Welcome to Ntirety's Threat Intelligence Summary, where our elite Security and Threat Response Team delivers critical insights and expert analysis. Each report highlights the most pressing cyber threats and vulnerabilities currently active, to educate and raise awareness among our partners, customers, and the broader community. Committed to securing mission-critical data, Ntirety's managed security services proactively monitor and combat these threats to ensure the safety of our customers.
- Texas Tech: The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyberattack that disrupted computer systems and applications, potentially exposing the data of?1.4 million patients. The organization is a public, academic health institution that is part of the Texas Tech University System.
- ConnectOnCall: Healthcare software as a service (SaaS) company Phreesia is notifying over 910,000 people that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall, acquired in October 2023. ConnectOnCall is a telehealth platform and after-hours on-call answering service with automated patient call tracking for healthcare providers.
- BeyondTrust: Privileged access management company BeyondTrust suffered?a cyberattack in early December?after threat actors breached some of its Remote Support SaaS instances.
- CVE-2024-11053: A recently discovered vulnerability in the popular curl command line tool and library, tracked as CVE-2024-11053 and assigned a CVSS score of 9.1, could lead to the unintended exposure of user credentials. The vulnerability arises from the interaction between the use of .netrc files for storing credentials and curl’s handling of HTTP redirects.
- SocGholish: On December 15, we (MalwareBytes) detected a malicious campaign targeting Kaiser Permanente employees via Google Search Ads. The fraudulent ad masquerades as the health care company’s HR portal used to check for benefits, download paystubs and other corporate related tasks.
- APT29: The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was?previously documented?by Black Hills Information Security in 2022, Trend Micro said in a report.
- Google: An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. According to Check Point, which has been monitoring the phishing attack, the threat actors have targeted 300 brands with over?4,000 emails sent in four weeks.
- Juniper: Juniper Networks has warned customers of Mirai malware attacks targeting and infecting Session Smart routers using default credentials. As the networking infrastructure company explained, the malware scans for devices with default login credentials and executes commands remotely after gaining access, enabling a wide range of malicious activities.
- FortiWLM: Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing?unauthorized code or commands through specially crafted web requests. FortiWLM is a centralized management tool for monitoring, managing, and optimizing wireless networks. It's used by government agencies, healthcare organizations, educational institutions, and large enterprises.
Concerned about the security of your network, systems, applications, or data? Given the ever-growing list of cyber threats, your concerns are justified.
For over 25 years, Ntirety has been at the forefront of helping organizations anticipate and stay protected from both known and emerging cyber threats. Contact us to discover how our proactive managed security services can strengthen your organization's security posture and provide peace of mind.
