeyondTrust Vulnerability

CISA has added CVE-2024-12356, a critical vulnerability in BeyondTrust products, to its Known Exploited Vulnerabilities list. The command injection flaw can enable remote code execution. BeyondTrust has released patches, and federal agencies are mandated to secure their systems by December 27. Patch details.

Rockwell PowerMonitor Vulnerabilities Allow Remote Hacking of Industrial Systems

Rockwell Automation has patched critical flaws in its PowerMonitor 1000 product, which could allow attackers to remotely disrupt industrial operations. Vulnerabilities include a takeover exploit and denial-of-service risks. Immediate firmware updates are advised to mitigate potential threats. Learn more.

How to Implement Impactful Security Benchmarks for Developers

Open-source vulnerabilities remain a significant challenge, with 77% of codebases relying on open-source components. Organizations are encouraged to establish robust security benchmarks, align developer training with business goals, and adopt agile learning models to mitigate these risks effectively. Read more.

CISA Releases Mobile Security Guidance After Chinese Telecom Hacking

CISA has issued mobile security guidelines following telecom hacks linked to China’s Salt Typhoon group. Recommendations include enabling encrypted messaging, phishing-resistant MFA, and device security features like Lockdown Mode for iPhones. These measures are particularly aimed at high-risk individuals in government and critical industries. Full guidance.

Ukrainian Raccoon Infostealer Operator Sentenced in the U.S.

Ukrainian national Mark Sokolovsky has been sentenced to five years in prison for distributing Raccoon Infostealer malware. The operation, dismantled in 2022, was part of a malware-as-a-service (MaaS) scheme that stole millions of credentials. Details.

Cisco to Acquire Threat Detection Company SnapAttack

Cisco has announced plans to acquire SnapAttack to enhance Splunk’s detection engineering and threat intelligence capabilities. This move aims to strengthen Cisco’s cybersecurity offerings, particularly in threat hunting and SIEM modernization. Learn more.

Fortinet Patches Critical FortiWLM Vulnerability

Fortinet has issued patches for CVE-2023-34990, a severe path traversal vulnerability in FortiWLM, which could allow attackers to execute arbitrary code. Users are urged to update to secure their networks. Patch details.

Telegram’s Algorithms Promote Extremist Content, Researchers Say

A report from the Southern Poverty Law Center (SPLC) reveals Telegram’s recommendation algorithms amplify extremist content, including neo-Nazi and conspiracy propaganda. The findings highlight the platform's role in fostering radicalization. Read report.

Mastercard Finalizes $2.6B Acquisition of Recorded Future

Mastercard has completed the acquisition of Recorded Future to bolster its AI-driven threat intelligence capabilities. The $2.6 billion deal underscores Mastercard’s commitment to securing digital payment ecosystems. More details.

Rspack npm Packages Compromised With Crypto Mining Malware

The developers of Rspack have revealed that two npm packages were compromised, enabling crypto-mining malware installations. Developers are advised to update to the latest versions and implement stronger security measures to prevent similar supply chain attacks. Read more.

Sophos Issues Hotfixes for Critical Firewall Flaws

Sophos has patched three critical vulnerabilities in its firewall products that could lead to remote code execution. Administrators are advised to apply hotfixes immediately to secure systems against exploitation. Learn more.

Ukraine’s State Registers Hit by Major Russian Cyberattack

Russian hackers have targeted Ukraine’s state registers in one of the largest cyberattacks in recent months. The breach disrupted critical services, with sensitive data at risk. Ukrainian authorities are investigating the attack, suspected to be linked to Russia’s military intelligence agency, GRU. Full story.

Chainalysis: $2.2 Billion Stolen From Crypto Platforms in 2024

Crypto platform thefts have surpassed $2.2 billion in 2024, with North Korean groups leading the charge, accounting for $1.34 billion of the total. These attacks highlight the escalating sophistication of state-sponsored hacking operations. Details here.

US Agriculture Poised as Next Frontier in Cybersecurity Threats

Cybersecurity experts warn that U.S. agriculture, heavily reliant on autonomous systems, faces growing cyber risks. Threats include attacks on GPS systems, drones, and critical supply chain infrastructure. Lawmakers are urging stronger defenses against potential disruptions to food production and distribution. Read analysis.