Today’s Cybersecurity Threats and Trends - 08/29/2024

Atlas-sian Shrugged... and got cryptojacked.

Author

J.W. Croley
August 29, 2024

In partnership with

Before we dive in, I would like to thank Growth School for sponsoring today's newsletter!

Please check them out! They are a robust learning platform that will put you on the fast track to success!

🦾 Master AI & ChatGPT for FREE in just 3 hours 🤯

1 Million+ people have attended, and are RAVING about this AI Workshop.
Don’t believe us? Attend it for free and see it for yourself.

Highly Recommended: 🚀

Join this 3-hour Power-Packed Masterclass worth $399 for absolutely free and learn 20+ AI tools to become 10x better & faster at what you do

🗓️ Tomorrow | ⏱️ 10 AM EST

In this Masterclass, you’ll learn how to:

🚀 Do quick excel analysis & make AI-powered PPTs 
🚀 Build your own personal AI assistant to save 10+ hours
🚀 Become an expert at prompting & learn 20+ AI tools
🚀 Research faster & make your life a lot simpler & more…

1. Fortra’s Foray into Vulnerabilities

Primary Threat: Fortra has issued a patch to address a high-risk vulnerability, CVE-2024-6633, caused by a static password used to connect to an HSQL database. Unfortunately, this password, which is available in a vendor knowledge base article, allows unauthorized access, potentially leading to data breaches or other malicious activities. Organizations using Fortra’s software must apply the patch immediately to prevent exploitation.

  • MITRE Tactics: Initial Access, Persistence

  • Risk: High – Potential for unauthorized access to sensitive systems and data.

2. PoorTry EDR Evasion Evolution

Primary Threat: A new evolution in the malicious Windows driver, dubbed PoorTry, is making waves by becoming a full-featured EDR wiper. Originally identified by Trend Micro as a signed kernel driver used by BlackCat ransomware group, this wiper is designed to neutralize endpoint detection and response (EDR) solutions, leaving systems vulnerable to further exploitation. It underscores the continuous advancement of tactics by threat actors to bypass advanced security mechanisms.

  • MITRE Tactics: Defense Evasion, Privilege Escalation, Persistence

  • Risk: High – Disabling EDR systems can lead to undetected malware execution and significant breaches.

Unlock your potential with our partner…
Hack The Box!


Whether you're a beginner or an expert, Hack The Box provides a dynamic and engaging environment to test your hacking mettle. Join me and thousands of other professionals in this thriving community and take your cybersecurity expertise to the next level.

Start your journey today!

3. Tricky Tickler Malware Targets U.S. Government

Primary Threat: The Iranian hacking group APT33, also known as Peach Sandstorm, has been using a newly developed malware called Tickler to establish backdoors in U.S. government and defense organizations. This malware, discovered by Microsoft, is tailored for intelligence-gathering operations, allowing persistent access to sensitive networks and data. APT33's activities demonstrate a continued focus on targeting national defense and governmental data for espionage.

  • MITRE Tactics: Persistence, Collection, Command and Control

  • Risk: High – Persistent access to sensitive networks poses a significant national security threat.

4. Cryptojacking Confluence: Atlassian Flaw Exploited

Primary Threat: Attackers are actively exploiting a critical vulnerability in Atlassian Confluence, CVE-2023-22527, to conduct cryptojacking operations. Discovered by Trend Micro, this flaw enables attackers to inject cryptomining malware into compromised Confluence servers, utilizing company resources for mining cryptocurrency. Organizations using Confluence are urged to update to the latest version to mitigate this threat.

  • MITRE Tactics: Execution, Persistence

  • Risk: Medium – Unauthorized use of resources for cryptomining can degrade performance and lead to financial losses.

5. Legit Security Uncovers Leaking LLMs

Primary Threat: Researchers from Legit Security have identified hundreds of large language model (LLM) servers, including Flowwise, that are publicly exposed and leaking sensitive data. These LLM servers are inadvertently providing access to corporate, health, and other sensitive online data due to misconfigurations and a lack of proper security measures. One such flaw, CVE-2024-31621, was leveraged to exploit these servers, highlighting the need for secure deployment practices.

  • MITRE Tactics: Collection, Initial Access

  • Risk: High – Exposure of sensitive data can lead to breaches, privacy violations, and significant reputational damage.

IN SUMMARY:

It's been a wild 24 hours in the world of cybersecurity!

From static passwords in Fortra's databases causing chaos to the ever-evolving PoorTry driver wiping out defenses, it's clear the rules of the cyber game are always changing.

And let’s not forget APT33 sneaking in the backdoor with Tickler malware, while cryptojackers turn Confluence into their personal piggy bank.

Finally, open LLM servers are leaking data like a sieve, reminding us all to lock down those configurations.

Remember: in cybersecurity, the only constant is change, and the threats are always knocking at the door—sometimes quite literally.

Stay vigilant, patch promptly, and remember, it’s better to be paranoid than pwned!

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)

Are you looking for reliable server hosting? Check out my favorite GODLIKE host! Click the banner below and get 30% off and up to 7 days free with promo code: DEALSPOTR

Take control of your computer’s security with SentryPC, the all-in-one solution for monitoring, managing, and protecting your devices.
Click the banner below to get started with SentryPC today and ensure your digital environment is safe and secure!