Threat Intel Solutions

[Cybercrime](https://www.govinfosecurity.com/cybercrime-c-416) , [Fraud Management -& Cybercrime](https://www.govinfosecurity.com/fraud-management-cybercrime-c-409) , [Incident -& Breach Response](https://www.govinfosecurity.com/incident-breach-response-c-40)Breach Roundup: Cyberattack Disrupts Japan Airlines===================================================Also, US Court Rules NSO Group Violated Hacking Laws With Pegasus Spyware [Anviksha More](https://www.govinfosecurity.com/authors/anviksha-more-i-5461) ([AnvikshaMore](https://www.twitter.com/AnvikshaMore)) • December 26, 2024 [](https://www.bankinfosecurity.com/breach-roundup-cyberattack-disrupts-japan-airlines-a-27157#disqus_thread) * * * * * [Credit Eligible](/premium/pricing ‘As a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking.’)* [](/premium/pricing ‘As a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking.’)* Get Permission*  Image: Shutterstock/ISMG*Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, cyberattack disrupts Japan Airlines, U.S. court rules NSO Group violated hacking laws, the European Space Agency’s web store hacked, FTC orders Marriott to overhaul data security, Sophos patches critical firewall flaws and Apache fixes critical SQL injection in Traffic Control.***See Also:** [Gartner Guide for Digital Forensics and Incident Response](https://www.govinfosecurity.com/whitepapers/gartner-guide-for-digital-forensics-incident-response-w-14302?rf=RAM_SeeAlso)### Cyberattack Disrupts Japan Airlines, Delays Domestic FlightsJapan Airlines [experienced](https://x.com/JAL_flight_info/status/1872152243375657233) a cyberattack on Thursday, delaying 24 domestic flights by over 30 minutes. The attack – a possible distributed denial of service incident – began in the morning, overwhelmed the airline’s network, temporarily disrupting ticket sales and internal systems. JAL said that flight safety was not compromised, and no customer data was leaked. Systems were restored within hours, resuming normal operations.Chief Cabinet Secretary Yoshimasa Hayashi said the transport ministry urged JAL to expedite system recovery and assist affected passengers. The attack coincided with Japan’s year-end holiday travel season, leaving many travelers stranded at Tokyo’s Haneda Airport.### U.S. Court Rules NSO Group Violated Hacking Laws with Pegasus SpywareA U.S. federal judge [ruled](https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/ndoc-419-cv-07123-pjh-judgement-whatsapp-v-nso-dec-202024.pdf) that Israeli spyware maker NSO Group violated American hacking laws by exploiting WhatsApp zero-day vulnerabilities to deploy Pegasus spyware on over 1,400 devices. The court found NSO breached the Computer Fraud and Abuse Act and California’s Computer Data Access and Fraud Act.WhatsApp, owned by Meta, sued the commercial spyware company in 2019, alleging NSO reverse-engineered its code to deliver spyware through zero-click attacks, including a previously unknown exploit called ‘Erised.’ NSO continued deploying Pegasus until Meta patched the flaw in May 2020.’This ruling is a major win for privacy,’ [said](https://www.threads.net/@wcathcart/post/DD0iQ7uSAPu) WhatsApp’s Will Cathcart.### European Space Agency Web Store HackedHackers penetrated the European Space Agency’s merchandise web store, compromising customer payment data. The attack involved malicious JavaScript that generated a fake Stripe payment page during checkout. The counterfeit page was highly convincing as it appeared to be served from the ESA store itself.E-commerce security firm Sansec [detected](https://bsky.app/profile/sans.ec/post/3ldy6xxz7rk2l) the breach and flagged the malicious script, warning of potential risks to ESA employees due to the store’s integration with ESA systems. The exfiltration domain mimicked the legitimate store’s name `esaspaceshop` but used the `.pics` top-level domain instead of `.com`.Source Defense Research [confirmed](https://x.com/sdcyberresearch/status/1871228710579253746) Sansec’s findings and captured evidence of the fake Stripe page in action. Although the fake payment page has since been removed, the malicious script remains visible in the site’s source code.The ESA store is currently [offline](https://www.esaspaceshop.com/), displaying a message that it is ‘temporarily out of orbit.’