The N2K CyberWire network had a standout year and we’re wrapping it up with a highlight reel that captures some of our greatest moments and achievements. Thank you to our audience for an incredible year. Your support and engagement fuel everything we do! Watch N2K CyberWire’s 2024 recap now.
IT pros, are you ready to fortify your defenses? Discover ThreatLocker® Network Control, a powerful Zero Trust host-based firewall with dynamic ACLs. Gain full visibility, granular control, and advanced filtering to secure your network like never before. Learn how to stop breaches, implement microsegmentation, and integrate seamlessly with the ThreatLocker Platform. Download the whitepaper now and get the insights you need to enhance your organization’s defenses!
Daily Briefing for 12.23.24
At a glance.
- Judge finds NSO Group liable in WhatsApp lawsuit.
- China accuses the US government of cyberattacks.
- Alleged LockBit ransomware developer to be extradited to the US.
Judge finds NSO Group liable in WhatsApp lawsuit.
A Northern California federal judge has ruled that Israeli spyware vendor NSO Group is liable for the infection of devices belonging to 1,400 WhatsApp users, the Record reports. NSO's Pegasus spyware has been abused by the company's government clients to target members of civil society, including activists, journalists, and diplomats, but this marks the first time NSO Group itself has been found liable for these abuses. NSO Group maintains that its products are meant solely for government customers to combat terrorism and crime, but the company has been widely criticized for selling the tools to authoritarian regimes.
The judge ruled that NSO Group violated the US Computer Fraud and Abuse Act (CFAA) and California's Comprehensive Computer Data Access and Fraud Act (CDAFA). Meta-owned WhatsApp said in a statement, "After five years of litigation, we're grateful for today's decision,” WhatsApp said in a statement. “NSO can no longer avoid accountability for their unlawful attacks on WhatsApp, journalists, human rights activists, and civil society." NSO Group hasn't responded to the Record's request for a comment.
By getting started with a free identity security assessment, Cisco can help you find and secure the gaps in your identity infrastructure and provide insights for improving your identity posture. Outcomes of the assessment include:
- A complete view of your identity security posture
- A detailed view of all identities and devices logging into your network
- An analysis of your multi-factor authentication usage and adoption
- A snapshot of your total number of inactive accounts
China accuses the US government of cyberattacks.
CyberScoop reports that the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT) has accused the US government of hacking two Chinese tech companies in an attempt to steal trade secrets. One of the attacks targeted an "advanced material design and research unit," exploiting a vulnerability in a document management system to deploy malware via Trojanized software updates. Another attack hit "large-scale high-tech enterprise: in China’s "smart energy and digital information industry," using Microsoft Exchange vulnerabilities to access the company’s mail server and install backdoors.
The accusations come amid the US government's high-profile response to China's alleged hacking of US telecommunication companies.
Dropzone AI has been recognized as a Gartner Cool Vendor, validating its role in transforming SOCs. With an AI SOC Analyst that autonomously investigates alerts 24/7, Dropzone AI helps security teams stay ahead by reducing alert fatigue and providing decision-ready insights. Discover how we're leading SOC innovation.
Alleged LockBit ransomware developer to be extradited to the US.
A suspected LockBit ransomware developer is awaiting extradition to the US from Israel to face 41 criminal charges, the Register reports. 51-year-old Rostislav Panev, a dual Russian and Israeli national, was arrested by Israeli authorities in August at the request of the US.
The US Justice Department stated, "Panev acted as a developer of the LockBit ransomware group from its inception in or around 2019 through at least February 2024. During that time, Panev and his LockBit coconspirators grew LockBit into what was, at times, the most active and destructive ransomware group in the world. The LockBit group attacked more than 2,500 victims in at least 120 countries around the world, including 1,800 in the United States."
Penetration Testing as a Service (PTaaS) is crucial in today's rapidly evolving threat landscape, where traditional point-in-time security assessments are no longer sufficient. GigaOm’s third annual Radar report for PTaaS examines 13 of the top PTaaS solutions, providing an overview of the market to help decision makers evaluate these solutions and make informed investment decisions.
- How the evolving technology and threat landscape are driving new security needs for pentesting
- Key considerations for choosing a PTaaS provider based on your organization’s evolving security challenges
- Why Cobalt is a Leader in Penetration Testing as a Service.
Notes.
Today's issue includes events affecting China, Israel, and the United States.
The CyberWire will publish on its winter holiday schedule beginning tomorrow. We'll resume regular publication on January 2nd, in the new year. Best holiday wishes to you all, and thanks for reading.
Attacks, Threats, and Vulnerabilities
BeyondTrust says hackers breached Remote Support SaaS instances (BleepingComputer) Privileged access management company BeyondTrust suffered a cyberattack in early December after threat actors breached some of its Remote Support SaaS instances.
Siemens Warns of a Critical Vulnerability in UMC (GovInfoSecurity) Siemens issued a security advisory for a vulnerability affecting industrial control systems in its User Management Component that could enable attackers to execute
Security Patches, Mitigations, and Software Updates
Apache fixes remote code execution bypass in Tomcat web server (BleepingComputer) Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution.
Products, Services, and Solutions
Steffen Fischer Joins SecurityBridge As CFO (SecurityBridge) SecurityBridge, the Cybersecurity Command Center for SAP, today announced that Steffen Fischer has joined the company as its new CFO.
Litigation, Investigation, and Law Enforcement
Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing (The Record) U.K. investigators tell the story of how examining a cybercrime group's extortion funds helped to unravel a money-laundering network reaching from the illegal drug trade to Moscow's elite.
Italy’s Privacy Watchdog Fines OpenAI for ChatGPT’s Violations in Collecting Users Personal Data (SecurityWeek) Italy’s data protection watchdog fined OpenAI 15 million euros ($15.6 million) after wrapping up a probe into collection of personal data.
For a complete running list of events, please visit the Event Tracker.
Events
Hacking 4 Humanity 2025 (Virtual, Jan 24 - Feb 7, 2025) Online hate is on the rise, leading to real-world devastating effects on individuals and communities around the world. Join Carnegie Mellon, Duquesne, Pitt, and other undergrad and grad students from Pittsburgh at a multidisciplinary hackathon to develop new tech and policy solutions that mitigate online hate and create safer communities. Hacking4Humanity is a tech and policy hackathon for undergraduate and graduate students, which offers students a new way to engage with real-world social problems that can be improved with novel technical and policy solutions.
GSA Spaceport Summit 2025 (Orlando, Florida, USA, Jan 27, 2025) Commercial Space Week begins with annual GSA Spaceport Summit on January 27, 2025.
Space Mobility Conference and Expo (Orlando, Florida, USA, Jan 28, 2025) Space Mobility mobilizes commercial industry executives and high-ranking officials from defense and government agencies to assure access and superiority in the highly contested space domain.
SpaceCom/Space Congress (Orlando, Florida, USA, Jan 28 - 30, 2025) SpaceCom | Space Congress exclusively draws participation from the industry leaders and organizations with the power to drive new space strategies, fuel forward progress, signal demand for continued innovation, inform policy, and institute a sustainable future for commercial space. As host of Commercial Space Week, SpaceCom integrates the people, institutions, and solutions that ignite innovation– facilitating progress for every space mission.