Threat Summary: A vulnerability in MOVEit Transfer and MOVEit Gateway was announced on June 25th, 2024. The vulnerability impacts versions from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. This vulnerability is classified as Improper Authentication (CWE-287) with a CVSS score of 9.1 (Critical). An attacker can arbitrarily authenticate into the MOVEit […]
Kaspersky Labs published an article detailing activities they observed from ToddyCat, an APT threat actor targeting government and defense organizations in the Asia Pacific region. Kaspersky focused on the tools and techniques ToddyCat employed for traffic tunneling and data collection. Kaspersky observed ToddyCat dropping and configuring OpenSSH on compromised Windows hosts. A scheduled task was […]
In recent months, the Ivanti product suite has encountered several high-profile vulnerabilities, raising concerns within the cybersecurity community. Since the start of the calendar year, four critical vulnerabilities have been associated with Ivanti Connect Secure, Policy Secure, and Neurons. While the vendor has diligently addressed each vulnerability and deployed mitigations, the recurrence of vulnerabilities within […]
Threat Summary: On September 11th, 2023, MGM Resorts suffered a crippling ransomware attack that resulted in 10 days of computer system downtime as well as an estimated overall loss of $80,000,000. The threat actor, dubbed Scattered Spider, is claiming ownership of this hack and alleges to have ties with the infamous ALPHV/BlackCat ransomware gang. In […]
Threat Summary:Flax Typhoon is a suspected China-based, nation-state threat actor whose TTPs appear to be closely aligned with espionage objectives and extended persistence. Despite activity tracing back to mid-2021, this APT's final objectives are unknown and they have been observed mostly targeting government, education, and critical manufacturing organizations in Taiwan; Though a small subset of […]
CVE-2023-38035 Threat Summary: CVE-2023-38035 allows an unauthenticated attacker to access sensitive admin configuration APIs on versions 9.18 and prior of Ivanti Sentry over port 8443. These configuration APIs are then used by the MobileIron Configuration Service (MICS), which upon successful exploitation, could lead to remote code execution with root permissions and configuration changes to MICS. […]
Threat Summary: Storm-0558 is suspected to be a China-based, nation-state threat actor whose TTPs are closely aligned with espionage objectives. This threat actor managed to compromise an inactive MSA signing key which was then used to sign fabricated authentication tokens. Authentication tokens are short-lived credentials that are used to authenticate users to a service. They […]
Over the 4th of July weekend, two breaches were brought to Lumifi's attention pertaining to PrintNightmare and Kaseya. Details on PrintNightmare While you likely do not have Print Servers exposed to the world (we hope not), we also wanted to note that we are aware of this and have diligently reviewed detection methodology. POC code […]
Twelve days ago, F5 announced several security vulnerabilities that went primarily overshadowed by the Exchange/Hafnium situation. It's important to understand that some of these are critical, remote command execution-level vulnerabilities that require nothing more than an attacker to connect to an F5 BIG-IP device. For those devices, being positioned "in front of" web server clusters […]