This Threat Intelligence Report summarizes some of the significant cybersecurity threats and incidents that occurred in 1st week of July 2024:
Ransomware
1. US-Based Homeland Vinyl Faces Potential Data Breach as LockBit Claims Cyberattack
Victim: Homeland Vinyl
Date: July 5, 2024
The LockBit ransomware group, infamous for its disruptive cyberattacks, is again in the spotlight for allegedly carrying out a ransomware attack on Homeland Vinyl. The US-based Homeland Vinyl manufactures a diverse portfolio of vinyl profiles, including its proprietary decking and railing systems.
In its post on July 4, LockBit claims to have breached sensitive company information. To authenticate its claims, the ransomware group has provided sample screenshots of the data breach on the dark web portal.
Reference: https://thecyberexpress.com/homeland-vinyl-potential-data-breach-lockbit/
2. BianLian Ransomware Targets US Companies
Victim: US companies
Date: July 5, 2024
BianLian Ransomware: This group is known for a tactic called “double extortion.” They encrypt a victim’s files and then steal data, threatening to leak it if a ransom isn’t paid.
The BianLian ransomware group has allegedly launched a series of cyberattacks against three prominent US companies, compromising substantial volumes of sensitive data. The victims of the BianLian ransomware attack—Island Transportation Corp., Legend Properties Inc., and Transit Mutual Insurance Corporation of Wisconsin
Reference: https://thecyberexpress.com/bianlian-ransomware-hits-major-us-companies/
3. Mallox Ransomware Variant Targets Linux
Victim: Linux systems
Date: July 4, 2024
This ransomware family has been active since mid-2021 and is known for its “multi-extortion” tactics.
This new variant specifically targets Linux systems, Mallox group focuses on multi-extortion, encrypting their victims’ data and threatening to post it on their public TOR-based sites.
Reference: https://www.uptycs.com/blog/mallox-ransomware-linux-variant-decryptor-discovered
4. Atlantic Marine Fisheries Commission Confirms Data Breach
Victim: Atlantic Marine Fisheries Commission (ASMFC)
Date: July 2, 2024
The U.S. Atlantic States Marine Fisheries Commission (ASMFC) has acknowledged a data breach and begun to notify customers who were affected by it.
Reference: https://thecyberexpress.com/asmfc-data-breach-confirmed/
5. The Florida Department of Health (FDOH) was indeed hit by a cyberattack
Victim: The Florida Department of Health (FDOH)
Date: July 4, 2024
In an official statement to The Cyber Express, the Florida Department of Health acknowledged the occurrence of temporary outages within their online Vital Statistics system, which is believed to be linked to a potential cyber incident.
Impact: The attack caused outages in the vital statistics system, leading to delays and problems for:
- Funeral Homes
- Citizens
Reference: https://thecyberexpress.com/florida-department-of-health-cyberattack/
6. Evolve Bank Shares Data Breach Details as Fintech Firms
Victim: Evolve Bank
The culprit behind the attack was the infamous ransomware group, LockBit.
Exposed Data: Customer information, including names, Social Security numbers, bank account numbers, and contact details, were potentially compromised. This applies to both personal and business banking customers of Evolve Bank, and also some customers of their fintech partners.
Reference: https://www.getevolved.com/about/news/cybersecurity-incident/
7. LockBit group claims the hack of the Fairfield Memorial Hospital in the US
Victim: Fairfield Memorial Hospital
Attacker: LockBit ransomware group
It offers a wide range of medical services, including Emergency Services, General Surgical Services, Intensive Care Unit (ICU), Medical Surgical Unit, Orthopedic Surgical Services, and Urgent Care.
The hospital is fully accredited and has been recognized for its quality of care, with high patient experience and medical/surgical ICU ratings.
Reference: https://securityaffairs.com/165162/cyber-crime/lockbit-ransomware-fairfield-memorial-hospital.html
8. LockBit 3.0 Hits Croatia’s hospital KBC Zagreb, Indonesia’s Tin Manufacturer PT Latinusa
Victim: KBC Zagreb, Croatia, PT Latinusa Tbk, Indonesia
Date: July 1st, 2024
LockBit 3.0, a well-known ransomware group, targeted two healthcare institutions in July 2024:
KBC Zagreb, Croatia: This attack happened on July 1st, 2024. LockBit claims to have encrypted the hospital’s IT systems and stolen a significant amount of data, including patient medical records, administrative data, research papers, and employee information.
PT Latinusa Tbk, Indonesia: LockBit claims to have targeted this Indonesian tin manufacturer around the same time as the KBC Zagreb attack.
9. Patelco Credit Union Hit by Ransomware Attack
Victim: Patelco Credit Union
Patelco Credit Union, one of the oldest and largest credit unions in the U.S., fell victim to a ransomware attack on June 29, 2024, forcing the institution to shut down most of its day-to-day banking systems. The attack has affected nearly half a million members across the Bay Area and Northern California, leaving them without access to crucial financial services.
10. New Eldorado ransomware targets Windows, VMware ESXi VMs
A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows.
The gang has already claimed 16 victims, most of them in the U.S., in real estate, educational, healthcare, and manufacturing sectors.
Vulnerabilities
1. CVE-2024-20078
Base Score: 9.8-critical
Description: In Venc, there is a possible out-of-bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID: MSV-1452.
2. CVE-2024-39931
Base Score: 9.9-critical
Description: Gogs through 0.13.0 allow the deletion of internal files.
3. CVE-2024-36260
Base Score: 9.8-critical
Description: in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
4. CVE-2024-38368
Base Score: 9.3-critical
Description: A vulnerability affected older pods that migrated from the pre-2014 pull request workflow to the trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all owners removed from a pod, and that made the pod available for the same claiming system.
5. CVE-2024-6424
Base Score: 9.3-critical
Description: External server-side request vulnerability in MESbook 20221021.03 version
6. CVE-2023-41921
Base Score: 9.8-critical
Description: A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achieving the modification of the target’s integrity to achieve an insecure state.
7. CVE-2024-6439
Base Score: 9.8-critical
Description: A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0 and classified as critical.
8. CVE-2024-36404
Base Score: 9.8-critical
Description: GeoTools is an open-source Java library that provides tools for geospatial data. Before versions 31.2, 30.4, and 29.6, Remote Code Execution (RCE) is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input.
9. CVE-2024-39943
Base Score: 9.9-critical
Description: rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions).
10. CVE-2024-6440
Base Score: 9.9-critical
Description: A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Master.php?f=delete_category. The manipulation of the argument ID leads to SQL injection.