Tuesday 10th December 2024

Good morning everyone and thank you for joining me for today's edition of Cyber Daily. In my latest instalment I'm covering stories from a decade-old Cisco vulnerability making a comeback to Pegasus spyware quietly galloping through smartphones worldwide, today’s newsletter is a reminder that cyber threats don’t take breaks.

In this issue, we’ll cover:

- The persistent shadow of Chinese cyberespionage targeting U.S. telecoms.

- Cisco’s urgent plea to patch a vulnerability from 2014 (because some things never really go away).

- Pegasus spyware proving it can adapt, evolve, and remain a menace to both high-profile and unsuspecting targets alike.

Enjoy!

White House sounds the alarm on Chinese telecom hacks

Chinese hackers linked to the government have spent up to two years infiltrating U.S. telecom networks, a breach that impacts eight companies domestically and spans dozens of countries worldwide. The campaign, attributed to the group Salt Typhoon, remains active, with officials warning that attackers are likely still lurking within the compromised systems.

White House cybersecurity adviser Anne Neuberger discussed the ongoing threat, stating, “Until U.S. companies address cybersecurity gaps, the Chinese are likely to maintain their access.” Alarmingly, the hackers targeted both major political campaigns in 2020 and accessed data with the potential to compromise communications of everyday Americans.

Telecom giants are working to expel the attackers, but risks persist until comprehensive security measures are implemented. In response, U.S. agencies and allies have issued joint guidance to strengthen critical infrastructure defences. President Biden, briefed multiple times, has prioritised collaboration between telecom CEOs and cybersecurity experts to close the vulnerabilities.

Cisco urges updates for decade-old vulnerability

Cisco has issued an urgent alert for users of its Adaptive Security Appliance (ASA) software: a vulnerability first identified in 2014 is being actively exploited. The flaw, tracked as CVE-2014-2120, affects the WebVPN login page and allows attackers to perform cross-site scripting (XSS) attacks by tricking users into clicking malicious links.

Exploitation attempts resurfaced in November 2024, pushing Cisco to remind users there are no workarounds for the flaw—upgrading to a secure version of ASA software is the only solution.

Cybersecurity experts like Meny Har of Opus Security emphasize the lesson here: “Legacy vulnerabilities can persist for years if organisations don’t prioritise addressing them amid the flood of emerging security issues.”

With threat actors actively exploiting this bug, Cisco's advice is simple but critical—update now to avoid being caught in the crosshairs.

Pegasus spyware infiltrates more devices than expected

Pegasus, the infamous spyware developed by Israel's NSO Group, has expanded its reach, compromising both iPhones and Android devices across diverse demographics. Recent scans of 2,500 devices by security firm iVerify revealed seven new Pegasus variants affecting iOS versions 14 through 16.6 and Android systems.

The spyware, long associated with high-profile targets like journalists and politicians, now appears to be more pervasive than previously thought. iVerify’s findings suggest state-sponsored actors are also surveilling individuals who don’t fit traditional high-risk profiles.

Pegasus can silently exploit vulnerabilities through zero-click attacks, enabling attackers to monitor devices, steal sensitive data, and track locations—all without user interaction.

The key takeaway? Mobile spyware often evades traditional security tools. Experts urge regular OS updates, proactive threat hunting, and user education on mobile security to mitigate risks. As iVerify co-founder Rocky Cole warns, "Spyware is hiding in plain sight, and defending against it requires empowering users to detect invisible threats."