Today’s Cybersecurity Threats and Trends - 09/19/2024

Raptors and Rats gnawing away at your defenses.

Author

J.W. Croley
September 19, 2024

Before we dive in, I would like to thank all of you for supporting us with your subscription! Our goal is to bring both actionable insights and information regarding cybersecurity threats to the non-tech and technical professional alike. If this sounds like something that would help someone you know, please share the newsletter!

Finally, I would like to thank Growth School for sponsoring today's newsletter!

Please check them out! It goes a long way in our quest to get everyone interested in cybersecurity.
(You don’t have to buy anything or fill anything out to support us, just click the banner below!)

🦾 Master AI & ChatGPT for FREE in just 3 hours 🤯

1 Million+ people have attended, and are RAVING about this AI Workshop.
Don’t believe us? Attend it for free and see it for yourself.

Highly Recommended: 🚀

Join this 3-hour Power-Packed Masterclass worth $399 for absolutely free and learn 20+ AI tools to become 10x better & faster at what you do

🗓️ Tomorrow | ⏱️ 10 AM EST

In this Masterclass, you’ll learn how to:

🚀 Do quick excel analysis & make AI-powered PPTs 
🚀 Build your own personal AI assistant to save 10+ hours
🚀 Become an expert at prompting & learn 20+ AI tools
🚀 Research faster & make your life a lot simpler & more…

1. SambaSpy RAT Strikes Samba Servers

Primary Threat: The newly discovered SambaSpy Remote Access Trojan (RAT) has been making waves by targeting Samba servers, allowing attackers to infiltrate networks, steal data, and execute commands remotely. Kaspersky's research reveals that this RAT is designed to exploit vulnerabilities in Samba file-sharing services, making it a potent tool for lateral movement within compromised networks. Its stealthy nature and extensive capabilities pose a significant risk to organizations relying on Samba for file sharing.

  • MITRE Tactics: Execution, Lateral Movement

  • Risk: High – SambaSpy's ability to exploit widely-used services means it can cause severe damage across diverse network environments.

2. GitLab Gaps Guarded: SAML Flaw Fixed

Primary Threat: GitLab has patched a critical SAML vulnerability (CVE-2024-45409) that could allow attackers to bypass authentication, gaining unauthorized access to GitLab instances. This flaw resides in the Ruby SAML toolkit and has been addressed in a recent security bulletin. Administrators are urged to update immediately to prevent potential exploitation.

  • MITRE Tactics: Initial Access, Privilege Escalation

  • Risk: Critical – This vulnerability threatens the integrity of GitLab instances, potentially allowing attackers to bypass security controls and gain elevated access.

Unlock your potential with our partner…

Whether you're a beginner or an expert, Hack The Box provides a dynamic and engaging environment to test your hacking mettle. Join me and thousands of other professionals in this thriving community and take your cybersecurity expertise to the next level.

Start your journey today!

3. Raptor Train Runs Rampant

Primary Threat: The Raptor Train IoT botnet has emerged as a new threat, targeting industrial control systems (ICS) and IoT devices. This botnet uses brute-force attacks to compromise devices and leverage them for further network infiltration. It appears to be operated by a Chinese nation-state threat actor called Flax Typhoon. Lumen's research shows that Raptor Train is particularly dangerous due to its ability to adapt and spread across diverse environments, posing a severe risk to critical infrastructure.

  • MITRE Tactics: Initial Access, Impact

  • Risk: High – Targeting IoT and ICS devices, Raptor Train can cause widespread disruption, particularly in industrial and critical infrastructure settings.

4. Vanilla Tempest Storms Healthcare Data

Primary Threat: The hacking group known as Vanilla Tempest has been observed targeting the healthcare sector using the INC ransomware. Microsoft's revelation on Twitter indicates that this group employs advanced tactics, such as exploiting vulnerabilities in unpatched systems, to deliver ransomware payloads, causing significant disruptions in healthcare services. This campaign underscores the heightened risk ransomware poses to critical sectors like healthcare.

  • MITRE Tactics: Execution, Impact

  • Risk: High – Ransomware attacks on healthcare organizations can result in data breaches, service interruptions, and severe operational impacts.

5. OpenShift Leaves Containers Wide Open

Primary Threat: Red Hat OpenShift has been found to contain critical vulnerabilities (CVE-2024-45496 and CVE-2024-7387) that could allow attackers to escalate privileges and execute arbitrary code. These flaws, discovered by researchers, threaten the security of OpenShift clusters and the applications running on them. Administrators are advised to apply the necessary patches to mitigate these risks.

  • MITRE Tactics: Privilege Escalation, Execution

  • Risk: Critical – Exploiting these vulnerabilities can lead to full compromise of the affected clusters, risking data integrity and system security.

IN SUMMARY:

Today's threats emphasize the range and severity of attacks affecting various industries and platforms.

From the SambaSpy RAT infiltrating networks to GitLab and Red Hat OpenShift vulnerabilities threatening software development and deployment environments, the landscape remains treacherous.

Finally, with ransomware targeting critical sectors like healthcare, and the rise of IoT botnets like Raptor Train, it's crucial to stay vigilant, apply patches promptly, and fortify defenses.

Keep security at the forefront. ‘its better to be paranoid than to be pwnd!’

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)