### FTC Orders Marriott to Overhaul Data SecurityThe Federal Trade Commission [finalized](https://www.ftc.gov/news-events/news/press-releases/2024/12/ftc-finalizes-order-marriott-starwood-requiring-them-implement-robust-data-security-program-address) a consent order requiring Marriott International and its subsidiary, Starwood Hotels, to implement improved data security measures after repeated breaches exposed sensitive information of 344 million customers (see: [*Marriott Pays $52M to Settle US States’ Breach Litigation*](/marriott-pays-52m-to-settle-us-states-data-breach-litigation-a-26495 )).The directive follows Marriott’s acquisition of Starwood in 2016 and a series of security failures, including a breach of 339 million guest records from Starwood’s compromised database, including 5.2 million unencrypted passport numbers.Under the FTC order, Marriott must establish a comprehensive security program with encryption, limit retention of personal data and offer U.S. consumers a way to request data deletion. The order also directs the implementation of 24-hour monitoring of IT assets for anomalies and conducting independent security audits every two years for 20 years.This comes after Marriott settled with 50 U.S. attorneys general – 49 states plus the District of Columbia – in an October payout totaling $52 million.### Apache Fixes Critical SQL Injection in Traffic ControlThe Apache Software Foundation [released](https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr) an update to address a critical SQL injection vulnerability, [CVE-2024-45387](https://nvd.nist.gov/vuln/detail/CVE-2024-45387), in Traffic Control versions 8.0.0 to 8.0.1. The flaw has a CVSS score of nine. Traffic Control enables the creation of scalable content delivery networks.The flaw allows privileged users with roles such as ‘admin,’ ‘federation,’ or ‘steering’ to execute arbitrary SQL commands through crafted PUT requests in Traffic Ops. ASF urges users to upgrade to Traffic Control 8.0.2 to mitigate the issue. Versions prior to 8.0.0 are unaffected.This follows an earlier patch by ASF for [CVE-2020-17530](https://nvd.nist.gov/vuln/detail/cve-2020-17530), a remote code execution flaw in Struts 2 caused by forced OGNL evaluation on raw user input.### Sophos Patches Critical Firewall Flaws Enabling RCE and Unauthorized AccessSophos [addressed](https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce) three critical vulnerabilities in its firewall that could allow attackers to execute arbitrary code, perform SQL injection and gain unauthorized SSH access. These flaws affect versions up to 21.0 GA, with fixes provided through automatic hotfixes and firmware updates.The vulnerabilities include an SQL injection flaw tied to specific configurations of email protection with High Availability mode, a predictable SSH passphrase remaining active after HA initialization, and a code injection issue in the User Portal that could escalate privileges. While Sophos estimates a small percentage of devices are affected, these flaws pose significant risks if left unpatched.Sophos has been releasing hotfixes since late November, automatically applying them to affected devices. Permanent fixes are available in version 21 MR1 and later. The company recommends mitigating risks by limiting SSH access to a dedicated HA link, disabling SSH over WAN and restricting access to the User Portal and Webadmin interfaces.Admins can verify updates and apply hotfixes manually if necessary, following guidance in Sophos’ knowledge base. These updates aim to safeguard users from potential exploits, ensuring critical infrastructure remains secure against escalating cyberthreats.### Other Stories From Last Week* [Shadow AI and Deepfake Attacks to Dominate in 2025](/shadow-ai-deepfake-attacks-to-dominate-in-2025-a-27066)* [Online Extortion Gang Clop Threatens Cleo Hacking Victims](/online-extortion-gang-clop-threatens-cleo-hacking-victims-a-27146)* [North Korean Hackers Tied to $1.3B in Stolen Crypto in 2024](/north-korean-hackers-tied-to-13b-in-stolen-crypto-in-2024-a-27129)* [Unpacking OpenAI’s Latest Approach to Make AI Safer](/unpacking-openais-latest-approach-to-make-ai-safer-a-27147)* [US Considers TP-Link Ban After Volt Typhoon Hacking Campaign](/us-considers-tp-link-ban-after-volt-typhoon-hacking-campaign-a-27139) #### [Anviksha More](https://www.govinfosecurity.com/authors/anviksha-more-i-5461)*Senior Subeditor, ISMG Global News Desk* More has seven years of experience in journalism, writing and editing. She previously worked with Janes Defense and the Bangalore Mirror.