Your titile
ShinyHunters is selling online 560 million users’ credit card information, allegedly exfiltrated from Live Nation and TicketMaster. The offer was published on BreachForums, a large infamous darkweb marketplace for stolen data, which has now resurfaced only four weeks after being shut down by the FBI. ShinyHunters is an English-speaking cybercrime known for various important hacks, including a 2020 theft of source code from Microsoft’s private Github in 2020 and the 73 million records’ data breach of AT&T in 2021. Among other methods, it is particularly skilled in exploiting vulnerable Github repos and cloud buckets.
A vulnerability in CheckPoint Network Security gateways (CVE-2024-24919) has been exploited in the wild at least since late April and has been used to infiltrate corporate networks. By compromising old accounts with password-only authentication, the attackers were able to access information on Internet-exposed gateways with remote/mobile access VPN. Concretely, they extracted password hashes for local accounts, including accounts used to connect to Active Directory – which they used to move laterally within victims’ networks.
Mitigate it
Make sure your Remote Access gateway is behind a Security Gateway and that IPS signature "Check Point VPN Information Disclosure (CVE-2024-24919)" is updated
Your Heading
RansomHub leaked data samples exfiltrated from recently attacked victims including the British auction house Christie’s and American Clinical Solutions, from which it stole 400,000 patients’ information. RansomHub is a Ransomware-as-a-Service that emerged last February and already counts a few dozens of targeted organizations. Apparently Russian, the group is eventually a BlackCat’s rebranding or former affiliate. A few weeks ago, it took credit for a second attack on Change Healthcare, following BlackCat’s devastative ransomware operation against the company performed in February.
In the last three months, multiple threat groups have exploited more than 80 vulnerabilities to hijack devices into a botnet utilizing the CatDDOS malware, a new Mirai variant. The flaws are from a wide range of vendors, including Apache, Cisco,D-Link, Gitlab, Jenkins, Metabase and Zyxel. An average of 300 victims per day has been observed, most of them from China.
A Windows version of the Rustdoor backdoor (CVE-2024-4978) is spreading while being embedded in the installer of JAVS Viewer, an audio recording platform widely used in courtrooms, prisons and lecture halls. The flaw lets threat actors to take full control of the compromised systems. Former Rustdoor versions have been linked in the past with BlackCat ransomware group.
Mitigate it
Fully re-image potentially impacted endpoints and reset credentials of associated web browsers and accounts
Your Heading
Four years after its disclosure and reports of wide exploitation, CISA has finally included a vulnerability in ApacheFlink (CVE-2020-17519) in its list of Know Exploited Vulnerabilities (KEV). The flaw allows attackers to access to read files on the local file system of the Job Manager through its RESTinterface. Apache Flink is an open-source stream-processing and batch-processing framework.
Concerns were raised after the publication of a POC for a vulnerability in Fortinet SIEM solution (CVE-2024-23108),which has been patched in February. The command inject flaw allows unauthenticated attackers to run commands at root via API requests. Fortinet first claimed that the vulnerability is a duplicate of another flaw patched last October (CVE-2023-34992) but finally admitted that it is a new variant of the original flaw.
.png)
A new report shows that, since NIST announced cutbacks last February, 93% of new vulnerabilities’ submissions (and 50% of exploited vulnerabilities) have been left for “further analysis” without being enriched and analyzed. Consequently, severity scores, CVSS vectors, CPE configurations, tags and other classifications were not provided. In response, NIST said it recently recruited a new contractor supposed to clear the vulnerability backlog until the end of the year.
Mitigate it
Mitigate it
Mitigate it
Mitigate it
Mitigate it
Sources
