Introducing Episode 5 of our expertly crafted series on data breaches, cyber-attacks, and more. Breach Breakdown is your go-to source for recapping incidents and staying up-to-date on the latest solutions. September saw its fair share of reported cases, with breaches affecting:

WhatsApp Vulnerability

WhatsApp Exploited

A critical flaw in WhatsApp‘s “View Once” feature has been uncovered, allowing attackers to save and distribute disappearing photos and videos without the sender’s knowledge.

Researchers from Zengo X revealed how malicious actors bypass this privacy feature, making your sensitive media less secure than expected.

Read more here
Sonicwall vulnerability

Sonicwall Vulnerability

Akira ransomware affiliates are actively exploiting a critical remote code execution vulnerability in SonicWall firewalls, giving attackers complete control of affected devices.

The flaw, CVE-2024-40766, has been added to CISA’s Known Exploited Vulnerabilities database, urging agencies to address the issue by September 30. SonicWall customers must act fast to patch their systems and protect against these dangerous exploits.

Full story here
NoName ransomgang attack

NoName Ransomgang Attack

The NoName group, also known as CosmicBeetle, is evolving with its ScRansom ransomware and new affiliations. They’ve recently adopted tactics from the leaked LockBit 3.0 builder and set up a dark web extortion site. ESET researchers suggest NoName may now be a RansomHub affiliate.

The gang uses custom tools known as the Spacecolon malware family, and deploys them after gaining access to a network through brute-force methods as well as exploiting older vulnerabilities like EternalBlue (CVE-2017-0144) or ZeroLogon (CVE-2020-1472).

Full piece here
Vulnerabilities in ibm products

Vulnerabilities in IBM Products

IBM has released a security bulletin addressing serious vulnerabilities in its MQ Operator and Queue Manager container images, which could allow attackers to bypass security restrictions and launch denial of service (DOS) attacks.

The affected versions include MQ Operator 2.0.0-3.2.3 and MQ Advanced 9.2.0.1-9.4.0.0. IBM has issued patches to address these flaws – be sure to update your systems ASAP to mitigate the risks.

Read more here
ransomhub abuses kapersky tdsskiller

RansomHub Abuses Kapersky TDSSKiller

RansomHub ransomware gang has been misusing Kaspersky’s TDSSKiller tool to disable endpoint detection and response (EDR) services. After disabling defenses, they deploy the LaZagne tool to harvest credentials from databases for further network infiltration. TDSSKiller’s legitimate certification helps it avoid detection while it disables security measures.

To counter this, enable tamper protection on EDR solutions and monitor for suspicious activity related to TDSSKiller. While LaZagne is typically flagged as malicious, its activities can go unnoticed if defenses are turned off.

Learn more here

Every month, we will keep you up to date with the latest news on data breaches, the latest cybersecurity developments, and comprehensive report updates from our expert team.

Want to learn more? Episode Five of Breach Breakdown can be found here.

SPEAK WITH OUR EXPERTS