Welcome to Ntirety's Threat Intelligence Summary, where our elite Security and Threat Response Team delivers critical insights and expert analysis. Each report highlights the most pressing cyber threats and vulnerabilities currently active, to educate and raise awareness among our partners, customers, and the broader community. Committed to securing mission-critical data, Ntirety's managed security services proactively monitor and combat these threats to ensure the safety of our customers.
- American Water:
American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday cyberattack.
- FBCS:
Comcast Cable Communications and Truist Bank have disclosed they were impacted by a data breach at FBCS and are now informing their respective customers that their data has been compromised. The case concerns a data breach at Financial Business and Consumer Solutions (FBCS), a debt collection agency in the U.S. that partners with various companies to collect unpaid debts on their behalf.
- Fidelity:
Fidelity Investments, a?Boston-based?multinational financial services company, disclosed that the personal information of over 77,000 customers was exposed after its systems were breached in August.
- Axis Health:
A prominent hospital system in Colorado said a cyberattack is affecting the portal patients use to communicate with providers.?Axis Health System operates 13 facilities serving thousands of people across southwest and western Colorado. The nonprofit posted a message on its website this week confirming it is experiencing a cyber incident.
- Trinity:
At least one U.S. healthcare entity has fallen victim to a new ransomware strain called Trinity, according to a report from federal officials. The U.S. Department of Health and Human Services published an advisory on Friday warning hospitals of the threat posed by the ransomware group, noting that its tactics and techniques make it “a significant threat” to the U.S. healthcare and public health sector.?
- Cisco:
In a recent security advisory, Cisco?revealed?multiple vulnerabilities impacting its Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers, which could potentially expose businesses to serious security risks.??
- GobRAT and Bulbature:
In a comprehensive report released by the?Sekoia Threat Detection & Research?(TDR) team, a new and intricate cyber threat has surfaced, targeting edge devices globally. The investigation, which began in 2023, delves deep into the workings of two sophisticated malware variants—GobRAT and Bulbature—that have wreaked havoc across critical networks, with a particular focus on infrastructure likely tied to Chinese state-sponsored operations.?
- Mamba:
In the rapidly evolving world of phishing, a new player has emerged—Mamba 2FA. In late May 2024, Sekoia’s Threat Detection & Research (TDR) team?uncovered?this adversary-in-the-middle (AiTM) phishing kit, which specifically targets multi-factor authentication (MFA) systems. Mamba 2FA has quickly gained traction in the phishing-as-a-service (PhaaS) marketplace, making it easier for attackers to bypass non-phishing-resistant MFA methods such as one-time codes and app notifications.?
- BeaverTail:
A new version of the BeaverTail malware targeting tech job seekers through fake recruiters has been identified. The?attack, discovered by Unit 42 and part of the ongoing CL-STA-240 Contagious Interview campaign, exploits job search platforms like LinkedIn and X (formerly Twitter), with attackers posing as employers to infect devices with malware.?
- New Gen QR Code:
A new generation of QR code phishing (quishing) attacks have been uncovered by threat analyists at Barracuda. Research by the email protection firm highlighted new techniques that have been designed to evade traditional security defenses by including QR codes built from text-based ASCII/Unicode characters rather than the standard static image.?
- Remcos:
Trusted and widely used software development and collaboration platforms like GitHub and GitLab have become both targets of and vehicles for a growing range of malicious activity.?
- Veeam:
Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. Code White security researcher Florian Hauser found that the security flaw, now tracked as CVE-2024-40711, is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit in low-complexity attacks.?
- APT29:
U.S. and U.K. cyber agencies warned today that APT29 hackers linked to Russia's Foreign Intelligence Service (SVR) target vulnerable Zimbra and JetBrains TeamCity servers?"at a mass scale." A joint advisory issued by the NSA, the FBI, the U.S. Cyber Command's Cyber National Mission Force (CNMF), and the U.K.'s NCSC warns network defenders to patch exposed servers to block these ongoing attacks.?
- CyberVolk:
Cybersecurity researchers at Rapid7 Labs have?released?a detailed report on CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware as a primary tool in their attacks. Emerging in June 2024, CyberVolk has rapidly become a significant threat, particularly targeting Spain in retaliation for geopolitical events, as outlined in Rapid7’s analysis.?
Concerned about the security of your network, systems, applications, or data? Given the ever-growing list of cyber threats, your concerns are justified.
For over 25 years, Ntirety has been at the forefront of helping organizations anticipate and stay protected from both known and emerging cyber threats. Contact us
to discover how our proactive managed security services can strengthen your organization's security posture and provide peace of mind.
