Current Global Threat Index the Check Point Research team warns especially against ransomware. At the head of the ransomware gangs is RansomHub, which works as Ransomware-as-a-Service. He has grown massively since his rebrand (aka Knight) and has over 210 victims on his list worldwide. It aggressively attacks Windows, macOS and Linux systems, especially in the VMware ESXi environment, and is known for its sophisticated encryption methods.
The Meow ransomware, a remnant of the liquidated Conti group, saw a remarkable rise in August. It has moved from encryption to creating a marketplace of stolen data that it offers for further abuse.
The most widespread malware in the world includes the FakeUpdates downloader with an eight percent share, followed by the Androxgh0st and Phorpiex botnets.
ATTACKS AND DATA LEAKS
Port The Port of Seattle has confirmed that the Rhysida ransomware gang is responsible for the August 2024 cyberattack. The attack also caused service disruptions at Seattle-Tacoma International Airport, including outages of the website and baggage handling and check-in systems. The Port of Seattle refused to pay the ransom.
Cyber security company Fortinet confirmed the leak of 440 GB of files from the Microsoft SharePoint server. Although the attacker did not encrypt data or attempt to access the company’s network, he did demand a ransom. Fortinet refused to pay. The breach reportedly involved a small amount of customer data stored in a third-party cloud-based shared storage.
French retail chainsincluding Boulanger and Cultura, confirmed the breach of customer data – names, addresses and contact details. The vulnerability that was exploited in the attack has already been fixed.
Kadokawa, Japanese media company anime and video game company is dealing with another data breach following an alleged attack by the BlackSuit ransomware gang. Sensitive company data including contracts and employee information was leaked.
Public schools Highline, Washington reported a cyber attack that resulted in facility closures and cancellation of activities. The investigation, involving federal and state law enforcement agencies, aims to address unauthorized network activity affecting critical systems.
Free Russia Foundation, non-profit organization based in the US, is investigating the data breach, which is behind the Kremlin-linked hacker gang Coldriver. Thousands of emails and documents, likely including sensitive strategic and financial data, have been released online.
VULNERABILITIES AND PATCHES
Microsoft the September 2024 patch addressed 79 flaws, including four 0-day vulnerabilities, three of which were actively exploited. The top priority was to fix two critical/high vulnerabilities, a remote code execution flaw in Windows Update (CVE-2024-43491) and a privilege escalation flaw in Windows Installer (CVE-2024-38014). The update also addresses multiple elevation of privilege and remote code execution bugs in several Microsoft components and products.
Worpress Post Grid and Gutenberg Blocks have an escalation of privilege vulnerability (CVE-2024-8253) that affects over 40,000 sites. This now-fixed bug allows authenticated users with minimal privileges to elevate their privileges to administrator.
Ivanta a patch for the critical Remote Code Execution (RCE) vulnerability (CVE-2024-29847) in Endpoint Manager (EPM) software is available. The error is caused by improper deserialization of untrusted data and is a potential risk.
Ivanti Cloud Services Appliance (CSA) has a very serious vulnerability (CVE-2024-8190) that allows remote code execution. This bug affects CSA version 4.6 and CISA has added it to its catalog of known exploited vulnerabilities, requiring federal agencies to fix it by October 4.
Regular weekly review THREAT INTELLIGENCE REPORT you can watch via the LinkedIn network
Research team Check Point Research has been tracking security trends, evaluating anomalies, and bringing up-to-date warnings and news about cyber threats to the community for more than three decades. Experts continuously collect and analyze data on global cyber attacks from monitoring the networks they manage, open source platforms, the ThreatCloud network and intelligence from the dark web.
Source: www.nextech.sk
