Welcome to Ntirety's Threat Intelligence Summary, where our elite Security and Threat Response Team delivers critical insights and expert analysis. Each report highlights the most pressing cyber threats and vulnerabilities currently active, to educate and raise awareness among our partners, customers, and the broader community. Committed to securing mission-critical data, Ntirety's managed security services proactively monitor and combat these threats to ensure the safety of our customers.
- Hot Topic:
An alleged data breach exposed the personal information of 56,904,909 accounts for Hot Topic, Box Lunch, and Torrid customers. Hot Topic is an American retail chain specializing in counterculture-related clothing, accessories, and licensed music merchandise. The company operates over 640 stores across the United States and Canada.
- Amazon:
Delta and Amazon confirmed this week that employee data was stolen from a vendor through a vulnerability in the MOVEit file transfer tool. A Delta spokesperson told Recorded Future News that an investigation confirmed the data is internal directory information originating from a third-party partner but not from the company’s own systems.
- Halliburton:
Halliburton has revealed that an August ransomware attack has led to $35 million in losses after the breach caused the company to shut down IT systems and disconnect customers. Halliburton is a global provider of products and services to the energy industry.
- Sheboygan:
Cybercriminals have demanded a ransom from officials in the city of Sheboygan, Wisconsin this week after launching an attack that caused network issues.?Since?late?October, the city of more than 50,000 has been dealing with technology outages. On Sunday the city?provided?an update, confirming that hackers gained “unauthorized access” to the city’s network.
- Remcos RAT:
A new variant of the?
Remcos RAT malware, capable of taking complete control over a victim’s device, has been uncovered in a recent phishing campaign targeting Windows users.
- Microsoft:
The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.
- Volt Typhoon:
The Chinese state-sponsored hacking group Volt Typhoon?has begun to rebuild its "KV-Botnet" malware botnet after it was disrupted by law enforcement in January, according to researchers from SecurityScorecard.
- FakeBat:
The web browser, and search engines in particular, continue to be a popular entry point to deliver malware to users. While we noted a decrease in loaders distributed via malvertising for the past 3 months, today’s example is a reminder that threat actors can quickly switch back to tried and tested methods.
- Visio:
A surge in two-step phishing attacks leveraging Microsoft Visio files has been identified by security researchers, marking a sophisticated evolution in phishing tactics. Discovered by Perception Point, the new attacks use Visio’s .vsdx format, a file type commonly employed for business diagrams, to disguise malicious URLs and bypass traditional security scans.
- Flutter:
North Korean threat actors target Apple macOS systems using trojanized Notepad apps and minesweeper games created with Flutter, which are signed and notarized by a legitimate Apple developer ID
- Strela Stealer:
As of November 2024, IBM X-Force has tracked ongoing Hive0145 campaigns delivering?Strela Stealer?malware to victims throughout Europe – primarily Spain, Germany and Ukraine.
Concerned about the security of your network, systems, applications, or data? Given the ever-growing list of cyber threats, your concerns are justified.
For over 25 years, Ntirety has been at the forefront of helping organizations anticipate and stay protected from both known and emerging cyber threats. Contact us
to discover how our proactive managed security services can strengthen your organization's security posture and provide peace of mind.
