The Information Highway

A new ransomware operation named 'Fog' launched in early May 2024, is using compromised VPN credentials to breach the networks of educational organizations in the U.S.

Threat update

Palo Alto Networks has recently disclosed a critical zero-day vulnerability, CVE-2024-3400, within its PAN-OS operating system. The flaw, found in the GlobalProtect Gateway, is currently under active exploitation. Additionally, the threat actors behind RedTail cryptocurrency mining malware have added this vulnerability to its exploit arsenal, further intensifying the threat. 

Threat actors claim to be selling 3TB of data from Advance Auto Parts, a leading automotive aftermarket parts provider, stolen after breaching the company's Snowflake account.

Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests' personal information and the keys for other rooms.

Threat update

ShrinkLocker is a recent ransomware strain that leverages a legitimate Windows encryption feature, BitLocker, to lock victims out of their devices. It shrinks the partition, increasing the impact of the attack. 

Threat update

There has been active exploitation of a critical operating system (OS) command injection vulnerability, known as CVE-2017-3506, found in the Oracle WebLogic Server. The impact can be severe, ranging from financial loss to reputational damage.

Threat update

A new critical command injection vulnerability, CVE-2024-23108, was found in Fortinet's FortiSIEM solution. This vulnerability poses significant risks to organizations using the solution. 

Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations.

A new Google Ads malvertising campaign, coinciding with the launch of the Arc web browser for Windows, was tricking people into downloading trojanized installers that infect them with malware payloads. 

A hacker has defaced the website of the pcTattletale spyware application, found on the booking systems of several Wyndham hotels in the United States, and leaked over a dozen archives containing database and source code data. 

Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services.

GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers.

A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP.

Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources.

The WebTPA Employer Services (WebTPA) data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes.

The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks. 

Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor.

Over the past year, we've witnessed an explosive growth spurt in consumer-focused AI productivity tools that has once again transformed the way we work. Once the realm of data science and engineering teams, generative AI was packaged and delivered to the masses in 2023.

Threat update

This Cybersecurity Threat Advisory breaks down multiple critical vulnerabilities in the Cacti framework, an open-source network monitoring and fault management tool. Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code and compromise network infrastructure.