Four Chinese APT Groups Target Critical Infrastructure Disruption

Summary Four major Chinese state-sponsored Advanced Persistent Threat (APT) groups, Volt Typhoon, Salt Typhoon, Flax Typhoon, and Brass Typhoon, are targeting global critical infrastructure and network devices as part of coordinated cyber espionage campaigns. These groups exploit vulnerabilities in network appliances, IoT devices, and software supply chains to maintain persistent access and exfiltrate sensitive data. Their tactics include living-off-the-land…

Read More

Ivanti Warns of Maximum Severity CSA Auth Bypass Vulnerability

Summary Ivanti has disclosed a critical authentication bypass vulnerability, designated CVE-2024-11639, in its Cloud Services Appliance (CSA) solution, which could allow remote attackers to gain administrative privileges without authentication. The flaw affects CSA version 5.0.2 and earlier, with Ivanti advising immediate upgrades to version 5.0.3. While there is no evidence of exploitation in the wild, this…

Read More

Closing 2024 Securely: Overcoming Multi-Channel Retail PCI Challenges

In today’s digital-first retail landscape, maintaining PCI compliance across multiple sales channels isn’t just a regulatory box to tick – it’s a critical safeguard for your business. Consider this: 60% of small businesses close their doors within six months of a data breach. That’s a wake-up call for retailers everywhere! From e-commerce platforms to mobile…

Read More

Horns&Hooves Campaign Delivers RATs to Russian Retail Entities

Summary Researchers from SecureList from Kaspersky revealed new details regarding the Horns&Hooves cyber campaign, active since March 2023, which targeted over a thousand users and businesses in Russia (including retailers), using malicious JScript (JS) scripts disguised as legitimate email attachments. These scripts deploy the legitimate remote administration tool, NetSupport, for malicious purposes, granting attackers remote access…

Read More

Technical Analysis of FPNTX Digital Skimmer Found on eCommerce Site

On 3 December 2024, the RH-ISAC intel team was informed about a possible digital skimmer that may be present on an unnamed e-commerce website. JJ Josing, Principal Threat Researcher at the RH-ISAC, started his initial investigation into this incident. Our investigation discovered a script block containing heavily obfuscated JavaScript in the HTML of the checkout…

Read More