AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/30/2024

Emerging Threats & Vulnerabilities to Prepare for in 2025

In 2024, we at Dark Reading covered a variety of attacks, exploits, and, of course, vulnerabilities across the board. Here, we recount 10 emerging threats organizations should be prepared for — as detailed by Dr. Jason Clark in “10 Emerging Vulnerabilities Every Enterprise Should Know,” a Dark Reading webinar — as they continuously rise and develop in 2025. Zero-days and their increase in volume across the cybersecurity landscape is a particularly concerning trend, as there is no patch for these bugs when they’re discovered. Attackers are also able to exploit systems using these vulnerabilities undetected, as safeguards have not been put in place by organizations or enterprises yet.

 

South Korea sanctions 15 North Koreans for crypto heists and cyber theft

North Korean hackers are being pursued by governments worldwide that blame them for more than half of the value of cryptocurrency stolen during 2024. Hackers like the infamous Lazarus Group are prime suspects in some of the most notorious cyber thefts in Web3, including the $600 million Ronin network hack. South Korea is the latest country to impose sanctions against 15 North Korean IT organization members and one related group. The sanctioned agents have allegedly procured funds for North Korea’s nuclear missile development program and the DPRK’s Munitions Industry Department through “overseas foreign currency-earning activities,” according to a Dec. 26 news release by South Korea’s Ministry of Foreign Affairs. 

 

Blue Yonder says November ransomware attack not connected to Cleo vulnerability

Blue Yonder, the supply chain management giant that was hit by a ransomware attack last month that caused ripples throughout the retail sector, said it is investigating claims of data theft made by a ransomware gang on Christmas Eve.  The Clop ransomware operation said it stole information from Blue Yonder and dozens of other companies through a recently-discovered zero-day vulnerability in file sharing software from a company named Cleo. The gang made several threats toward Blue Yonder and said they were not responding to extortion attempts. 

 

Cyber startup employee hacked to distribute malicious Chrome extension

An unidentified threat actor has compromised an administrative account of a data security startup, using it to distribute a malicious update for its Chrome browser extension. Swiss-founded security firm Cyberhaven said the hack occurred on Christmas and that the company removed the malicious package from the Chrome Web Store within 60 minutes of detection. Browsers running the compromised extension were vulnerable to abuse for over 30 hours. According to Cyberhaven, the attackers could potentially exfiltrate victims’ sensitive information, including authenticated sessions and cookies.

 

Hackers steal ZAGG customers’ credit cards in third-party breach

ZAGG Inc. is informing customers that their credit card data has been exposed to unauthorized individuals after hackers compromised a third-party application provided by the company’s e-commerce provider, BigCommerce. ZAGG is a consumer electronics accessories maker known for its mobile accessories, such as screen protectors, phone cases, keyboards, and power banks. The Utah-based company has an annual revenue of $600 million. According to the letter sent to impacted individuals, the attacker breached the FreshClicks app provided by BigCommerce and injected malicious code that stole shoppers’ card details.

 

The US proposes rules to make healthcare data more secure

The US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) is proposing new cybersecurity requirements for healthcare organizations aimed at protecting patients’ private data in the event of cyberattacks, reports Reuters. The rules come after major cyberattacks like one that leaked the private information of more than 100 million UnitedHealth patients earlier this year. The OCR’s proposal includes requiring that healthcare organizations make multifactor authentication mandatory in most situations, that they segment their networks to reduce risks of intrusions spreading from one system to another, and that they encrypt patient data so that even if it’s stolen, it can’t be accessed. It would also direct regulated groups to undertake certain risk analysis practices, keep compliance documentation, and more.

Related Posts