Friday, May 17th, 2024

Cybersecurity Week in Review (17/05/24)

Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code

The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code. 

The most severe of the vulnerabilities are listed below – 

  • -CVE-2024-25641 (CVSS score: 9.1) – An arbitrary file write vulnerability in the “Package Import” feature that allows authenticated users having the “Import Templates” permission to execute arbitrary PHP code on the web server, resulting in remote code execution 
  • -CVE-2024-29895 (CVSS score: 10.0) – A command injection vulnerability allows any unauthenticated user to execute arbitrary command on the server when the “register_argc_argv” option of PHP is On 


DocGo discloses cyberattack after hackers steal patient health data

Mobile medical care firm DocGo confirmed it suffered a cyberattack after threat actors breached its systems and stole patient health data.

DocGo is a healthcare provider that offers mobile health services, ambulance services, and remote monitoring for patients in thirty US states and across the United Kingdom.

In a Tuesday evening FORM 8-K filing filed with the SEC, DocGo warned that they recently suffered a cyberattack and are working with third-party cybersecurity experts to assist in the investigation.

“Promptly after detecting unauthorized activity, the Company took steps to contain and respond to the incident, including launching an investigation, with assistance from leading third-party cybersecurity experts, and notifying relevant law enforcement,” reads the DocGo SEC filing.

Source –

INC ransomware source code selling on hacking forums for $300,000 

A cybercriminal using the name “salfetka” claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023. 

INC has previously targeted the U.S. division of Xerox Business Solutions (XBS), Yamaha Motor Philippines, and, more recently, Scotland’s National Health Service (NHS). 

Simultaneously with the alleged sale, the INC Ransom operation is undergoing changes that might suggest a rift between its core team members or plans to move to a new chapter that will involve using a new encryptor. 


Europol confirms web platform breach 

The European Union’s law enforcement agency, Europol, said it is “aware of the incident and is assessing the situation.” 

Late last week, an attacker known as IntelBroker posted an ad on a popular data leak forum, offering data supposedly stolen from several of Europol’s teams and task forces. 

The attackers went as far as to say that they have obtained For Official Use Only (FOUO) documents containing classified data. The breach supposedly took place in May 2024. 


New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation 

Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. 

The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024. 

Out-of-bounds write bugs could be typically exploited by malicious actors to corrupt data, or induce a crash or execute arbitrary code on compromised hosts. 


Nissan North America data breach impacts over 53,000 employees 

Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company’s external VPN and shut down systems to receive a ransom. 

The car maker discovered the breach in early November 2023 and discovered recently that the incident exposed personal data belonging to more than 53,000 current and former employees. 

Nissan disclosed that the threat actor targeted its external VPN and then shut down certain company systems before asking for a ransom. The company notes that none of its systems were encrypted during the attack. 


Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks 

The Microsoft Threat Intelligence team said it has observed a threat actor it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. 

“Storm-1811 is a cybercriminal organization primarily driven by financial motives, recognized for utilizing the Black Basta ransomware.” the company said in a report published on May 15, 2024. 

The attack chain involves the use of impersonation through voice phishing to trick unsuspecting victims into installing remote monitoring and management (RMM) tools, followed by the delivery of QakBot, Cobalt Strike, and ultimately Black Basta ransomware. 


Banco Santander warns of a data breach exposing customer info 

Banco Santander S.A. announced it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers. 

With a strong presence in Spain, the United Kingdom, Brazil, Mexico, and the United States, Banco Santander is one of the largest and most significant banks in the world, known for a diverse range of financial products and services, serving over 140 million customers. 

In a statement published this week, the bank disclosed a data breach incident that has impacted customers and employees in Spain, Chile, and Uruguay. 


Singing River Health System: Data of 895,000 stolen in ransomware attack 

The Singing River Health System is warning that it is now estimating that 895,204 people are impacted by a ransomware attack it suffered in August 2023. 

Singing River Health System is a major healthcare provider located in Mississippi, operating the Singing River Hospital in Pascagoula, Ocean Springs Hospital, and the Singing River Gulfport Hospital, collectively providing over 700 beds. 

The health system, which employs over 3,500 people, also operates two hospices, four pharmacies, six imaging centers, ten specialty centers, and twelve medical clinics in the Gulf Coast region. 


AHA, H-ISAC warn hospitals about Black Basta following Ascension cyberattack 

The Health Information Sharing and Analysis Center issued a threat alert Friday about the Russia-backed ransomware group Black Basta, warning of its accelerated attempted attacks against the healthcare sector. 

Prompted by H-ISAC, the American Hospital Association also sent a cybersecurity advisory with technical mitigation recommendations to its members. 

The alerts come in the wake of a major cyberattack impacting St. Louis-based Ascension health system that started this past Wednesday and continues to hamstring clinical operations. 


Christie’s website breached right before huge sales day 

The hack was first reported by The New York Times as the daily had the incident confirmed by Christie’s spokesperson Edward Lewine. He said the auction house has engaged a team of additional technology experts to manage the situation. 

Timing is of the essence, of course, because Christie’s is entering its biggest week of the year. The company is expected to sell items for around $840 million starting May 14th. 



Contact Us

The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.

    Copyright Smarttech247 - 2021