Today’s Topics:

• Critical Nuclei Vulnerability Enables Signature Bypass and Code Execution
• Wallet Drainer Malware Steals Nearly $500 Million in Cryptocurrency in 2024
• How can Netizen help?

Critical Nuclei Vulnerability Enables Signature Bypass and Code Execution

A high-severity vulnerability has been uncovered in ProjectDiscovery’s Nuclei, a popular open-source vulnerability scanner. The flaw, tracked as CVE-2024-43405, carries a CVSS score of 7.4 and could allow attackers to bypass signature checks and execute malicious code, posing significant risks to users.

The issue, affecting all Nuclei versions beyond 3.0.0, arises from a discrepancy in how signature verification and the YAML parser handle newline characters. This discrepancy, combined with the processing of multiple signatures, creates an opening for attackers to inject malicious content into a template while retaining a valid signature for the non-malicious portion.

Nuclei uses YAML-based templates to probe applications, infrastructure, cloud platforms, and networks for security flaws. The discovery, made by cybersecurity firm Wiz, reveals that the signature verification process—a critical component ensuring template integrity—is vulnerable. Exploiting this flaw allows attackers to bypass verification, craft malicious templates, and execute arbitrary code on the host system.

At the core of the vulnerability is the misuse of regular expressions (regex) in the signature validation process. The conflict arises when regex-based verification interacts with the YAML parser, which treats certain characters differently. Specifically, an attacker can introduce a “\r” character, which regex interprets as part of the same line, but the YAML parser reads as a line break. This mismatch allows the injection of additional “# digest:” lines that evade verification yet are executed by the YAML interpreter.

“The verification logic only validates the first ‘# digest:’ line,” explains Wiz researcher Guy Goldenberg. “Additional lines are ignored during verification but remain executable by the YAML parser, creating a significant security gap.”

The vulnerability highlights a critical weakness in Nuclei’s template verification process, making it a single point of failure for ensuring template integrity. Organizations running untrusted or community-contributed templates are particularly at risk, as attackers could exploit this to execute arbitrary commands, exfiltrate data, or compromise systems.

Following responsible disclosure, ProjectDiscovery addressed the issue on September 4, 2024, with the release of Nuclei version 3.3.2. Users are strongly urged to update to the latest version, 3.3.7, to mitigate potential risks.

“Attackers could craft templates with manipulated ‘# digest’ lines or strategically placed ‘\r’ line breaks to bypass verification,” Goldenberg notes. “Without proper validation or isolation, these malicious templates can lead to severe consequences, including system compromise and data breaches.”

Wallet Drainer Malware Steals Nearly $500 Million in Cryptocurrency in 2024

In 2024, wallet drainer malware emerged as a major threat in the cryptocurrency space, resulting in the theft of nearly $500 million from over 332,000 victims. According to Scam Sniffer, a firm specializing in anti-scam solutions, these attacks marked a 67% increase compared to the previous year, making it one of the most lucrative avenues for cybercriminals.

Wallet drainer malware operates by deceiving users into authorizing malicious transactions, thereby allowing attackers to siphon off their funds. The largest single theft recorded in 2024 amounted to $55.48 million, highlighting the devastating impact of these attacks. Despite the staggering total losses, only 30 incidents resulted in losses exceeding $1 million each, contributing to a combined total of $171 million.

The first quarter of the year was particularly harsh, with over 175,000 victims losing $187.2 million. Although the frequency of attacks decreased in the latter half of the year, significant heists continued, with the most notable incidents occurring in August and September, where losses of $55.48 million and $32.51 million were reported.

Scam Sniffer attributed the surge in early 2024 to a peak in phishing activities. However, as the year progressed, the decline in activity was linked to market adjustments and the exit of prominent wallet drainer groups like Pink and Inferno. Despite this reduction, the cumulative impact of these attacks remained severe.

Complementing these findings, Chainalysis reported that overall cryptocurrency thefts in 2024 exceeded $2.2 billion. A significant portion of this was attributed to state-sponsored attacks, including a $308 million Bitcoin heist by North Korean hackers in December, underscoring the growing sophistication and international reach of cryptocurrency-related cybercrime.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Today’s Topics:

• New Bipartisan Legislation Proposes AI Safety Review Office to Mitigate Extreme Risks
• CISA Publishes 2024 Year in Review: Advancing Cybersecurity and Infrastructure Resilience
• How can Netizen help?

