Welcome to Ntirety's Threat Intelligence Summary, where our elite Security and Threat Response Team delivers critical insights and expert analysis. Each report highlights the most pressing cyber threats and vulnerabilities currently active, to educate and raise awareness among our partners, customers, and the broader community. Committed to securing mission-critical data, Ntirety's managed security services proactively monitor and combat these threats to ensure the safety of our customers.
- Wichita County:
A cyberattack in May gave hackers access to the personal, financial and medical information of more than 47,000 residents living in Wichita County, Texas.??
- HACLA:
The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing authorities in the United States, confirmed that a cyberattack hit its IT network after recent breach claims from the Cactus ransomware gang.?
- San Joaquin County Superior Court:
The San Joaquin County Superior Court said nearly all of its digital services have been knocked offline due to a cyberattack that began earlier this week.? The court first?warned?the county’s nearly 800,000 residents of technology issues on Wednesday before?admitting?that it was a cybersecurity incident on Thursday.?
- Salt Typhoon:
The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States. The breached entities have been warned, and the agencies are proactively alerting other potential targets of the elevated cyber activity.?
- Midnight Blizzard:
In a blog post on Tuesday, Microsoft’s Threat Intelligence team said it has seen a Russian actor it tracks as Midnight Blizzard sending “highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors” since October 22.??
- PSAUX:
Over 22,000 CyberPanel instances exposed online to a critical remote code execution (RCE) vulnerability were mass-targeted in a PSAUX ransomware attack that took almost all instances offline. This week, security researcher DreyAnd disclosed that CyberPanel 2.3.6 (and likely 2.3.7) suffers?from three distinct security problems that can result in an exploit allowing unauthenticated remote root access without authentication.?
- Grafana:
CVE-2024-9264 – a critical vulnerability in Grafana—an open-source, multi-platform analytics, and visualization tool widely adopted by organizations to monitor system health and analyze data trends. This vulnerability affects versions 11.0.x, 11.1.x, and 11.2.x, and it exposes Grafana systems to command injection and local file inclusion (LFI) risks.?
- EmeraldWhale:
A large-scale malicious operation named "EmeraldWhale" scanned for exposed Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories. According to?Sysdig, who discovered the campaign, the operation involves using automated tools that scan?IP ranges for exposed Git configuration files,?which may include authentication tokens.?
- Xiu Gou:
A new phishing kit dubbed “Xiu Gou” (修狗), developed to deploy phishing attacks globally, has been targeting users across the US, UK, Spain, Australia and Japan since at least September 2024.?
- CVE-2023-6943:
Critical security vulnerabilities affecting factory automation software from Mitsubishi Electric and Rockwell Automation could variously allow remote code execution (RCE), authentication bypass, product tampering, or denial-of-service (DoS).?
- Apache
Lucene.NET:
The vulnerability,?identified?as CVE-2024-43383, affects the Replicator library in Lucene.NET versions 4.8.0-beta00005 through 4.8.0-beta00016. This flaw stems from the library’s improper handling of untrusted data during deserialization.?
Concerned about the security of your network, systems, applications, or data? Given the ever-growing list of cyber threats, your concerns are justified.
For over 25 years, Ntirety has been at the forefront of helping organizations anticipate and stay protected from both known and emerging cyber threats. Contact us
to discover how our proactive managed security services can strengthen your organization's security posture and provide peace of mind.
