Cyber Briefing: 2024.12.24

👉 What’s the latest in the cyber world today?

ScreenConnect, AsyncRAT, SectopRAT, Windows, Adobe, ColdFusion, Vulnerability, WPLMS, WordPress Plugin, Security Flaws, Node.js, Remote Code Execution, CISA, USAHERDS, General Dynamics, Data Breach, Employee Information, Fake Zoom, Malware Scam, $1 Million, Theft, Valio, Cyberattack, Personal Data, True World Holdings, Customer Data, DBM Global, Personal Information, Donald Trump, TikTok, US, Taiwan, Legislative Yuan, Cyberattacks, China, MeitY Summit, Digital Growth, India, Cybersecurity, Russia, Crypto Mining, Ban, 2025, FBI, North Korea, DMM, Bitcoin Exchange, Hack

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.

🚨 Cyber Alerts

1. Hackers Use ScreenConnect to Deploy AsyncRAT

Cybercriminals are exploiting legitimate remote monitoring and management (RMM) software, ScreenConnect, to deploy powerful remote access tools (RATs) like AsyncRAT and SectopRAT on Windows systems. Microsoft recently uncovered a campaign where attackers used tech support scams to trick victims into granting remote access, enabling AsyncRAT installation for data theft and system surveillance. Meanwhile, SectopRAT is being distributed through SEO poisoning and typosquatting tactics, directing users to malicious websites that compromise browser data and cryptocurrency wallets.

2. Adobe Patches Critical ColdFusion Flaw

Adobe has released an out-of-band security update to address a critical vulnerability (CVE-2024–53961) in ColdFusion 2021 and 2023, caused by a path traversal weakness. This flaw allows attackers to read arbitrary files on vulnerable servers, posing a significant security risk. With proof-of-concept (PoC) exploit code publicly available, Adobe has assigned a “Priority 1” severity rating, urging administrators to apply the updates (ColdFusion 2021 Update 18 and ColdFusion 2023 Update 12) within 72 hours.

3. WPLMS Plugins Fix 7 Critical Security Flaws

The WPLMS WordPress theme, used by educational institutions and e-learning providers, has been found to contain critical security vulnerabilities in its associated plugins. Researchers from Patchstack discovered 18 significant flaws in the WPLMS and VibeBP plugins, with seven of them being particularly severe. These vulnerabilities, including issues allowing unauthenticated file uploads, remote code execution, SQL injection, and privilege escalation, could allow attackers to compromise the affected sites.

4. Critical Node.js Vulnerability Allows RCE

A critical vulnerability, identified as CVE-2024–56334, has been discovered in the popular Node.js package “systeminformation,” which is downloaded over 8 million times monthly. The flaw, found in versions up to 5.23.6, allows remote code execution (RCE) through a command injection in the getWindowsIEEE8021x function. This vulnerability occurs when an attacker embeds malicious commands in a Wi-Fi network’s SSID, triggering the execution of these commands on vulnerable systems.

5. Acclaim USAHERDS Flaw Exploited in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Acclaim Systems’ USAHERDS software to its Known Exploited Vulnerabilities (KEV) catalog, following evidence of active exploitation. The flaw, identified as CVE-2021–44207, stems from hard-coded static credentials in versions 7.4.0.1 and earlier, allowing attackers to execute arbitrary code on vulnerable servers. By exploiting the static ValidationKey and DecryptionKey, threat actors could trick the server into deserializing malicious data, potentially leading to remote code execution.

💥 Cyber Incidents

6. General Dynamics Hit with Data Breach

General Dynamics Corporation (GD) notified Maine residents about a data breach that occurred on October 10, 2024, involving unauthorized access to employee benefits accounts. The breach was the result of a phishing campaign that led employees to a fraudulent login site, allowing the attacker to steal authentication credentials. This breach potentially exposed sensitive personal information, including names, dates of birth, social security numbers, bank account details, and disability status.

7. Fake Zoom Malware Scam Costs User $1 Million

A user recently lost $1 million in a sophisticated cyber scam involving fake Zoom malware, with the threat actor identified as us04-zoom[.]us. The attack, part of a rising trend of private key theft malware incidents, involved malicious software disguised as Zoom, prompting victims to install it. Once installed, the malware compromised the user’s private keys, leading to significant financial losses.

8. Valio Cyberattack Exposes Data of Employees

Valio, the Finnish dairy company, has been hit by a significant cyberattack, potentially exposing the personal data of over 5,000 employees and individuals linked to milk procurement cooperatives. The breach, which was discovered on December 12, 2024, involved hackers exploiting user credentials from Valio’s IT service partner, Vincit, to access sensitive information such as personal identification numbers, salaries, and bank account details.

9. True World Holdings Suffers Data Breach

True World Holdings LLC recently reported a data security incident that may have compromised the personal information of its customers. On August 23, 2024, unusual activity within the company’s network led to an investigation, which revealed that certain files containing customer data were copied by unauthorized actors. While the review of the impacted files is still ongoing, the company has confirmed that personal information, such as customer data, may have been exposed.

10. DBM Global Hit With Major Data Breach

DBM Global Inc. recently experienced a significant cybersecurity breach that compromised the personal information of individuals associated with the company. The breach has raised concerns over the exposure of sensitive data, and DBM Global is actively notifying affected individuals. The incident has led to the potential exposure of personal details such as names, social security numbers, and other confidential information.

📢 Cyber News

11. Donald Trump Seeks to Keep TikTok Around

President-elect Donald Trump recently expressed a desire to keep TikTok operational in the U.S. for a little longer, despite a scheduled ban set to take effect in less than a month. Speaking to supporters at a rally in Phoenix, Arizona, Trump referenced the app’s massive popularity, noting that his own TikTok presence garnered billions of views. Trump mentioned that after reviewing a chart showing TikTok’s impact, he felt it might be worth delaying the ban. His comments came after a meeting with TikTok’s CEO, where he stated that he had developed a “warm spot” for the app.

12. Taiwan’s Legislative Yuan Faces 1M Attacks

Taiwan’s Legislative Yuan is facing an alarming number of cyberattacks, with an average of 900,000 to 1 million attacks each month, primarily originating from China. This information was revealed by Cheng Hui-pin, the head of the legislature’s IT department, during a budget review meeting held by the Judiciary and Organic Laws and Statutes Committee. The Legislative Yuan, being Taiwan’s highest legislative body, holds sensitive national security data, making it a prime target for cyber intrusions.

13. Indian States Collaborate on Digital Growth

The Indian Ministry of Electronics and Information Technology (MeitY) recently hosted a summit at Bharat Mandapam in New Delhi, aimed at advancing digital growth and strengthening cybersecurity across the country. The event brought together IT Secretaries and senior officials from 34 states and union territories, focusing on bridging the digital divide. Discussions centered on enhancing digital infrastructure, fostering innovation, and adhering to the Digital Personal Data Protection (DPDP) Act of 2023.

14. Russia Bans Crypto Mining for 6 Years

Russia has announced a six-year ban on cryptocurrency mining in 10 regions, starting January 1, 2025. The ban, which will last until March 15, 2031, will affect key regions including Dagestan, Ingushetia, and Chechnya, along with areas such as Donetsk, Lugansk, Zaporizhzhia, and Kherson. Additionally, seasonal mining restrictions will be imposed in energy-intensive Siberian regions, including Irkutsk, Buryatia, and Zabaikalsky, to prevent power shortages.

15. North Korean Hackers Steal $308M from DMM

In May 2024, North Korean cyber actors, linked to the TraderTraitor group, orchestrated a significant heist targeting Japan’s DMM Bitcoin exchange, stealing cryptocurrency worth $305 million. The FBI and Japan’s National Police Agency have attributed the attack to North Korean hackers, who employed sophisticated social engineering tactics to manipulate employees into downloading malicious scripts. By exploiting these vulnerabilities, the hackers gained unauthorized access to critical systems, including Ginco, a wallet management platform, which ultimately facilitated the fraudulent transaction.

Subscribe and Comment.

Copyright © 2024 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.