Good Morning, Security Gang!
Welcome to another episode of the CyberHub Podcast. It's January 7, 2025, and we are kicking off the year with a packed show filled with critical cybersecurity updates and insights. From recent cyber incidents and vulnerabilities to policy changes and global reactions, here’s what you need to know. Grab your double espresso and let’s dive in!
A Year of Cybersecurity Transformation
The election results have been certified, and in just 13 days, President Donald J. Trump will take office. I anticipate significant cybersecurity transformations at the national level within the next 12 months. Government responsibility in cybersecurity will be a major topic, and we'll delve into more details on this in Friday's episode. Now, let’s focus on today's stories.
Salt Typhoon Attack Expands: More Telecoms Impacted
The list of victims in the Salt Typhoon attack continues to grow. Over the weekend, reports confirmed that Charter Communications, Consolidated Communications, and Windstream were affected, bringing the total number of impacted telecoms to nearly a dozen. These breaches, attributed to a Chinese state-backed APT group, pose significant challenges for detection and remediation.
White House Deputy National Security Advisor Anne Neuberger previously stated that nine telecoms were breached. However, the evolving situation suggests that this number could climb higher.
The attack highlights the lack of enforcement of the 1994 Telecom Security Bill. Senator Ron Wyden’s new bill aims to address these gaps, but questions remain about the effectiveness of federal agencies like the FCC in enforcing cybersecurity regulations.
U.S. Sanctions on Chinese Cybersecurity Firm Integrity Technology Group
The U.S. Treasury and OFAC have imposed sanctions on Integrity Technology Group, a Beijing-based cybersecurity company linked to several Chinese APT groups. The Chinese government has responded with sharp criticism, calling the sanctions illegal.
China’s reaction is telling. The sanctions impact Integrity Technology Group’s business not only in the U.S. but also in Europe and allied Asian countries. This move directly challenges China's ambitions in Southeast Asia and its cybersecurity influence.
Critical Infrastructure Ransomware Database Hits 2,000 Entries
A ransomware attack tracking project initiated by Temple University has documented over 2,000 critical infrastructure ransomware attacks since 2013. The three most targeted sectors remain government facilities, healthcare, and education, while sectors like nuclear facilities and water remain less frequent targets.
The data shows a worrying trend: ransomware demands and frequency are increasing, with critical infrastructure remaining vulnerable due to outdated security measures and underfunding.
ICS Vulnerabilities: Patch Challenges in Energy Sector
Moxa devices used in industrial control systems across energy, utilities, and telecom sectors have two newly discovered critical vulnerabilities:
CVE-2024-9138: Hard-coded credentials allowing privilege escalation to root.
CVE-2024-9140: OS command injection flaw leading to arbitrary code execution.
In industrial environments, patching is not straightforward. Scheduled outages are required to apply updates, making immediate fixes challenging. This highlights the complexities of cybersecurity in critical infrastructure sectors.
Treasury Breach: BeyondTrust API Key Zero-Day Exploitation
Last week’s breach at the U.S. Treasury Department was traced to a BeyondTrust remote support SaaS API key zero-day vulnerability. Fortunately, CISA reports that no other federal agencies appear to be impacted.
The incident serves as a reminder to use tools like Shodan for threat hunting and understanding what parts of your network are visible to attackers.
EagerBee Backdoor Evolves: New Targets in the Middle East
Kaspersky researchers have detected a new version of the EagerBee backdoor malware, now targeting ISPs and government entities in the Middle East. The malware, linked to Chinese APT group Iron Tiger (Emissary Panda), features new components designed to evade detection and enhance stealth.
This evolution of EagerBee underscores the importance of understanding business processes and network behavior to detect anomalies and prevent attacks.
MediaTek, HP, and Dell Issue Patches
Several major vendors released advisories for critical vulnerabilities:
MediaTek: Patched over a dozen flaws, including a critical RCE vulnerability (CVE-2024-2154) affecting modem components.
HP: Addressed multiple vulnerabilities in Brocade Fabric OS used in SAN switches.
Dell: Fixed a high-severity local escalation of privilege issue in its update package framework.
Ensure that your teams are aware of these patches and apply them promptly to minimize risk.
T-Mobile Faces New Lawsuit Over 2021 Data Breach
Washington State Attorney General Bob Ferguson has filed a lawsuit against T-Mobile for their 2021 data breach, alleging inadequate security controls over customer data. The lawsuit could set a precedent for stricter telecom regulations.
The telecom industry must brace for increased scrutiny and tighter regulations as the FCC under Brandon Carr will likely prioritize telecom security.
Action List: Your Key Takeaways
Monitor Salt Typhoon Updates: Ensure your telecom partners are secure and stay updated on evolving threats.
Understand Sanctions' Impacts: Be aware of how geopolitical actions, like U.S. sanctions, can affect global cybersecurity.
Track Ransomware Trends: Keep critical infrastructure ransomware incidents on your radar and update your defenses accordingly.
Patch ICS Vulnerabilities: If you operate in critical sectors, plan for scheduled outages to apply patches promptly.
Use Threat Hunting Tools: Incorporate tools like Shodan into your threat hunting strategies to see what attackers can see.
Stay Informed on Legal Actions: Watch ongoing legal cases like the T-Mobile lawsuit to understand future regulatory impacts.
Apply Vendor Patches: Ensure your teams are patching vulnerabilities from MediaTek, HP, Dell, and others to reduce risk.
Focus on Network Behavior: Emphasize the importance of understanding normal network behavior to detect malicious activities effectively.
Final Thoughts
The cybersecurity landscape in 2025 is off to a busy start. As we navigate this ever-evolving field, it's crucial to stay informed, proactive, and resilient. Thank you to everyone tuning in live from across the globe. Remember to like, comment, share, and subscribe to the CyberHub Podcast. Let's continue to stay ahead of the curve.
Coffee Cup Cheers, See You Next Time and Stay Cyber Safe!
✅ Story Links:
https://www.securityweek.com/dell-hpe-mediatek-patch-vulnerabilities-in-their-products/
https://www.securityweek.com/washington-attorney-general-sues-t-mobile-over-2021-data-breach/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post