Good Morning Security Gang! Welcome to another episode of the CyberHub Podcast, your trusted source for the latest cybersecurity news and analysis. Today is Wednesday, January 8th, 2025, and we've got a jam-packed show with critical updates from around the world.

Let's dive right into today's stories, starting with our traditional coffee cup cheers. Wherever you are in the world, whether it’s coffee in the morning or an afternoon beer, let’s raise our cups and get into it!

Telecom Breaches Continue Worldwide: What Practitioners Need to Know

Cyberattacks on telecom providers are surging, with recent breaches reported in Namibia, Taiwan, and the U.S. These attacks are not isolated incidents. They are the result of a handful of initial access brokers targeting vulnerabilities across specific industries. These brokers conduct reconnaissance, mapping networks, and deploying attacks through phishing, credential stuffing, and password spraying.

The breach in Namibia compromised customer data on the IT side of telecom operations. Similarly, Salt Typhoon—a Chinese-linked group—accessed IT systems and moved laterally into operational technology (OT) systems to intercept sensitive call records.

As practitioners, understanding these trends helps us focus on specific TTPs (tactics, techniques, and procedures) and IOCs (indicators of compromise). If you're in the telecom sector or a related supply chain, double down on threat hunting, review your logs, and fortify your defenses.

UN Recruitment Systems Hacked: 42,000 Records Compromised

The United Nations' International Civil Aviation Organization (ICAO) confirmed a breach that exposed over 42,000 recruitment application records from 2016 to 2024. The hack was reportedly carried out by a group called NATO Hub, which shared the data on a breach forum.

This breach highlights the ongoing vulnerabilities in large, bureaucratic organizations like the UN, which many see as ineffective. The ICAO breach shows how high-profile institutions remain prime targets for cybercriminals.

White House Launches Cyber Trust Mark for IoT Devices

The U.S. government has introduced the Cyber Trust Mark—a cybersecurity safety label for IoT (Internet of Things) devices. Starting this year, smart products like security cameras, TVs, and fitness trackers will carry a label to indicate compliance with security standards set by NIST.

This initiative aims to help consumers identify safer devices for their homes. Products will feature a QR code that provides details on default password settings, update policies, and other security features. Companies like Best Buy and Amazon will highlight products with the Cyber Trust Mark. While it's a good start, there's still room for improvement to ensure consumer safety.

Telegram’s Privacy Stance Shifts Under Government Pressure

Last year, Telegram CEO Pavel Durov was arrested in France, signaling increasing government pressure on the platform. Telegram, once known for its strong privacy stance, has reportedly started cooperating with government requests for user data, including phone numbers and IP addresses.

This shift raises concerns about the future of secure communications. While some argue that Telegram’s cooperation may help curb criminal activity, others worry about the erosion of privacy on the platform. Cybercriminals are likely to move to other platforms, but the vetting process for new platforms will slow their operations.

CISA Warns Federal Agencies About Critical Vulnerabilities

CISA issued warnings to U.S. federal agencies about actively exploited vulnerabilities in Oracle WebLogic servers and Mitel’s MiCollab systems. These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.

The Oracle WebLogic flaw (CVE-2022-0883) was patched four years ago, yet some systems remain unpatched, making them prime targets. The Mitel vulnerability (CVE-2024-41713) affects the voicemail component in MiCollab systems. Agencies are urged to patch these critical vulnerabilities immediately to prevent further exploitation.

Growing Mirai Botnet Targets Industrial Routers and Smart Home Devices

A new variant of the Mirai botnet is expanding its footprint by exploiting zero-day vulnerabilities in industrial routers and smart home devices. This botnet, known for its homophobic reference name, uses custom exploits to target devices from Huawei, Asus, and other manufacturers.

Discovered last February, the botnet currently operates 15,000 daily active nodes, primarily in China, the U.S., Russia, Turkey, and Iran. The botnet’s growth underscores the importance of securing IoT devices to prevent them from being hijacked for malicious purposes.

Google, Mozilla, and Android Release Security Updates

Google and Mozilla kicked off the year with critical security updates. Google released Chrome version 131, addressing high-severity vulnerabilities. Mozilla patched 11 vulnerabilities across Firefox, including ESR versions 115.1.9 and 128.6. Android also issued its first security update of the year, fixing several critical vulnerabilities affecting a wide range of devices. Users are urged to update their browsers and Android devices to stay secure.

State of Israeli Cybersecurity Ecosystem: Record-Breaking Growth

YL Ventures released its latest report on the Israeli cybersecurity ecosystem, showing record-breaking growth in 2024. Despite global economic challenges, Israeli cybersecurity startups raised nearly $4 billion, a 110% increase from the previous year.

Key players in the ecosystem include:

• Wiz: Raised $1 billion in a Series E round.

• Sierra: Raised $300 million.

• Axonius: Raised $200 million.

• Silverfort: Raised $116 million.

• Torq: Secured $70 million.

• Mind: Closed an $11 million seed round.

The report highlights ongoing consolidation in the industry, with notable acquisitions like Akamai’s purchase of NoName for $450 million and CrowdStrike’s acquisition of Adaptive Shield for $300 million. The Israeli cybersecurity sector continues to thrive, indicating more innovation and disruption ahead.

Key Takeaways and Action Items

1. Telecom Practitioners: Review your logs and study TTPs and IOCs related to recent breaches. Focus on securing IT and OT systems.

2. Organizations with IoT Devices: Ensure your devices meet Cyber Trust Mark standards and educate users on secure configurations.

3. Privacy Advocates: Monitor changes in Telegram’s privacy policies and consider alternative platforms for secure communications.

4. Federal Agencies: Patch Oracle WebLogic and Mitel MiCollab vulnerabilities immediately to prevent exploitation.

5. IoT Device Manufacturers: Secure your products against botnet threats and implement regular security updates.

6. Cybersecurity Investors and Startups: Keep an eye on the Israeli cybersecurity market for growth opportunities and potential partnerships.

7. General Users: Update your browsers and Android devices to stay protected against the latest vulnerabilities.

That’s it for today’s show! We’ll be back tomorrow at 9 AM Eastern with more cybersecurity insights. Don’t forget to subscribe to our daily newsletter on cyberhubpodcast.com to get a write-up of key takeaways straight to your inbox.

Stay cyber safe, y'all!

Join James Azar’s subscriber chat

Available in the Substack app and on web

Join chat

✅ Story Links:

https://www.darkreading.com/cyberattacks-data-breaches/ransomware-targeting-infrastructure-telecom-namibia

https://therecord.media/icao-un-confirms-recruitment-systems-data-breach

https://www.bleepingcomputer.com/news/security/us-govt-launches-cybersecurity-safety-label-for-smart-devices/

https://www.bleepingcomputer.com/news/legal/telegram-hands-over-data-on-thousands-of-users-to-us-law-enforcement/

https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-oracle-mitel-flaws-exploited-in-attacks/

https://www.bleepingcomputer.com/news/security/new-mirai-botnet-targets-industrial-routers-with-zero-day-exploits/

https://www.securityweek.com/chrome-131-firefox-134-updates-patch-high-severity-vulnerabilities/

https://cyberscoop.com/android-security-update-january-2025/

https://www.ylventures.com/wp-content/uploads/2025/01/The-State-of-the-Cyber-Nation-2024_Full-Report_v8.pdf

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.