CISO Talk by James Azar
CyberHub Podcast
Aviatrix Controller Exploited, Domain Registry Nominet Breached, Crack Down on AI CoPilot Use, Tiktok Sale to Musk?
0:00
Current time: 0:00 / Total time: -18:34
-18:34

Aviatrix Controller Exploited, Domain Registry Nominet Breached, Crack Down on AI CoPilot Use, Tiktok Sale to Musk?

Greetings from beautiful Miami, Florida! The coffee is divine, the weather is perfect, and the cybersecurity world is buzzing with critical updates. Let’s dive into today’s packed show, covering vulnerabilities, geopolitical shifts, privacy breaches, and corporate cybersecurity actions.

Here's your detailed rundown of every story we discussed this morning.

Nudge Security and SaaS Sprawl

Nudge Security is back as a show sponsor, addressing identity risks, data security risks, and third-party risks exacerbated by SaaS sprawl. Their solution offers automated discovery of SaaS accounts, helping organizations manage identities and data more effectively.

Organizations can start a free 14-day trial to gain visibility into their SaaS environment and automate security governance tasks. https://www.nudgesecurity.com/cyberhub

Critical Remote Code Execution Vulnerability in Aviatrix Controller

Threat actors are now exploiting a critical remote code execution vulnerability in the Aviatrix Controller. According to Wiz, CVE-2024-50603 has a perfect CVSS score of 10. The vulnerability stems from improper neutralization of user-supplied inputs, allowing unauthenticated attackers to inject arbitrary code with high privileges.

This vulnerability primarily impacts cloud infrastructure managed by the Aviatrix Controller. Although only 3% of cloud enterprises deploy this controller, 65% of these environments show lateral movement paths to the admin cloud control panel.

Exploitation trends show attackers deploying crypto miners and backdoors in AWS environments. Wiz’s findings highlight the urgency of securing cloud infrastructure to prevent unauthorized lateral movement and privilege escalation.

Nominet Breach via Ivanti VPN Zero-Day

Nominet, the official .UK domain registry, confirmed a network breach linked to the Ivanti VPN zero-day vulnerability. Managing over 11 million .UK domains, Nominet plays a vital role in the UK’s internet infrastructure.

The breach highlights ongoing concerns with Ivanti's vulnerabilities. Nominet is still investigating but has not found evidence of backdoors. Given the impact of Ivanti’s zero-days, more organizations are expected to report similar incidents in the coming weeks.

U.S. Ban on Chinese and Russian Vehicle Connectivity Systems

The U.S. government finalized a ban on the use of Chinese and Russian hardware and software in internet-connected vehicles. This executive order targets vehicle connectivity components such as Bluetooth, cellular, and satellite systems. The ban will take effect starting with the 2030 vehicle models, with a phased rollout beginning in 2027.

This move is part of a broader strategy to reduce foreign influence in critical U.S. infrastructure. However, the timeline raises concerns about existing vehicles' safety and the effectiveness of government regulations.

OneBlood Cyber Attack Update

OneBlood, a not-for-profit blood donation center, disclosed a cyber attack from July 2024 that compromised donor information. Personal details, including names, Social Security numbers, and birth dates, were stolen.

This incident underscores the critical need for healthcare organizations to strengthen their cybersecurity postures to protect sensitive donor information.

Fancy Bear Leveraging Kazakhstan Government Documents

Fancy Bear, a Russian state-linked hacking group, has been using authentic documents from a breach of Kazakhstan’s Ministry of Foreign Affairs as phishing lures. This campaign targets governments across Central Asia, East Asia, and Europe.

Researchers at Sequoia and Recorded Future report that Fancy Bear uses these documents to gather intelligence on geopolitical strategies, particularly regarding the Russia-Ukraine conflict. The group’s methods highlight the importance of understanding the geopolitical landscape in cybersecurity.

Microsoft’s Legal Action Against AI Tool Misuse

Microsoft’s Digital Crimes Unit is taking legal action to disrupt cybercriminals who misuse AI tools to evade security measures. An unsealed complaint in the Eastern District of Virginia reveals that a foreign-based group exploited customer credentials to access Gen AI services and alter their capabilities.

This legal action sends a clear message: misuse of AI technology for cybercrime will not be tolerated. However, Microsoft must also ensure robust identity verification processes to prevent misuse at the source.

Share

Texas Attorney General Sues Allstate for Data Privacy Violations

Texas Attorney General Ken Paxton is suing Allstate and its subsidiary, Arity, for allegedly collecting and selling cell phone location and movement data without user consent. The data harvested includes geolocation, accelerometer, magnetometer, and gyroscopic data.

This lawsuit highlights the growing importance of state-level data privacy laws and the need for a comprehensive federal data privacy framework.

Looming TikTok Ban in the U.S.

The TikTok ban in the U.S. is set to take effect on January 19. Chinese officials reportedly do not expect the Supreme Court to overturn the ban. There are rumors that TikTok might consider selling to Elon Musk to prevent the ban.

This raises significant debates around freedom of speech, national security, and monopolies in media ownership. The TikTok ban will have far-reaching implications for social media platforms and U.S.-China relations.

Action List

  1. Patch the Aviatrix Controller: Ensure your cloud infrastructure is secure against the latest remote code execution vulnerability.

  2. Review VPN Security: Check your organization’s exposure to Ivanti VPN zero-days and patch immediately.

  3. Evaluate Vehicle Connectivity Systems: Assess your organization’s use of foreign hardware and software in vehicles to comply with upcoming regulations.

  4. Secure Donor Information: Healthcare organizations should implement stronger cybersecurity measures to protect sensitive data.

  5. Understand Geopolitical Risks: Stay informed about geopolitical developments that could impact your organization’s security posture.

  6. Manage SaaS Sprawl: Utilize tools like Nudge Security to gain visibility and control over SaaS accounts.

  7. Monitor AI Tool Use: Ensure robust identity verification for users accessing AI tools to prevent misuse.

  8. Review Data Privacy Policies: Ensure your organization complies with state and federal data privacy laws.

  9. Prepare for TikTok Ban: Stay updated on the TikTok ban and its implications for your business.

Thanks for reading CISO Talk by James Azar! This post is public so feel free to share it.

Share

✅ Story Links:

https://www.securityweek.com/critical-aviatrix-controller-vulnerability-exploited-against-cloud-environments/

https://www.bleepingcomputer.com/news/security/uk-domain-registry-nominet-confirms-breach-via-ivanti-zero-day-vulnerability/

https://www.wsj.com/business/autos/u-s-to-ban-chinese-russian-components-in-connected-vehicles-ab030036?mod=latest_headlines

https://www.bleepingcomputer.com/news/security/oneblood-confirms-personal-data-stolen-in-july-ransomware-attack/

https://cyberscoop.com/fancy-bear-kazakhstan-russia-sekoia/

https://www.darkreading.com/application-security/microsoft-cracks-down-malicious-copilot-ai-use

https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-beyondtrust-bug-exploited-in-attacks/

https://therecord.media/texas-sues-allstate-data-privacy-cars

https://www.wsj.com/tech/china-officials-internally-discuss-option-of-tiktok-sale-to-musk-bac0a224?mod=hp_lead_pos3

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

👉Listen here: https://linktr.ee/cyberhubpodcast

Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.

Leave a comment

Discussion about this podcast