CyberWire Daily - The end of MATRIX.
Episode Date: December 4, 2024International law enforcement takes down the MATRIX messaging platform. SailPoint discloses a critical vulnerability in its IdentityIQ platform. A Solana library has been backdoored. SolarWinds disclo...ses a critical vulnerability in its Platform product. Researchers identify 16 zero-day vulnerabilities in Fuji Electric’s remote monitoring software. Cisco urges users to patch a decade-old vulnerability. CISA warns of active exploitation of Zyxel firewall devices. A critical XSS vulnerability has been identified in MobSF. Google’s December 2024 Android security update addresses 14 high-severity vulnerabilities. The Federal Trade Commission settles with data brokers over alleged consent violations. On today’s CertByte segment, Chris Hare and Dan Neville break down a question targeting the A+ Core (220-1101) Exam 1 certification. A vodka company gets iced by ransomware. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management. This week, Chris is joined by Dan Neville breaking down a question targeting the A+ Core (220-1101) Exam 1 certification. Today’s question comes from N2K’s CompTIA® A+ Core Exam 1 Practice Test (Core Exam 2 Practice Test is also available on our site). Have a question that you’d like to see covered? Email us at certbyte@n2k.com. Check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers. Additional sources: www.comptia.org Selected Reading International Operation Dismantles MATRIX: A Sophisticated Encrypted Messaging Service (SOCRadar) German Police Shutter Country’s Largest Dark Web Market (Infosecurity Magazine) 10/10 directory traversal bug hits SailPoint's IdentityIQ (The Register) Solana Web3.js Library Backdoored in Supply Chain Attack (SecurityWeek) SolarWinds Platform XSS Vulnerability Let Attackers Inject Malicious Code (Cyber Security News) 16 Zero-Days Uncovered in Fuji Electric Monitoring Software (GovInfo Security) Cisco Urges Immediate Patch for Decade-Old WebVPN Vulnerability (Hackread) VulnerabilitiesCISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks (SecurityWeek) U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog (SecurityAffairs) MobSF XSS Vulnerability Let Attackers Inject Malicious Scripts (GB Hacker) Android's December 2024 Security Update Patches 14 Vulnerabilities (SecurityWeek) FTC accuses data brokers of improperly selling location info (The Register) Vodka Giant Stoli Files for Bankruptcy After Ransomware Attack (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
International law enforcement takes down the Matrix messaging platform.
SailPoint discloses a critical vulnerability in its Identity IQ platform.
A Solana library has been backdoored.
SolarWinds discloses a critical vulnerability in its platform product.
Researchers identify 16 zero-day vulnerabilities in Fuji Electric's remote monitoring software.
Cisco urges users to patch a decade-old vulnerability.
CISA warns of active exploitation of ZEISSEL firewall devices.
A critical cross-site scripting vulnerability has been identified in MobSF.
Google's December 2024 Android security update addresses 14 high-severity vulnerabilities.
The FTC settles with data
brokers over alleged consent violations. On today's CertByte segment, Chris Hare and Dan
Neville break down a question targeting the A-plus core exam one certification.
And a vodka company gets iced by ransomware.
somewhere. It's Wednesday, always to have you with us.
International collaboration struck a blow against cybercrime yesterday with the dismantling of Matrix, a sophisticated encrypted messaging platform favored by organized crime.
Led by Dutch and French authorities with support from Europol, Eurojust, and other nations,
the operation targeted Matrix's decentralized infrastructure,
which spanned over 40 servers, including key ones in France and Germany.
Initially uncovered on a device linked to the 2021 murder of a Dutch journalist,
Matrix was found to be a hub for illegal activities like drug trafficking,
money laundering, and arms smuggling.
Offering invitation-only access, end-to-end encryption, and multi-server hosting,
Matrix became a secure tool for criminals seeking anonymity.
Matrix became a secure tool for criminals seeking anonymity.
However, authorities intercepted and deciphered 2.3 million messages over three months,
unraveling its web of illegal operations.
As criminals shift to other platforms like Signal, Discord, and Session,
law enforcement faces a growing challenge in tracking fragmented communication methods.
Meanwhile, German police have dismantled Crime Network, that country's, drugs, forged documents, and other illegal goods,
with over 100,000 users and 100 sellers, primarily from German-speaking countries.
