FlagThis

Japan Airlines was hit by a cyberattack, causing delays to more than 20 domestic flights during the year-end holiday season. While the airline was able to restore its systems hours later, this incident highlights the critical nature of cybersecurity in the aviation sector. The attack did not impact flight safety, however, it disrupted operations. This event serves as a reminder of how vulnerable critical infrastructure is to such attacks. Aviation companies should continue to strengthen their security infrastructure to avoid these kind of incidents.

The North Korean hacking group TraderTraitor, also known as Jade Sleet, UNC4899, and Slow Pisces, is identified as the perpetrator behind the $308 million cryptocurrency theft from Japanese exchange DMM Bitcoin. The group, which is a cryptocurrency-focused element within the Reconnaissance General Bureau, primarily targets blockchain-related companies. The attackers used social engineering techniques to infiltrate the target. They have been known to use supply chain attacks to install malware.

The Play ransomware group has claimed responsibility for the cyberattack on Krispy Kreme, which disrupted online ordering systems. The attackers have threatened to release sensitive company data if their demands are not met. The initial unauthorized activity was detected on November 29, 2024, and the attackers claim to have exfiltrated significant data.

Multiple critical vulnerabilities have been discovered in Fortinet’s products including FortiWLM and FortiClient EMS. These vulnerabilities, including path traversal and SQL injection flaws, allow attackers to execute arbitrary code and access sensitive data. Exploitation of these vulnerabilities can lead to complete system compromise highlighting the need for immediate patching and proper vulnerability management.

Multiple reports indicate that the state of Rhode Island experienced a significant cyberattack that has compromised the personal data of hundreds of thousands of residents. The data breach targeted the state’s online portal for social services, possibly exposing Social Security numbers and bank account details. This has led to demands for ransom and a shutdown of the affected systems, leading to a potential crisis in public services.

The Clop ransomware group has claimed responsibility for exploiting zero-day vulnerabilities in Cleo’s managed file transfer platforms (Cleo Harmony, VLTrader, and LexiCom). The attackers used these vulnerabilities to breach corporate networks, steal data, and gain unauthorized access. The vulnerabilities include an autorun directory feature and an arbitrary file-write flaw which allows the execution of malicious files and establishing persistent access using webshells. The attack has impacted businesses across various sectors, including consumer products, food, and shipping, with most incidents occurring in the United States.

The Romanian presidential election was annulled following allegations of Russian interference, involving 25,000 fake accounts and 85,000 cyberattacks on election systems. The interference involved coordinated disinformation campaigns and social media manipulation. The EU is tightening its control over TikTok as a consequence of this event. The incident highlights the increasing risk of foreign interference in democratic processes using digital platforms and cyberattacks. This shows how election systems can be manipulated to affect the outcome of elections.

A critical vulnerability, CVE-2024-11972, has been discovered in the Hunk Companion WordPress plugin, affecting versions below 1.9.0. This flaw allows malicious actors to install and activate vulnerable plugins on affected sites through unauthenticated POST requests. Attackers can exploit this to backdoor sites. The vulnerability has a CVSS score of 9.8, highlighting its severity. This flaw poses a significant security risk, impacting over 10,000 websites. Site owners are advised to update their plugins immediately.

The US Treasury Department has sanctioned Sichuan Silence, a Chinese cybersecurity company, and its employee Guan Tianfeng for their involvement in a global firewall compromise in April 2020. This hack exploited a zero-day vulnerability, impacting tens of thousands of firewalls, including those of critical infrastructure companies. Guan Tianfeng has also been indicted by the Department of Justice for developing and deploying malware, leading to a $10 million reward for information on the company or Guan. This coordinated action highlights the ongoing threat posed by Chinese cyber actors.

Blue Yonder, a supply chain software company, suffered a ransomware attack on November 21, 2024. The Termite ransomware group claimed responsibility for the breach, threatening to publish stolen data. The attack impacted several major clients, including Starbucks, BIC, and Morrisons, causing disruptions. Blue Yonder is investigating the incident, and the full extent of the data breach and its impact is still being assessed. This is a significant incident in the supply chain due to the number of large companies impacted.

A cyberattack caused a major incident at the UK’s Wirral University Teaching Hospital (WUTH), resulting in postponed appointments and procedures and a system outage. The hospital moved to paper-based methods and continues to experience disruptions. This highlights the vulnerability of healthcare systems to cyberattacks and the potential for serious disruption to patient care.

The SmokeLoader malware has been observed in a new campaign targeting Taiwanese companies across various sectors, including manufacturing, healthcare, and IT. Unlike previous campaigns where SmokeLoader acted as a downloader for other malware, this campaign directly executes the attack by downloading and executing malicious plugins from its C2 server. This approach enhances its capability and evasiveness. The malware utilizes social engineering techniques, such as personalized emails with generic content, to enhance its success rate.

A ransomware attack by RansomHub targeted the Mexican government platform Gob.mx, resulting in the theft of 313GB of data, including government contracts, insurance, and financial information. Attackers threatened to release the data to the dark web if a ransom wasn’t paid.

This cluster covers a cyberattack that significantly disrupted services at Wirral University Teaching Hospital (WUTH) in the UK. The attack resulted in postponed appointments and procedures, highlighting the vulnerability of healthcare systems to cyberattacks and the potential impact on patient care. The incident underscores the need for robust cybersecurity measures within the healthcare sector.