BankInfoSecurity.com

At Least 1,000 Hosts Still Vulnerable as Ransomware Group Claims Mass Exploits
More than 1,000 Cleo managed file-transfer hosts remain internet-exposed and unpatched, despite warnings of a mass attack targeting critical vulnerabilities in the widely used software. The Clop ransomware operation, which has repeatedly targeted MFT software, claimed credit for the attacks.

Azure Data Factory's Apache Airflow Integration Flaw Can Expose Cloud Environments
Security researchers say now-resolved vulnerabilities in a Microsoft Azure integration with the Apache Airflow workflow management platform showcase growing sophistication of attackers. Palo Alto Unit 42 researchers said the flaws could allow hackers to deploy malware and steal data.

Ukrainian Mark Sokolovsky Pleaded Guilty in October
A Ukrainian national who was a key figure in the Raccoon malware-as-a-service criminal operation received a prison sentence of 60 months. The sentence of Mark Sokolovsky includes credit for time already spent in jails following his March 2022 arrest.

APT Group Uses Sophisticated Attack Chain to Deploy WmRAT and MiyaRAT
A suspected South Asian threat actor targeted a Turkish defense organization, deploying malware via a RAR archive and using alternate data streams to deliver remote access Trojans. The group previously targeted multiple countries including China, India, Pakistan and Bangladesh.

Deal Targets Open Source Library Risks in Software Supply Chain, Boosts DevSecOps
The integration of Tidelift into Sonar's ecosystem will enhance software supply chain security by leveraging human-verified insights from maintainers of popular open source libraries. Developers can expect comprehensive tools to address vulnerabilities in first-party, AI-generated, and third-party code.

Federal Agencies Tasked with Adopting New Cloud Security Policies Beginning in 2025
The Cybersecurity and Infrastructure Security Agency is requiring federal agencies to adopt secure cloud configurations, integrate monitoring tools and report cloud systems starting in 2025 as part of an effort to address vulnerabilities in part exposed by the SolarWinds attack.

Regulators Say NIST's 2035 Deadline for Insecure Encryption Could Be Too Late
Australia has rolled out an ambitious roadmap to prepare for future quantum-enabled cyberattacks. Regulators are ready to set an end date for several existing encryption algorithms in 2030 - five years earlier than the deadline set by National Institute of Standards and Technology in the U.S.

CISOs at Organizations That Fell Victim Have a Different Story, 451 Research Finds
Are your defenses against ransomware good enough to survive contact with the enemy? Don't be so sure. A new study from market researcher 451 Research finds that "overconfidence in security tooling remains an issue in the face of ransomware" for organizations that haven't yet fallen victim.

Malware Targets Vulnerable Web Cameras and DVRs Worldwide
Hackers are deploying brute force attacks and using unpatched vulnerabilities to target Chinese-manufactured web cameras and DVRs, the FBI is warning. Targets include a range of organizations in Taiwan and at least one U.S. government server.

More States Likely To Push Similar Legal Claims Against Change Healthcare and UHG
UnitedHealth Group is facing scores of proposed class action lawsuits involving the massively disruptive cyberattack and mega data breach at its Change Healthcare IT services unit this year. But now the company faces the first in what will likely be many more lawsuits by state attorneys general.

Meta Vows to Appeal
The Irish data regulator fined social media platform Meta 251 million euros over a 2018 hack that exposed sensitive data of millions of European Facebook users, including that of children. The bug was in Facebook's "View As" feature permitting a user to see their own profile as it appears to others.

Lawmakers Urge Washington to Adapt Current Laws to Avoid Duplication
The bipartisan House Task Force on AI released a final report Tuesday urging Congress to adopt an agile, incremental approach to AI policy, avoid duplicative regulations, support AI talent pathways and ensure privacy and transparency in AI governance while addressing its growing energy demands.

Trading Bloc Includes Doppelganger Actors and GRU Unit 29155 in Sanctions List
The European Union sanctioned Russian intelligence hackers and two Kremlin officials responsible for digital disinformation campaigns in an action the European Council said marked its first ever imposition of restrictive measures against Russian actors for hybrid activities

Draft National Response Plan Offers Flexible Coordination Strategies Across Sectors
A draft update to the National Cyber Incident Response Plan aims to enhance federal coordination with both the public and private sectors to better address significant cyber incidents, establishing clear roles for federal cyber entities and emphasizing efficient threat response measures.

Malware Exploits Cybercrime Ecosystem for Profit
Hackers are using a variant of a backdoor that's the hallmark of a Chinese threat actor suspected of ties to Beijing in order to target the cybercriminal underground. The malware t "shares near-complete similarity" with the a backdoor exclusively used by the Winnti Group.

Deal With BlackBerry Integrates EDR for Hybrid XDR Platform for Midmarket Customers
Arctic Wolf is acquiring Cylance from BlackBerry for $160 million to integrate its AI-driven EDR technology into a hybrid XDR tool. The move aims to streamline cybersecurity for midmarket companies by combining services with product offerings, cutting operational complexity and boosting scalability.

An Iranian state hacking group is using custom malware to compromise IoT and OT infrastructure in Israel and the United States. An attack wave from Islamic Revolutionary Guard Corps-affiliated "CyberAv3ngers" swept up fuel management systems made by U.S.-based firm Gilbarco Veeder-Root.

IT Outage, Downtime Procedures Affecting Services at California Healthcare Provider
Cybercriminals claim they stole 17 million patient records from a southern California regional healthcare provider that is still struggling with IT and phone systems outages that have been disrupting patient care since the organization was hit by a ransomware attack on Dec. 1.