Authorities seized servers, luxury vehicles, evidence, and $1.1 million in cryptocurrency assets. Crime Network reportedly enabled transactions worth nearly $100 million
between 2018 and 2024, earning operators commissions of between 1 and 5 percent,
plus seller fees. Buyers typically paid in cryptocurrency. The operation includes
ongoing investigations into user and transaction data. The arrested individual
faces charges of managing a criminal platform and drug trafficking. SailPoint has disclosed a
critical 10 out of 10 severity vulnerability in its IdentityIQ identity and access management
platform. The flaw, a directory traversal vulnerability, allows attackers to
access unauthorized directories, potentially exposing sensitive data and compromising systems.
Such bugs, described by some as embarrassingly easy to exploit, stem from improper sanitization
of user input, a basic security failure highlighted by the U.S. Cybersecurity
and Infrastructure Security Agency, affected customers are urged to upgrade to patched
versions immediately. Developers of decentralized applications on Solana unknowingly downloaded
backdoored versions of the Solana Web3.js library after a GitHub account was compromised.
The malicious versions were available for five hours on December 2nd
and included code enabling attackers to steal private keys and drain funds.
While non-custodial wallets remain unaffected, projects handling private keys directly are at risk. Developers should immediately upgrade
to the clean version and rotate any compromised keys. GitHub warns systems using the backdoored
versions may be fully compromised, necessitating a complete reset of credentials from a different
machine. Binance reported no major cryptocurrency wallets were hacked, though third-party tools
linked to private keys might have been affected. SolarWinds has disclosed a critical vulnerability
in its platform product, affecting the search and node information sections of its user interface.
The cross-site scripting flaw allows authenticated attackers to inject malicious code, potentially compromising system integrity and confidentiality.
While the exploit requires user interaction and authentication, the flaw's severity is rated 7.0 on the CVSS scale.
SolarWinds urges users to apply necessary updates to mitigate this high-risk security issue.
Security researchers have identified 16 zero-day vulnerabilities in Fuji Electric's remote monitoring software affecting critical infrastructure providers. TELUS, TELUS Lite, vServer, and vSFT modules, enabling attackers to execute arbitrary code
through user interaction, such as visiting malicious pages or opening files. The zero-day
initiative attributes the vulnerabilities to improper validation of user-supplied data,
leading to out-of-bounds write issues. Previously, Fuji Electric patched similar vulnerabilities in 2021,
addressing risks like denial-of-service attacks and sensitive data exposure.
Cisco is urging users of its adaptive security appliance
to patch a decade-old vulnerability in its WebVPN login page,
which is being actively exploited. The flaw,
caused by insufficient input validation, allows attackers to execute cross-site scripting attacks
by luring victims to malicious links, potentially compromising sensitive information or injecting
malware. Initially flagged in 2014, the vulnerability resurfaced this year, with malware
like Androx Ghost leveraging it for attacks. CISA added it to its known exploited vulnerabilities
catalog, requiring government agencies to address it by December 3rd. With no workarounds available,
Cisco strongly advises updating ASA software to the latest patched version
to safeguard networks against these emerging threats.
CISA has warned of active exploitation of a path traversal vulnerability in ZyZle firewall
devices. The flaw allows attackers to download or upload files via crafted URLs, potentially leading to unauthorized access, credential theft,
and backdoor VPN creation.
ZyZell addressed this issue in a firmware update released September 3rd
alongside fixes for other vulnerabilities.
Users are urged to update their firmware,
change admin passwords, and check for rogue accounts.
CERT Germany emphasized that patching alone is insufficient without these additional steps.
CISA has added this to its known exploited vulnerabilities catalog,
requiring federal agencies to patch affected devices by December 24th.
Additionally, CISA has added two other vulnerabilities to the KEV catalog.
The first is an XML external entity flaw in ProSelf, which allows unauthenticated attackers
to read server files, exposing sensitive data. The second is an improper authentication vulnerability
in Project Send, which enables attackers to exploit HTTP requests to modify
configurations, create accounts, and upload web shells. A critical vulnerability has been
identified in Mobile Security Framework version 4.2.8, allowing attackers to inject malicious
scripts via stored cross-site scripting. The flaw resides in the diff or compare functionality,
which improperly handles file uploads
containing script-laden file names with special characters.
Attackers can exploit this oversight
to upload a malicious file, embedding scripts in its name.
When the file is accessed, the script executes,
compromising data confidentiality and
posing a persistent threat. Mitigation requires stricter file name validation and restricting
uploads to whitelisted characters. Mob SF developers are urged to address this issue immediately.
