Welcome to Ntirety's Threat Intelligence Summary, where our elite Security and Threat Response Team delivers critical insights and expert analysis. Each report highlights the most pressing cyber threats and vulnerabilities currently active, to educate and raise awareness among our partners, customers, and the broader community. Committed to securing mission-critical data, Ntirety's managed security services proactively monitor and combat these threats to ensure the safety of our customers.
- Nokia: Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company's stolen source code, the company told BleepingComputer.
- Schneider Electric: Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company's JIRA server.
- City of Columbus: The City of Columbus, Ohio, notified 500,000 individuals that a ransomware gang stole their personal and financial information in a July 2024 cyberattack. The resulting outages affected various services and IT connectivity between public agencies.
- Memorial Hospital: Memorial Hospital and Manor posted an urgent message on Sunday warning patients that the hospital’s IT team had discovered a ransomware attack the morning before when employees found notifications from the virus protection software.
- Microlise: A cyberattack on a telematics company has left British prison vans without tracking systems or panic alarms, although there is no evidence criminals have attempted to exploit the situation.
- Newpark: A key supplier for oilfields said a ransomware attack last week affected internal information systems and has caused disruptions and limited access to certain systems.
- SelectBlinds: More than 200,000 who shopped for blinds or window dressing this year had their credit card information and other data stolen after hackers placed malware on a major retailer’s website.
- Washington State Court: Court systems across Washington state went down on Sunday when officials said "unauthorized activity" was detected on their networks. The ongoing data system outage affects all state courts' judicial information systems, websites, and associated services.
- Interlock: A relatively new ransomware operation named Interlock attacks organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers. Launched at the end of September 2024, Interlock has since claimed attacks on six organizations, publishing stolen data on their data leak site after a ransom was not paid.
- ClickFix: A new social engineering tactic, known as ClickFix, has emerged, using deceptive error messages to prompt users to run harmful code. ClickFix exploits fake error messages across multiple platforms, such as Google Meet and Zoom, often mimicking error notifications on video conferencing pages to lure users.
- ToxicPanda: "ToxicPanda's main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a well-known technique called on-device fraud (ODF)," Cleafy researchers Michele Roviello, Alessandro Strino, and Federico Valentini said in a Monday analysis.
- Synology: Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution.
- SteelFox: A new malicious package called 'SteelFox' mines for cryptocurrency and steals credit card data by using the “bring your own vulnerable driver” technique to get SYSTEM privileges on Windows machines. The malware bundle dropper is distributed through forums and torrent trackers as a crack tool that activates legitimate versions of various software like Foxit PDF Editor, JetBrains and AutoCAD.
- Winos4.0: Hackers are increasingly targeting Windows users with the malicious Winos4.0 framework, distributed via seemingly benign game-related apps. The toolkit is the equivalent of Sliver and Cobalt Strike post-exploitation frameworks and it was documented by Trend Micro this summer in a report on attacks against Chinese users.?
- VEILDrive: An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi.
- Rhadamanthys: Hundreds of companies worldwide have been targeted with spear-phishing emails claiming copyright infringement that actually deliver an infostealer. Starting in July, Check Point Research began to track the emails as they spread across the Americas, Europe, and Southeast Asia, coming from a new domain each time. Hundreds of its customers have been targeted, indicating that the real reach of the campaign may be far greater still.
- Palo Alto: CISA warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS.
Concerned about the security of your network, systems, applications, or data? Given the ever-growing list of cyber threats, your concerns are justified.?
For over 25 years, Ntirety has been at the forefront of helping organizations anticipate and stay protected from both known and emerging cyber threats. Contact us to discover how our proactive managed security services can strengthen your organization's security posture and provide peace of mind.