This month in security with Tony Anscombe – December 2024 edition - We Live Security
Latest Cybersecurity News in December 2024
Global Cybersecurity Incidents
-
Japan Airlines System Hit by Cyber Attack:
- Japan Airlines reported a significant cyberattack on its systems, causing disruptions to both domestic and international flight operations3.
-
European Space Agency’s Official Store Hacked:
- The European Space Agency’s official web shop was hacked, with a piece of JavaScript code generating a fake Stripe payment page at checkout3.
-
Ascension Health Data Stolen in Ransomware Attack:
- Ascension, one of the largest private U.S. healthcare systems, notified nearly 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation3.
-
North Korean Hackers Steal $1.34 Billion in Cryptocurrency:
- North Korean hackers have stolen $1.34 billion worth of cryptocurrency across 47 cyberattacks in 2024, according to a report by blockchain analysis company Chainalysis3.
-
Krispy Kreme Breach Claimed by Play Ransomware Gang:
- The Play ransomware gang has claimed responsibility for a cyberattack that impacted the business operations of the U.S. doughnut chain Krispy Kreme in November3.
Zero-Day Vulnerabilities in December 2024
- CVE-2024 Vulnerabilities:
- Several zero-day and n-day vulnerabilities were exploited in 2024, including:
- CVE-2024-21338: Windows privilege escalation vulnerability.
- CVE-2024-21793: OData injection flaw in F5 BIG-IP.
- CVE-2024-21887: Arbitrary code execution exploit for Ivanti Connect Secure.
- CVE-2024-21888: Privilege elevation vulnerability in Ivanti.
- CVE-2024-21893: Server-side request forgery vulnerability in Ivanti.
- CVE-2024-23897: Jenkins file leak and RCE vulnerability.
- CVE-2024-24576: Critical command injection vulnerability in Windows systems.
- CVE-2024-26026: SQL injection vulnerability in F5 BIG-IP.
- CVE-2024-29824: SQL injection vulnerability in Ivanti’s EPM Core server.
- CVE-2024-30088: High-severity Windows Kernel privilege escalation vulnerability.
- CVE-2024-3400: Unauthenticated remote code execution via command injection in PAN-OS firewalls.
- CVE-2024-38193: Zero-day vulnerability in Windows AFD.sys driver.
- CVE-2024-47575: Missing authentication flaw in FortiGate to FortiManager Protocol.
- CVE-2024-5655: Critical vulnerability in GitLab.
- CVE-2024-6385: Critical vulnerability in GitLab enabling execution of pipeline jobs as other users.
- CVE-2024-70411: Critical RCE vulnerability in VBR leading to complete system takeovers4.
Ransomware Crackdown in Africa
-
NIMC Orders Crackdown on Extortion of NIN Applicants:
- The National Identity Management Commission (NIMC) in Nigeria has ordered a crackdown on extortion of National Identification Number (NIN) applicants, aiming to curb illegal activities1.
-
RansomHub RaaS Activities:
- The FBI, along with other partners, has released a joint cybersecurity advisory on RansomHub, a ransomware-as-a-service variant that has claimed at least 210 victims in multiple critical infrastructure sectors. This highlights the global nature of ransomware threats, which could potentially affect African countries as well4.
These updates provide a comprehensive overview of the latest cybersecurity news, zero-day vulnerabilities, and ransomware activities in December 2024.