CyberSecurity updates
Updated: 2024-11-10 12:04:40 Pacfic


bleepingcomputer.com
Chinese APT Campaigns Targeting Critical Infrastructure and ISPs - 16d

Multiple Chinese Advanced Persistent Threat (APT) groups, including Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant, are engaging in sophisticated cyber espionage and disruptive campaigns. These groups employ various techniques, including “living off the land” (LOTL) methods, to compromise critical infrastructure, ISPs, and IoT devices. Volt Typhoon’s focus is on U.S. communication infrastructure, often leveraging compromised Fortinet devices for data exfiltration. Salt Typhoon targets U.S. Internet Service Providers (ISPs), seeking to compromise routers and network devices for data collection. Flax Typhoon utilizes compromised IoT devices to build botnets for command and control purposes, aiming at entities in Taiwan and expanding globally. Velvet Ant, a lesser-known group, targets software supply chains, aiming to indirectly infiltrate larger networks. These groups pose a serious threat to critical infrastructure and national security, requiring vigilant defense strategies to combat their stealthy operations.

bleepingcomputer.com
Fortinet FortiManager Zero-Day Vulnerability Actively Exploited (CVE-2024-47575) - 16d

A critical vulnerability, CVE-2024-47575 (dubbed “FortiJump”), was found in Fortinet’s FortiManager, a tool used for managing FortiGate firewalls. This flaw allows attackers to remotely execute code on vulnerable FortiManager devices without authentication. It’s been actively exploited, leading to concerns about transparency as some users learned about the vulnerability through unofficial channels. The vulnerability affects the FortiGate to FortiManager (FGFM) protocol, allowing attackers to bypass security measures by registering rogue devices. Approximately 60,000 FGFM devices are exposed to the internet, highlighting the significant risk associated with this vulnerability.

Steven Campbell, Akshay Suthar, and Stefan Hostetler @ Arctic Wolf
Fog and Akira Ransomware Attacks Linked to SonicWall SSL VPN - 16d

Arctic Wolf Labs has observed an increase in Fog and Akira ransomware attacks, with at least 30 intrusions across various industries since early August. These attacks often leverage SonicWall SSL VPN in the early stages of the attack chain, highlighting the importance of securing VPN access points. The malicious VPN logins originate from IP addresses associated with VPS hosting, providing defenders with a viable mechanism for early detection and response.

MalBot @ Malware Analysis, News and Indicators
CISA Warns of Actively Exploited Flaw in Fortinet FortiManager - 17d

Fortinet FortiManager has a critical vulnerability, CVE-2024-47575, actively exploited in the wild. This flaw, rated at CVSS 9.8, allows attackers with sufficient permissions to execute arbitrary code, potentially leading to system compromise. CISA urges organizations to prioritize timely remediation of the vulnerability.

fortinet.com
Fortinet Data Breach: Threat Actor Claims 440GB of Data Stolen from Microsoft Sharepoint Server and Affects Asia-Pacific Customers - 27d

Fortinet, a major cybersecurity firm, confirmed a data breach in September 2024 after a threat actor claimed to have stolen 440GB of data from the company’s Microsoft Sharepoint server. The attack reportedly targeted a third-party service used by Fortinet, impacting a small number of its Asia-Pacific customers. Although the company claims that the breach was limited in scope, the incident raises concerns about the security of third-party services used by major cybersecurity companies.

fortinet.com
Fortinet Data Breach: Unauthorized Access to Customer Data Stored on Third-Party Cloud Drive - 21d

Fortinet, a cybersecurity company, confirmed a security breach involving unauthorized access to a limited number of customer files stored on a third-party cloud-based file drive. The incident raises concerns about the security of sensitive customer information entrusted to third-party services. Although Fortinet claims minimal disruption, the incident serves as a reminder of the importance of robust data security measures, access controls, and regular security assessments for all environments.

Maria Statchstein @ DMNews
Winos4.0 Malware Targets Windows Systems - 1d

A new malicious software framework, known as Winos4.0, is being used by cybercriminals to infect Windows systems. The malware is primarily being distributed through game-related applications, likely targeting educational organizations. This framework grants attackers complete control over compromised machines, allowing them to steal sensitive information, install additional malware, or launch further attacks. Winos4.0 is designed to operate stealthily and evade detection, making it a significant threat to organizations and individuals using Windows systems.


This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.