Google's December 2024 Android security update addresses 14 high-severity vulnerabilities,
including a critical remote code execution flaw in the system component.
This flaw allows attackers to execute code without additional privileges.
The update, split into two patch levels, fixes six framework system bugs
and eight vulnerabilities in components from
Imagine Technologies, MediaTek, and Qualcomm. Updated Android versions include these patches,
now available in the Android open source project repository. Google urges users to update promptly,
emphasizing the improved security of newer Android versions. No active exploitation
of these flaws has been reported, and updates for Android Automotive OS and Wear OS are also
included. Pixel device-specific updates are expected soon. The Federal Trade Commission
has settled with data brokers Gravy Analytics and Mobile Wallah over allegations they
sold sensitive location data without consent. The data, collected from apps and tracking SDKs,
revealed visits to hospitals, places of worship, protests, and even specific rooms in buildings.
Gravy boasted of collecting billions of daily location signals, while Mobile Wallah retained data on hundreds of millions of devices.
The FTC claimed the brokers failed to verify user consent or knowingly ignored its absence.
Both companies have agreed to delete improperly collected data, implement consent safeguards, and restrict the sale of information tied to sensitive locations
like medical facilities and schools. The bipartisan ruling passed unanimously
reflects growing scrutiny of data brokers.
Coming up after the break on today's CertByte segment,
Chris Hare and Dan Neville break down a question targeting the A-plus core exam one certification.
And a vodka company gets iced by ransomware.
Stay with us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more
at blackcloak.io. It's time for our CertByte segment.
And today, Chris Hare and Dan Neville break down a question targeting the A-plus core
exam one certification.
Hi, everyone.
It's Chris.
I'm a content developer and project management specialist here at N2K Networks.
I'm also your host for this week's edition of CertByte, where I share a practice
question from our suite of industry-leading content and a study tip to help you achieve
the professional certifications you need to fast-track your career growth in IT,
cybersecurity, and project management. Today's question targets the CompTIA A-plus Core Exam 1, which is exam ID 220-1101.
This exam is targeted for those candidates who are new to IT and have about 9 to 12 months of experience, whether that's in the lab or in the field.
I have my teammate Dan here to help us out again today.
And as we've already established, after all, he is our captain of CompTIA.
How are you today, Dan?
I'm doing great, Chris.
Thanks for having me here today.
Absolutely.
So we're going to turn the tables again and have Dan ask me today's question.
But before we get into it, Dan, is it true that candidates should take the A-plus exam first before taking the Network Plus and Security Plus exams?
Absolutely.
It's highly recommended that you do that.
Network Plus builds on A+,
Security Plus builds on the content in A+, and Network Plus.
So for anybody starting out in IT, A-plus is the way to start.
Excellent.
So while I gird my loins for your question, Dan,
I understand you have a 10-second study bit for this test.
What do you have for us?
So from helping lots of people go for this exam over the years,
I've seen two areas where people have problems.
Make sure you understand the troubleshooting process.
Also, I would use a lot of flashcards to help memorize the ports and protocols.
All right.
Those are great tips.
And we do have a lot of study materials to support this. so we will share where you can find those after this program. Okay, I'm
ready for your A-plus core exam. One question, Dan, I don't know what to expect, so let's jump right in.
Okay, so here's your question. Okay. You want to set up a wireless network that uses the 5 gigahertz band.
Which two wireless specifications could you use?
And you need to choose two.
Oh, boy.
So your choices are 802.11n, 802.11ac, 802.11b, and 802.11g.
So which two?
Aye, aye, Captain.
I have a clue.
I'm going to need your help thinking this through.
This is part of the networking objective and more specifically comparing and contrasting protocol
for wireless networking.
But where on earth do I begin?
Can you please help steer me through this, Captain Dan?
Sure.
This is one of those memorization things.
And if you Google 802.11 specifications chart, you'll see that there are many of them out there.
And that's one of these things that you have to memorize.
One thing to memorize is like the 802.11 and the N or the AC, the B or the G.
What gigahertz range it runs in.
There's only two.
And what the bandwidth are.
So if you were studying and Googling that,
you would be able to pull up that chart.
And it's one of those things, if you take the exam in person,
you can actually write that chart down on the whiteboard that they give you.
So you can do a formula dump as it were.
That was a study bit that I shared with a previous practice test.
So that would be a good thing to do a prior study dump or brain dump before you take the exam, right?
Yep.
As soon as you sit down, get all that stuff out of your head.
Okay.
All right.
