A critical vulnerability in Ivanti’s Cloud Service Appliance (CSA) has been actively exploited by attackers. The flaw, tracked as CVE-2024-8190, allows attackers to gain unauthorized access to sensitive data and execute arbitrary commands on vulnerable systems. The vulnerability exists in the CSA’s authentication mechanism and can be exploited by attackers who can send specially crafted requests to the CSA. This attack vector allows attackers to bypass the CSA’s security measures and gain access to the underlying operating system. The vulnerability has been exploited in the wild by a suspected nation-state adversary. There are strong indications that China is behind the attacks. Organizations using Ivanti CSA should prioritize patching the vulnerability immediately to reduce their risk of being compromised.
A Ukrainian national, Mark Sokolovsky, has pleaded guilty in a U.S. court for operating the Raccoon Infostealer. This malware was used to steal sensitive data from millions of computers globally. The U.S. Justice Department originally charged Sokolovsky with computer fraud in October 2020 for his alleged role in the malware’s distribution. The Raccoon Infostealer was known for its sophisticated capabilities in stealing credentials, financial information, and other sensitive data. The guilty plea signifies a major step forward in the prosecution of cybercriminals involved in the development and distribution of malicious software.
Financial Business and Consumer Solutions (FBCS), a US-based debt collection agency, experienced a significant data breach in February 2024. Cybercriminals gained access to FBCS’s systems, compromising sensitive information belonging to over 4 million individuals. The breach impacted several organizations, including Comcast Cable Communications and Truist Bank, which have subsequently notified their customers. The compromised data included names, addresses, dates of birth, Social Security numbers, driver’s license or state ID numbers, medical claims, provider and clinical information, and health insurance details. This incident highlights the vulnerability of third-party service providers and the importance of robust security measures to protect sensitive customer data. The breach also underscores the significant risks associated with ransomware attacks, which often result in data exfiltration and potential misuse.