Welcome to the 11 new members from the last 30 days! This newsletter now has 1,615 subscribers.

Partners and Affiliates

🔐 NordVPN Christmas Campaign (Dec 10 - Jan 8) - Save up to 74% + 3 Extra Months!

GET THE DEAL

Breaches & Security Incidents

🇪🇺 🚀 The European Space Agency's online store was hacked, leading to the theft of customer payment card information through a fake payment page. The malicious code made the store temporarily unavailable, displaying a message that it was “out of orbit.” ESA stated that the store is not hosted on their infrastructure, meaning they do not manage or own the data collected.

🇺🇸 Ascension, a major health care company, reported that a cyberattack affected 5.6 million patients' sensitive data — The attack caused significant disruptions, forcing staff to switch to manual processes, which led to errors and delays. Stolen information included names, medical records, payment details, and Social Security numbers.

🔊 Interested in Reaching a Cybersecurity Audience?

Amplify your brand’s presence by sponsoring the InfoSec MASHUP newsletter!

Reach dedicated readers in the cybersecurity field with each issue! Contact us to explore sponsorship opportunities.

Cybercrime, Cyber Espionage, APT’s

🇰🇷 ⚖️ South Korea has sanctioned 15 North Koreans and one organization for using fake IT jobs to fund North Korea's nuclear programs. These individuals are involved in cyberattacks and cryptocurrency theft while posing as legitimate workers abroad. Their actions threaten global security and have raised concerns among Western officials and companies.

🇧🇷 🇺🇸 A Brazilian man named Junior Barros De Oliveira has been charged in the U.S. for extorting $3.2 million in Bitcoin after hacking into a company and stealing data from 300,000 customers. He threatened to release the stolen information unless he was paid in Bitcoin and even offered to help the company fix the security issue for a fee. Each extortion charge could lead to a maximum of five years in prison.

🇺🇸 ⚖️ Two California men, Gabriel Hay and Gavin Mayo, have been indicted for allegedly scamming investors out of over $22 million through fraudulent NFT projects. They used misleading information to promote their projects and abandoned them after collecting funds. If convicted, they face significant prison time for conspiracy, wire fraud, and stalking.

🔓 The Clop ransomware gang has claimed responsibility for hacking at least 66 companies by exploiting a flaw in Cleo Software's file transfer tools. They listed some of the hacked companies on their dark web site and plan to reveal full names to pressure victims for ransom. This is part of a pattern for Clop, which has previously targeted similar tools and affected many businesses.

North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin

🇰🇵 💰 North Korean hackers stole $1.34 billion in cryptocurrency through 47 cyberattacks in 2024, making up 61% of all stolen funds this year. The attacks primarily targeted DeFi platforms and were often due to compromised private keys. This year's thefts represent a significant increase from previous years, highlighting the hackers' growing capacity for large-scale attacks.

🇺🇸 ⚖️ The U.S. Department of Justice has charged Rostislav Panev, a dual Russian and Israeli national, for his alleged role as a developer in the LockBit ransomware group. Panev was arrested in Israel and is awaiting extradition, as he is accused of helping create malware that has caused billions in damages worldwide. This arrest is part of a larger effort by international law enforcement to dismantle the LockBit organization.

Government, Politics, and Privacy

🇺🇸 🇨🇳 Feds lay blame while Chinese telecom attack continues — Chinese actors have compromised the U.S. telecommunications system, targeting high-level officials and gaining access to major companies. The government is focusing on regulations instead of helping telecom companies defend against these ongoing threats. Experts urge a better understanding of the attacks and a more coordinated response to improve cybersecurity without adding unnecessary burdens.

🇺🇸 The FTC has ordered Marriott and Starwood Hotels to improve their customer data security after several major data breaches affected millions of customers. They must implement a comprehensive security program within 180 days, including measures like encryption and monitoring for anomalies. This order will last for 20 years and aims to better protect customer information from hackers.

🇺🇸 👀 A U.S. judge ruled that NSO Group illegally hacked WhatsApp to install its Pegasus spyware on 1,400 users' devices. This decision, made by Judge Phyllis Hamilton, marks a significant victory for WhatsApp, which has been fighting against NSO for five years. The case will go to trial in March 2025 to determine the damages NSO must pay.

Partners and Affiliates

🌐 Stay connected and secure on the go with Airalo's global eSIMs — Use the code NEWTOAIRALO15 if you’re new to Airalo to get an additional 15% discount.

Malware & Threats

🦠 🕸️ A new Mirai-based botnet is exploiting unpatched vulnerabilities in DigiEver NVRs and TP-Link routers — It allows hackers to execute commands remotely and compromise devices for DDoS attacks. This botnet uses advanced encryption and targets multiple device architectures, indicating an evolution in its tactics.

🦠 The Iranian hacking group Charming Kitten has released a new variant of the BellaCiao malware called BellaCPP, which is written in C++. Kaspersky discovered this new malware while investigating a compromised machine in Asia. Unlike its predecessor, BellaCPP lacks a web shell for file management but still retains capabilities for creating an SSH tunnel.

🦠 🐍 Researchers have discovered two harmful packages, zebo and cometlogger, on the Python Package Index (PyPI) that can steal sensitive information and hijack accounts. These packages were designed to capture keystrokes, take screenshots, and exfiltrate data from various applications. Users are warned to be cautious and avoid running unverified code due to the malicious capabilities of these packages.

🎣 🇺🇸 A new phishing service called "FlowerStorm" is gaining popularity after the shutdown of Rockstar2FA, which targeted Microsoft 365 credentials. FlowerStorm shares many features with Rockstar2FA, suggesting it may be a rebranded version of the previous service. This new platform poses a significant threat to users and organizations, especially in the United States, by enabling damaging phishing attacks.

AI, Crypto, Tech & Tools

🤖 🦠 Researchers found that large language models (LLMs) can generate thousands of new malware variants that evade detection by security systems. Criminals can easily use LLMs to modify existing malware, making it appear benign while maintaining its harmful functions. This development poses a serious threat as it makes detecting malicious code significantly more challenging for cybersecurity defenses.

🎮 👀 In the game Gorilla Tag, some players are cheating by using a VPN to gain an advantage — They follow tutorials to install a free VPN called Big Mama VPN on their VR headsets, which allows them to tag opponents more easily. However, this VPN is also selling access to users' home internet connections, raising privacy concerns.

Vulnerabilities, Research, and Threat Intelligence

• Apache fixes remote code execution bypass in Tomcat web server

• Microsoft fixes bug behind random Office 365 deactivation errors

• Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately

🪳 🔓 A critical SQL injection vulnerability (CVE-2024-45387) in Apache Traffic Control has been rated 9.9 out of 10 and allows attackers to execute SQL commands if exploited. Users are urged to update to version 8.0.2, which includes a patch for this issue. The Apache Software Foundation has also addressed other vulnerabilities in different projects.

ICS, OT & IoT

🪳 🔓 Researchers found security flaws in Ruijie Networks' cloud platform that could let hackers control about 50,000 devices — The vulnerabilities include weak password recovery and dangerous functions that allow for remote code execution. All identified issues have been fixed by Ruijie, so no user action is needed.