Welcome to Ntirety's Threat Intelligence Summary, where our elite Security and Threat Response Team delivers critical insights and expert analysis. Each report highlights the most pressing cyber threats and vulnerabilities currently active, to educate and raise awareness among our partners, customers, and the broader community. Committed to securing mission-critical data, Ntirety's managed security services proactively monitor and combat these threats to ensure the safety of our customers.
- Slim CD: Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals. In the notification sent to impacted clients, the company says that hackers had access to its network for nearly a year, between August 2023 and June 2024.?
- Transport for London: Transport for London (TfL) has determined that the cyberattack on September 1?impacts customer data, including names, contact details, email addresses, and home addresses. The urban transportation agency had informed the public?on September 2?about an ongoing cybersecurity incident, assuring customers that at the time there was no evidence of data being compromised.?
- Fortinet: Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft SharePoint server.?
- Port of Seattle: Port of Seattle, the United States government agency overseeing Seattle's seaport and airport, confirmed on Friday that the Rhysida ransomware operation was behind a cyberattack impacting its systems over the last three weeks.?
- Kibana: Elastic, the company behind the popular open-source data visualization and analytics platform Kibana, has issued a critical security advisory urging users to update immediately to version 8.15.1. Two severe vulnerabilities, tracked as CVE-2024-37288 and CVE-2024-37285, could allow attackers to execute arbitrary code on affected systems, potentially leading to complete system compromise.?
- LummaC2: A new and sophisticated malware campaign has been detected by eSentire’s Threat Response Unit (TRU), leveraging DLL side-loading to distribute the LummaC2 stealer and a malicious Chrome extension. This multi-stage attack, initiated through a deceptive drive-by download, ultimately aims to steal sensitive financial information and manipulate browser behavior.
- Mustang Panda: One of China's most prolific and well-known state-sponsored threat actors is back on the scene with new self-propagating malware that spreads through USB drives (along with other tools), to extend its cyber-espionage goals of system control and data exfiltration.
- Citrix: Citrix released security updates to address multiple vulnerabilities in the Citrix Workspace App for Windows. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.?CVE-2024-7889 and CVE-2024-7890.
- Siemens: Siemens, a global industrial automation giant, has disclosed a critical heap-based buffer overflow vulnerability in its User Management Component (UMC). The vulnerability, identified as CVE-2024-33698 and assigned a CVSS score of 9.3, could allow an unauthenticated remote attacker to execute arbitrary code on affected systems, potentially leading to severe consequences.
- Acrobat Reader: A cybersecurity researcher is urging users to upgrade Adobe Acrobat Reader after a fix was released yesterday for a remote code execution zero-day with a public in-the-wild proof-of-concept exploit. The flaw is tracked as?CVE-2024-41869 and is a critical use after free vulnerability that could lead to remote code execution when opening a specially crafted PDF document.
- DragonRank: A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation. The black hat SEO cluster has been codenamed?DragonRank?by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China.
- Vo1d: Threat actors have infected over 1.3 million TV streaming boxes running Android with a new Vo1d backdoor malware, allowing the attackers to take full control of the devices. The Android Open-Source Project (AOSP) is an?open-source operating system led by Google that can be used on mobile, streaming, and IoT devices.
- Hadooken: A threat actor is dropping a cryptominer and distributed denial-of-service (DDoS) malware on Oracle WebLogic Servers using "Hadooken."
- Ivanti: Ivanti confirmed on Friday that a high-severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks. The security flaw (CVE-2024-8190) allows remote authenticated attackers with administrative privileges to gain remote code execution on vulnerable appliances running Ivanti CSA 4.6 through?command injection.
- Apache OFBiz: According to a report from?Imperva, over 25,000 malicious requests targeting 4,000 unique sites have been detected since the CVE-2024-45195 vulnerability in Apache OFBiz was disclosed. These attacks, primarily targeting the financial services industry (FSI) and business sectors, have relied on malicious bots and custom exploitation tools written in Go to probe for and exploit vulnerable systems.
- 185.174.136.204 Attacker IP
- 89.185.85.102 Attacker IP
- Binary file MD5: cdf3fce392df6fbb3448c5d26c8d053e Hadooken malware
- Binary file MD5: 4a12098c3799ce17d6d59df86ed1a5b6 Mallox malware
- Binary file MD5: b9f096559e923787ebb1288c93ce2902 Packed Cryptominer
- Binary file MD5: 9bea7389b633c331e706995ed4b3999c Unpacked Cryptominer
- Binary file MD5: 8eef5aa6fa9859c71b55c1039f02d2e6 Tsunami malware
Concerned about the security of your network, systems, applications, or data? Given the ever-growing list of cyber threats, your concerns are justified.
For over 25 years, Ntirety has been at the forefront of helping organizations anticipate and stay protected from both known and emerging cyber threats. Contact us to discover how our proactive managed security services can strengthen your organization's security posture and provide peace of mind.
