May 4th to May 10th 2024
Zscaler has engaged independent investigators to assess potential breaches after taking an exposed test environment offline. This isolated server, not linked to Zscaler's broader systems and containing no customer data, reportedly posed no threat to customer or corporate security. The cloud security firm confirmed ongoing monitoring and further updates pending the investigation's conclusion. This follows unverified claims on X (formerly Twitter) by a threat actor named IntelBroker, who alleged access to another unnamed cybersecurity company's sensitive data for $20,000. Despite these rumors, Zscaler has found no evidence of a breach.
An employee refuted these claims on Mastodon, urging the public to disregard any unofficial breach announcements as unreliable. IntelBroker has previously claimed breaches involving companies like General Electric and Home Depot. This incident occurs shortly after Zscaler reported blocking 2 billion phishing attempts via its Zero Trust Exchange, highlighting the effectiveness of AI in rapidly identifying cybersecurity threats.
Independent investigators are now examining Zscaler's systems for any signs of compromise. While investigating the rumors, Zscaler identified an isolated test environment accessible from the internet. This environment, however, contained no customer data and was disconnected from Zscaler's main systems. As a precaution, Zscaler took it offline for further analysis. Zscaler maintains there has been no impact on customers or its internal systems due to this isolated incident.
F5 addressed critical vulnerabilities in BIG-IP Next Central Manager that could give attackers full control of managed devices. These flaws allowed attackers to inject malicious code, letting them create hidden accounts and take complete control.
These vulnerabilities, identified as an SQL injection (CVE-2024-26026) and an OData injection (CVE-2024-21793), were found in the BIG-IP Next Central Manager API. Attackers could use these to execute malicious SQL statements remotely on unpatched devices, enabling unauthorized access and system control.
Eclypsium, a supply chain security firm, reported these flaws and demonstrated a proof-of-concept exploit. They highlighted that compromised instances could harbor invisible rogue accounts, allowing persistent, undetected access within a victim’s network. F5 has advised administrators unable to update immediately to limit access to the Next Central Manager to trusted users over secure networks. Although over 10,000 F5 BIG-IP devices are potentially exposed, there have been no reported exploitations of these vulnerabilities yet.
Google Chrome patches critical security hole (CVE-2024-4671) actively exploited by attackers. This is the fifth zero-day vulnerability fixed by Google this year. The flaw affects how Chrome displays content and could allow attackers to take control of your device.
The fix is included in Chrome versions 124.0.6367.201/.202 for Mac and Windows, and 124.0.6367.201 for Linux. Users should see the updates over the next few days or weeks. Additionally, this year has seen four other zero-day vulnerabilities patched, with three discovered during the Pwn2Own hacking contest in March. These vulnerabilities span out-of-bounds memory access, type confusion, and additional use-after-free issues, all of which could lead to remote code execution or data corruption through crafted HTML pages.
An international operation led by the UK's National Crime Agency exposed and penalized a leader of the former top cybercrime group in the world.
The leader of what was once the world’s most damaging cybercrime group, Dmitry Khoroshev, has been unmasked and sanctioned by the UK, US, and Australia, following a major international disruption campaign led by the National Crime Agency. Known as LockBitSupp, Khoroshev, who enjoyed anonymity until now and even offered a $10 million reward for anyone who could reveal his identity, is now facing asset freezes and travel bans.
The actions against him are part of an extensive investigation into the LockBit group by the NCA, FBI, and other global partners within the Operation Cronos taskforce. This group provided ransomware-as-a-service to its affiliates, aiding them in launching over 7,000 attacks worldwide, notably affecting hospitals and healthcare companies. Despite recent efforts to rebuild, LockBit is operating at a reduced capacity due to this investigation, significantly lowering the global threat they pose.
Sanctions Minister Anne-Marie Trevelyan remarked on the collaborative efforts to curb such hostile cyber activities that threaten global security, highlighting the direct action taken against cyber-criminals like Khoroshev. Meanwhile, Security Minister Tom Tugendhat emphasized the clear message to cyber criminals that they are not untouchable and will face justice.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Integrity360's flagship conference Security First comes to Stockholm in 2023!
Join leading cybersecurity experts from across the community as we explore the latest threats and industry trends, and learn practical strategies to safeguard your organisation.