Microsoft has acknowledged the exploitation of a security vulnerability in the Exchange Server, identified as CVE-2024-21410 with a CVSS score of 9.8, which facilitates privilege escalation. The tech giant stated that “An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability.” Further disclosure elaborated on the potential of leaked credentials being relayed against the Exchange Server to gain privileges as the victim’s client and perform operations on the server.
Several companies have fallen victim to ransomware attacks perpetrated by Lockbit3.0. The following are the companies affected by this security breach:
1. Centrale Paysanne Luxembourgeoise: A Luxembourg-based agricultural business with over 50 employees and revenue of $5 million.
2. Champion International Freight Forwarding and Logistic Provider: A US-based logistics company specializing in freight forwarding, perishable cargo, exports, imports, and various other services. Champion International boasts a revenue of $5 million and a workforce exceeding 200 employees.
3. Core Engineering LLC: An American oil and gas company offering a wide range of engineering services, including piping design, project management, instrumentation, electrical engineering, and more. The company has a revenue of $5.8 million and over 200 employees.
4. Sitrack: A multinational technology company specializing in satellite tracking, GPS, security, and distribution solutions. Sitrack employs over 500 individuals and generates revenue of $5.3 million.
Chinese hackers known as GoldFactory have escalated their activities by incorporating deepfakes in advanced mobile banking malware attacks. The GoldPickaxe malware is capable of identity theft, including harvesting identity documents and intercepting SMS messages. Further investigations reveal a close connection to Gigabud.
ASA Electronics has also fallen victim to a ransomware attack, resulting in the exfiltration of 2.7GB of data by the group alphv. This US-based electronics company specializes in mobile, RV, marine, commercial, bus, heavy-duty, and power sports electronics. ASA Electronics employs over 200 people and generates $40.7 million in revenue.
A Russian hacker known as TinyTurla-NG, affiliated with the Federal Security Services (FSB), has shifted focus to attacks on Polish non-governmental organizations. This hacker, also known by various aliases including Snake, Iron Hunter, and Venomous Bear, is associated with a backdoor known as TinyTurla, left behind as a “last chance” mechanism on infected systems.