[](https://twitter.com/AnvikshaMore) [](mailto:amore@ismg.io)  ##### [Effective Communication Is Key to Successful Cybersecurity](https://www.govinfosecurity.com/effective-communication-key-to-successful-cybersecurity-a-25650?rf=RAM_Resources) [whitepaper](https://www.govinfosecurity.com/whitepapers/supporting-malware-analysis-at-scale-w-13319?rf=RAM_Resources)##### [Supporting Malware Analysis at Scale](https://www.govinfosecurity.com/whitepapers/supporting-malware-analysis-at-scale-w-13319?rf=RAM_Resources) [whitepaper](https://www.govinfosecurity.com/whitepapers/cybersecurity-checklist-57-tips-to-proactively-prepare-w-13241?rf=RAM_Resources)##### [Cybersecurity Checklist: 57 Tips to Proactively Prepare](https://www.govinfosecurity.com/whitepapers/cybersecurity-checklist-57-tips-to-proactively-prepare-w-13241?rf=RAM_Resources) [whitepaper](https://www.govinfosecurity.com/whitepapers/expel-quarterly-threat-report-w-12783?rf=RAM_Resources)##### [Expel Quarterly Threat Report](https://www.govinfosecurity.com/whitepapers/expel-quarterly-threat-report-w-12783?rf=RAM_Resources) ##### [OnDemand -| MFA, Passwordless, -& Passkeys: Defend Your Workforce](https://www.govinfosecurity.com/webinars/ondemand-mfa-passwordless-passkeys-defend-your-workforce-w-5094?rf=RAM_Resources) [Critical Infrastructure Security](https://www.govinfosecurity.com/critical-infrastructure-security-c-525)##### [US Congress Authorizes $3B to Replace Chinese Telecom Gear](https://www.govinfosecurity.com/us-congress-authorizes-3b-to-replace-chinese-telecom-gear-a-27160) [Geo-Specific](https://www.govinfosecurity.com/geo-specific-c-518)##### [Year In Review: Australia Expands Cyber Regulation](https://www.govinfosecurity.com/year-in-review-australia-expands-cyber-regulation-a-27159) [Blockchain -& Cryptocurrency](https://www.govinfosecurity.com/blockchain-cryptocurrency-c-483)##### [Cryptohack Roundup: FBI Fingers TraderTraitor for $308M Hack](https://www.govinfosecurity.com/cryptohack-roundup-fbi-fingers-tradertraitor-for-308m-hack-a-27158) [Cybercrime](https://www.govinfosecurity.com/cybercrime-c-416)##### [Breach Roundup: Cyberattack Disrupts Japan Airlines](https://www.govinfosecurity.com/breach-roundup-cyberattack-disrupts-japan-airlines-a-27157) [AI-Driven Security Operations](https://www.govinfosecurity.com/ai-driven-security-operations-c-926)##### [Salt Security Tackles API Risks with AI-Powered Innovations](https://www.govinfosecurity.com/salt-security-tackles-api-risks-ai-powered-innovations-a-27141)[Overview](https://www.govinfosecurity.com/webinars/risk-management-framework-learn-from-nist-w-255) * Twitter* Facebook* LinkedIn* * * From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations’ risk management capabilities. But no one is showing them how – until now.Learn the fundamentals of developing a risk management program from the man who wrote the book on the topic: Ron Ross, computer scientist for the National Institute of Standards and Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37 – the bible of risk assessment and management – will share his unique insights on how to:* Understand the current cyber threats to all public and private sector organizations;* Develop a multi-tiered risk management approach built upon governance, processes and information systems;* Implement NIST’s risk management framework, from defining risks to selecting, implementing and monitoring information security controls.Presented By———— [Presented By](/authors/ron-ross-i-558)—————————————#### [Ron Ross](/authors/ron-ross-i-558)*Sr. Computer Scientist -& Information Security Researcher, National Institute of Standards and Technology (NIST)*

Related Tags:
CVE-2024-45387

Insidious Taurus

DEV-0391

UNC3236

Voltzite

Vanguard Panda

NAICS: 48 – Transportation

NAICS: 921 – Executive

Legislative

Other General Government Support

NAICS: 54 – Professional

Scientific

Technical Services

Associated Indicators: