The ongoing scrutiny surrounding the messaging application utilized by Customs and Border Protection (CBP) and the White House continues to raise concerns about security vulnerabilities. In a related incident, hacktivists have successfully breached GlobalX, the airline responsible for U.S. deportation flights, resulting in the exposure of sensitive flight manifests and a pointed message directed at former President Trump.
In a broader context, the FBI has issued a warning regarding the exploitation of outdated and unsupported routers by threat actors, highlighting the persistent risks associated with legacy technology. The education sector is not immune either, as Pearson, a prominent player in the industry, has confirmed a cyberattack that has compromised customer data.
Research indicates that cybercriminals are increasingly leveraging Windows Remote Management (WinRM) to execute stealthy lateral movements within Active Directory (AD) environments, posing significant challenges for organizations striving to maintain robust security postures. Additionally, a sophisticated email attack campaign has emerged, utilizing malicious PDF invoices to deliver a cross-platform Remote Access Trojan (RAT), further complicating the cybersecurity landscape.
In a notable development, a zero-day vulnerability in SAP NetWeaver has been identified, allowing for remote code execution, thereby impacting multiple sectors. Meanwhile, an Indiana health system has reported a data breach that affects nearly 263,000 individuals, underscoring the critical need for enhanced data protection measures across the healthcare industry.
CyberWire Guest
In today’s episode, we welcome Alex Cox, the Director of Information Security at LastPass. He shares insights into the tax-related lures that are currently targeting both tax preparation agencies and individuals expecting refunds, shedding light on the evolving tactics employed by cybercriminals during this sensitive time of year.
Selected Reading
- On the state of modern Web Application Security (BrightTalk)
- Customs and Border Protection Confirms Its Use of Hacked Signal Clone TeleMessage (Wired)
- Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for “Donnie” Trump (Bitdefender)
- FBI Sounds Alarm on Rogue Cybercrime Services Targeting Obsolete Routers (Infosecurity Magazine)
- Education giant Pearson hit by cyberattack exposing customer data (Bleeping Computer)
- Hackers Using Windows Remote Management to Stealthily Navigate Active Directory Network (Cybersecurity News)
- Hackers Weaponizing PDF Invoices to Attack Windows, Linux & macOS Systems (Cybersecurity News)
- SAP Zero-Day Targeted Since January, Many Sectors Impacted (Security Week)
- Indiana Health System Notifies 263,000 of Oracle Hack (Bank of Infosecurity)
- A Judge Accepted AI Video Testimony From a Dead Man (404 Media)
Share your feedback.
We value your input and strive to enhance your podcast experience. Please take a moment to complete our brief listener survey, as your insights are crucial for our continuous improvement.
Want to hear your company in the show?
Engage with the most influential leaders and operators in the industry. Access our media kit for more information, and feel free to contact us at cyberwire@n2k.com for inquiries.
The CyberWire is a production of N2K Networks, your trusted source for strategic workforce intelligence. © N2K Networks, Inc.