So given this is a memorization question and I do not have that
related resource at my disposal, I am just going to take two wild guesses of A and D. So 802.11n
and 802.11g respectively. Am I anywhere near the realm of being correct? Well, surprisingly,
you might be surprised that you are half right.
Okay.
The correct answers are A and B.
You can use either 802.11ac, which is commonly known nowadays as Wi-Fi 5,
or the 802.11n, Wi-Fi 4, or the wireless N specifications.
802.11ac, Wi-Fi 5, that uses the 5 gigahertz range. Okay. It's reported as capable
to go up to 1.3 gigabits per second, which is pretty fast, but to remain backwards compatible
with 802.11n, 802.11ac includes protocol support for the 2.4 gigahertz band at speeds up to 450 megabits per
second okay i'm sure this makes sense to most other people so thank you for that and you already
told us where students can find that chart so i appreciate you sharing all of that great information
and for that brain twister dan i see I see also from the CompTIA website
that the A-plus exam appears in more tech support job postings than any other IT credential. Can you
share a little why you think this is the case? Sure. A-plus is designed so that you need to have
nine to 12 months experience either in the lab or on the job to pass it.
So employers expect you to be able to walk into most general tech support situations and solve their problems.
They might need only to train you on their specific systems, but the principles that are embodied in A-plus are going to be your most valuable tools.
that are embodied in A-plus are going to be your most valuable tools.
Okay, great. And I realize it's also really important that candidates know that they need for the A-plus,
they have to take both Core 1 and Core 2 exams to earn this certification.
Is that right?
Yes, that's correct.
You always have to pass both halves of the exam.
In this case, it's Core 1 and Core 2.
And we have practice tests, training courses, and labs for both exams on our website.
Excellent.
So thank you so much for being here today, Dan.
Are there any upcoming CompTIA practice tests or courses you'd like to promote here?
Ooh, you bet.
We got Cloud Plus coming out very shortly.
IT Fundamentals has been updated and rebranded as Tech Plus,
and we'll have that shortly.
Pentest Plus towards the end of the fall.
And the brand new Security X certification,
which is replacing CASP Plus,
hopefully by the beginning of the year. So we got lots of stuff coming out to update the CompTIA exams. Lots of great stuff.
Thank you so much, Dan. Thank you. And thank you for joining me for this week's CertByte. If you're
actively studying for this certification and have any questions about study tips or even future
certification questions you'd like to see,
please feel free to email me at certbyte at n2k.com.
That's C-E-R-T-B-Y-T-E at N number 2K dot com.
If you'd like to learn more about N2K's practice tests,
visit our website at n2k.com forward slash certify.
For more resources, including our new N2K Pro offerings,
check out thecyberwire.com forward slash pro.
For sources and citations for this question, please check out our show notes.
Happy certifying, everyone.
today's question comes from n2k's comptia a plus core exam one practice test we'll have links to that in our show notes check it out
Thank you. trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today
to see how a default-deny approach
can keep your company safe and compliant. And finally, our wine and spirits desk reminds us
that even vodka isn't immune to the double whammy of ransomware and geopolitical drama.
Stoli Group USA, famed for its Stolichnaya Vodka,
has filed for bankruptcy in the U.S., drowning in $78 million of debt.
Among the culprits, a severe ransomware attack in August 2024 that crippled its IT systems,
ransomware attack in August 2024 that crippled its IT systems, forcing manual operations and delaying financial reports until 2025. Talk about a hangover. Adding insult to injury,
Stoli faced retaliation from Russia for its pro-Ukraine stance. Founder Yuri Shefler was
labeled an extremist, two distilleries worth $100 million were confiscated,
and the group burned through millions in a decades-long trademark battle with Russian authorities.
This vodka tale serves as a sobering reminder of ransomware's potential to shake businesses to their core,
even as it remains unclear if Moscow had a hand in this particular
digital assault. Still, in the battle of ransomware versus vodka, it seems ransomware took the top shelf. And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly
changing world of cybersecurity. If you like our show, please share a rating and review in your
favorite podcast app. Please also fill out the survey in the show notes or send an email to
cyberwire at n2k.com. We're privileged that N2K Cyber Wire is part of the daily routine of the
most influential leaders and operators in the public and private sector,
from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your teams smarter.
Learn how at N2K.com.
This episode was produced by Liz Stokes. Our mixer is Trey Hester
with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer
Iben. Our executive editor is Brandon Carr. Simone Petrella is our president. Peter Kilby
is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.