Welcome to Ntirety's Threat Intelligence Summary, where our elite Security and Threat Response Team delivers critical insights and expert analysis. Each report highlights the most pressing cyber threats and vulnerabilities currently active, to educate and raise awareness among our partners, customers, and the broader community. Committed to securing mission-critical data, Ntirety's managed security services proactively monitor and combat these threats to ensure the safety of our customers.
- Avis:
American car rental giant Avis notified customers that unknown attackers breached one of its business applications from August 3 until August 6, when the company evicted the malicious actor from its systems and blocked its access. On August 14, it also found that the attacker stole some customers' personal information, including their names and other undisclosed sensitive data.
- Planned Parenthood:
Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage.
- SonicWall:
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10.
- GeoServer:
A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances.
- KTLVdoor:
The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of targeting both Microsoft Windows and Linux systems.
- FreeConference:
North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com
to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview.
- APT23:
An investigation into a China-linked advanced persistent threat (APT) group?known as Tropic Trooper?has revealed an espionage campaign targeting government entities in the Middle East.
- Revival Hijack:
The technique involves re-registering a malicious package on PyPI using the same name as any legitimate, previously registered but now removed package from the repository and then waiting for organizations to download it.
- APT38:
The group, known to be a?subset of the infamous Lazarus Group, chained together previously unknown issues in Windows and Chromium browsers, then throwing a rootkit in the mix in order to achieve deep system access before stealing from targets.
- LiteSpeed:
The flaw, tracked as CVE-2024-44000 and categorized as an unauthenticated account takeover issue,?was?discovered by Patchstack's Rafie Muhammad?on August 22, 2024. A fix was made available yesterday with the release of LiteSpeed Cache version 6.5.0.1.
- Fog Ransomware:
The Fog Ransomware group, which has historically been observed only attacking organizations in the education and recreational sectors, is now pursuing more lucrative targets in the financial services sector.
- Dark Cracks:
Cybersecurity researchers from QiAnXin have uncovered an advanced malware campaign named DarkCracks, which exploits vulnerabilities in compromised GLPI and WordPress websites to distribute malicious loaders and maintain control over infected systems.?
.flocked – Appended file extension to encrypted files
Concerned about the security of your network, systems, applications, or data? Given the ever-growing list of cyber threats, your concerns are justified.
For over 25 years, Ntirety has been at the forefront of helping organizations anticipate and stay protected from both known and emerging cyber threats. Contact us
to discover how our proactive managed security services can strengthen your organization's security posture and provide peace of mind.