CISO Talk by James Azar
CyberHub Podcast
Conduent Confirms Cyber Attack, Record Ransomware Attacks Last Month, Sonicwall Zeroday
0:00
Current time: 0:00 / Total time: -17:47
-17:47

Conduent Confirms Cyber Attack, Record Ransomware Attacks Last Month, Sonicwall Zeroday

Ransomware Hits Record Highs, Zero-Days Exploited, and Iran-Russia Cyber Alliance Unfolds

Good morning, security gang! Welcome to the CyberHub Podcast, where we dive into the latest in cybersecurity news and trends. In today’s packed episode, we cover record-breaking ransomware activity, critical vulnerabilities, global cyber alliances, and more.

Grab your coffee and settle in—this is an episode you don’t want to miss.

Detailed Breakdown of Today’s Top Stories

Conduit Cybersecurity Incident

Conduit, a major business services and government contractor, confirmed that a widespread outage last week was a cybersecurity incident. With 31,000 employees and contracts spanning top Fortune 100 companies, government agencies, and healthcare providers, the impact was significant. The attack disrupted services for organizations like Wisconsin’s Department of Children and Families and Oklahoma Human Services. While the details remain sparse, this serves as a stark reminder of the vulnerabilities faced by critical service providers.

Ransomware Surge in December 2024

The NCC Group reported 574 ransomware attacks in December 2024—the highest monthly total since they began tracking in 2021. A new group, FunkSec, accounted for 18% of these attacks. The industrial sector was the primary target, followed by consumer discretionary, IT, financial, and healthcare sectors. Over half of the attacks targeted North American organizations. The data underscores ransomware’s growing threat to business operations and the economy.

SonicWall Zero-Day Vulnerability

SonicWall patched a critical remote command execution vulnerability (CVE-2025-23006) affecting its SMA 1000 series products. This exploit could allow unauthenticated attackers to execute OS commands. The vulnerability highlights the risks associated with smaller, affordable products often used by small businesses and MSPs.

Chinese Threat Group Targets South Korea

ESET researchers discovered a Chinese threat group, dubbed Plush Demon, using a supply chain attack to compromise a South Korean VPN developer. By hijacking legitimate updates, they deployed a custom backdoor for espionage purposes. The attack highlights the critical importance of supply chain security, especially for organizations handling sensitive data.

FBI and CISA Warn About Ivanti Vulnerabilities

The FBI and CISA issued alerts about Chinese cyber actors exploiting vulnerabilities in Ivanti’s Cloud Services Appliances (CSA). These flaws, tracked as CVE-2024-8963, 9379, 9380, and 9810, enable attackers to pivot within networks. Organizations still using end-of-life versions of Ivanti’s CSA face heightened risks and are urged to upgrade immediately.

Cisco ClamAV Vulnerability

Cisco released updates to patch a ClamAV denial-of-service vulnerability. Although no active exploits have been reported, a proof-of-concept exists. The flaw emphasizes the importance of timely patching, especially for tools critical to malware detection.

Breach Forums Admin Resentencing

Connor Fitzpatrick, founder of the cybercrime platform Breach Forums, faces resentencing after his initial 17-day prison term was vacated. Fitzpatrick’s platform facilitated the trade of sensitive personal data. His case serves as a cautionary tale about the consequences of enabling cybercrime.

Share

Malware Spread via Telegram Campaign

Threat actors exploited news about Ross Ulbricht’s pardon to distribute malware via Telegram. Users were tricked into running PowerShell commands disguised as CAPTCHA verifications, leading to backdoor installations. This highlights the risks of social engineering and misinformation in cyber campaigns.

Iran and Russia Deepen Cyber Ties

Iran and Russia signed an agreement to enhance military, security, and technological cooperation. This partnership could result in coordinated cyberattacks and ransomware campaigns, particularly as both nations face heavy international sanctions. The alliance underscores the geopolitical dimension of cybersecurity threats.

Action List

  1. Patch Systems Immediately: Ensure all systems, especially SonicWall, Ivanti, and ClamAV products, are updated to mitigate vulnerabilities.

  2. Strengthen Supply Chain Security: Evaluate the security posture of third-party vendors and partners.

  3. Monitor Ransomware Activity: Develop a robust ransomware incident response plan and increase vigilance in North America and critical sectors.

  4. Educate Teams on Social Engineering: Train staff to recognize phishing and social engineering tactics like fake CAPTCHA prompts.

  5. Analyze Geopolitical Risks: Incorporate global cyber alliances into your threat modeling.

  6. Follow CyberHub Podcast: Stay informed with daily updates and insights by subscribing to CyberHub Podcast.

Thanks for reading CISO Talk by James Azar! This post is public so feel free to share it.

Share

✅ Story Links:

https://www.bleepingcomputer.com/news/security/conduent-confirms-cybersecurity-incident-behind-recent-outage/

https://www.securityweek.com/record-number-of-ransomware-attacks-in-december-2024/

https://www.securityweek.com/sonicwall-learns-from-microsoft-about-potentially-exploited-zero-day/

https://www.darkreading.com/threat-intelligence/chinese-cyberspies-target-south-korean-vpn-supply-chain-attack

https://www.securityweek.com/fbi-cisa-share-details-on-ivanti-exploits-chains-what-network-defenders-need-to-know/

https://www.bleepingcomputer.com/news/security/cisco-warns-of-denial-of-service-flaw-with-poc-exploit-code/

https://therecord.media/breachforums-resentenced-supervised-release-admin

https://www.bleepingcomputer.com/news/security/telegram-captcha-tricks-you-into-running-malicious-powershell-scripts/

https://therecord.media/russia-iran-cyber-ties-agreement

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

👉Listen here: https://linktr.ee/cyberhubpodcast

Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.

Discussion about this podcast