New Bipartisan Legislation Proposes AI Safety Review Office to Mitigate Extreme Risks

On December 19, 2024, a bipartisan coalition of U.S. senators introduced the Preserving American Dominance in AI Act, a legislative proposal to bolster national security against risks posed by advanced Artificial Intelligence (AI) models. This initiative would establish an AI Safety Review Office under the Department of Commerce, led by an undersecretary nominated by the White House. The office would focus on safeguarding “frontier AI models”—the most advanced AI systems yet to be developed—from exploitation by foreign adversaries.

The proposed office would prioritize protecting the U.S. against chemical, biological, radiological, nuclear, and cyber threats that could stem from the misuse of advanced AI. By collaborating with industry leaders, the office would aim to ensure the secure development and deployment of frontier AI technologies.

The legislation outlines that the office would work with frontier AI companies, large data centers, and infrastructure-as-a-service providers to ensure secure practices and to prevent adversaries from exploiting these industries.

A significant component of the legislation involves pre-deployment evaluations for frontier AI models, modeled after the Committee on Foreign Investment in the United States (CFIUS) reviews. These evaluations would assess the security implications of deploying cutting-edge AI to prevent misuse and ensure robust risk management practices.

The AI Safety Review Office would also work closely with the Commerce Department’s AI Safety Institute, leveraging their expertise to advance the science of AI safety. Together, these entities aim to define standards that promote responsible innovation while mitigating extreme risks.

The bill’s authors emphasized their intent to protect U.S. innovation while addressing national security challenges. The bipartisan effort, supported by Senators Mitt Romney, Jack Reed, Jerry Moran, Angus King, and Maggie Hassan, builds on months of dialogue and a previously released framework. It underscores the growing recognition among policymakers of AI’s transformative power and the urgent need for governance to manage its risks responsibly.

CISA Publishes 2024 Year in Review: Advancing Cybersecurity and Infrastructure Resilience

The Cybersecurity and Infrastructure Security Agency (CISA) has released its 2024 Year in Review, showcasing a year of milestones in protecting the nation’s cybersecurity and critical infrastructure. With an evolving risk landscape, CISA has emphasized collaboration and innovation, making strides in reducing vulnerabilities and enhancing resilience across public and private sectors.

CISA played a pivotal role in securing this year’s elections by partnering with state and local election officials, technology providers, and federal agencies. Through extensive threat briefings and risk mitigation guidance, the agency fortified election infrastructure, ensuring secure and resilient voting processes. These efforts have further reinforced trust in delivering fair elections and maintaining the peaceful transfer of power.

Addressing threats posed by Advanced Persistent Threat (APT) actors—particularly from China, Russia, North Korea, and Iran—remained a priority. CISA focused on detecting and neutralizing sophisticated cyberattacks, scaling vulnerability reduction efforts for government systems, and bolstering resilience across critical infrastructure.

This year marked a significant leap in promoting the Secure by Design initiative. CISA successfully rallied over 250 technology companies to commit to integrating security at the core of their product development processes. These pledges aim to minimize exploitable vulnerabilities, ensuring a safer technological ecosystem for users.

As artificial intelligence continues to shape the cybersecurity landscape, CISA has taken proactive steps to address its risks and opportunities. The agency established a Chief AI Officer role and became a founding member of the Testing Risks of AI for National Security (TRAINS) taskforce. These initiatives have been instrumental in advancing AI safety, including the completion of annual AI risk assessments for critical infrastructure sectors.

For the first time, CISA’s Year in Review adopts a web-based, interactive format, offering an engaging way for stakeholders to explore the agency’s work. Featuring multimedia elements like links and videos, the report provides an in-depth look at key achievements and ongoing initiatives.

CISA’s 2024 efforts have laid the foundation for a more resilient and secure future. By focusing on innovation, collaboration, and proactive measures, the agency is well-positioned to tackle emerging threats and uphold its mission as America’s cyber defense agency.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.