⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips
Latest Cybersecurity News and Threats (December 2024)
Key Highlights:
-
Japan Airlines Cyberattack:
- Japan Airlines was hit by a cyberattack, which delayed flights during the year-end holiday season. The attack is believed to be related to the LockBit ransomware group1.
-
Palo Alto Networks Vulnerability:
- A critical vulnerability (CVE-2024-3393) in Palo Alto Networks firewalls allows unauthenticated attackers to trigger firewall reboots by sending malicious DNS packets. This vulnerability affects multiple PAN-OS versions and requires 'DNS Security' logging to be enabled. Palo Alto has released patches for versions 10.1.14-h8, 10.2.10-h12, 11.1.5, and 11.2.3, but version 11.0 remains unpatched due to EOL status15.
-
Chrome Extension Attacks:
- Over 600,000 users were exposed to data theft due to 16 hacked Chrome extensions3.
-
Cloudflare Data Loss:
- Cloudflare lost customer logs, which could potentially expose sensitive information1.
-
Microsoft Vulnerability Patch:
- Microsoft has patched vulnerabilities affecting cloud, AI, and other services, including an exploited flaw1.
-
Zero Trust Architecture Integration:
- Attack Surface Management (ASM) platforms are being integrated into Zero Trust Architectures (ZTA) to provide continuous monitoring and verification of all devices, users, and applications interacting with the network2.
-
IoT and OT Security Focus:
- ASM tools are focusing more on securing IoT and OT devices by identifying vulnerabilities such as default credentials, unpatched firmware, and unsecured communications2.
-
Operation Serengeti:
- This operation targeted criminal suspects in Africa behind ransomware, business email compromise, digital extortion, and scams1.
-
Russian Cyberspy Group APT28:
- Conducted a Nearest Neighbor Attack by hacking into the building across the street from the victim for a Wi-Fi attack1.
-
Microsoft Phishing Website Seizure:
- Microsoft seized 240 phishing-related websites and disrupted the ONNX service, which the company says is run by an Egyptian man1.
Tools and Tips:
-
AI-Powered ASM Solutions:
- AI and machine learning (ML) are integral to ASM, enabling organizations to identify threats faster and more accurately. AI-driven platforms analyze vast amounts of data in real-time, uncovering vulnerabilities that would be nearly impossible for human analysts to detect2.
-
Proactive Threat Intelligence:
- Cyble’s AI-driven ASM platform provides comprehensive, proactive threat mitigation by continuously updating its threat intelligence database with actionable insights tailored to each organization’s unique attack surface2.
-
Patching Recommendations:
By staying informed about these latest cybersecurity threats and tools, organizations can strengthen their cybersecurity posture and mitigate risks effectively.