17-Apr-24: In Security News Today

Asantee Games Has Exposed Data From More Than 14 Million Players Due to its Failure to Set Up a Password

Asantee Games experienced a significant data leak impacting over 14 million players of their game, Magic Rampage, due to a misconfigured MongoDB database that lacked password protection. The exposed data included player usernames, emails, device data, and admin credentials with encrypted passwords. This breach poses serious risks for identity theft, phishing attacks, and unauthorized access to internal systems, highlighting the need for stringent database security practices.

Cherry Health Hit by Ransomware Attack Affecting 185,000 Individuals

Cherry Health, a U.S.-based healthcare provider, experienced a ransomware attack affecting 185,000 individuals, with a variety of personal and medical information compromised. This included names, addresses, health records, and Social Security numbers. The organization has since engaged third-party specialists for a comprehensive investigation and is advising affected patients to monitor their credit reports and account statements for any suspicious activity.

SAP Users Are at High Risk as Cybercriminals Exploit Application Vulnerabilities

Recent research highlights a significant increase in threat actor interest in exploiting SAP vulnerabilities, leading to a surge in ransomware incidents targeting poorly patched organizations. The research reveals a 400% growth in attacks since 2021, with ransomware groups like Conti, Quantum, and REvil being involved. Dark web chatter on SAP vulnerabilities has surged by 490%, emphasizing the need for organizations to secure their SAP systems, patch vulnerabilities, and enhance cybersecurity measures.

If you use Fortinet FortiClient EMS, patch NOW

Cybersecurity researchers have identified a campaign exploiting a critical SQL injection flaw in Fortinet FortiClient EMS devices to deploy ScreenConnect and Metasploit Powerfun payloads. The campaign, codenamed Connect:fun, targeted a media company by leveraging the vulnerability to download and install malicious tools. The threat actor behind the campaign has shown manual intervention and specific targeting, emphasizing the importance of applying patches, monitoring for suspicious activity, and utilizing web application firewalls to mitigate potential risks.

Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release

The exploitation of a Palo Alto Networks firewall vulnerability (CVE-2024-3400) has increased following the release of Proof-of-Concept (PoC) code. This critical flaw allows remote code execution with root privileges via the GlobalProtect feature and device telemetry. Cybersecurity firms have observed sophisticated threat actors, including a potential state-sponsored group, using this vulnerability to infiltrate networks and deploy malicious payloads.

Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks

Cisco has reported a significant uptick in brute-force attacks targeting VPN and SSH services, leveraging anonymizing proxies and Tor exit nodes. The attackers are using a mix of generic and known organization-specific usernames to access web applications, potentially leading to unauthorized network access or service disruptions. Cisco has updated its block list to include IPs associated with these attacks but anticipates ongoing and possibly escalating threats.

Ivanti Releases Fixes for More Than 2 Dozen Vulnerabilities

Ivanti has addressed 27 vulnerabilities in its 2024 first-quarter release, with fixes ranging from a vulnerability allowing an authenticated remote attacker to view sensitive information to a heap overflow vulnerability enabling remote command execution. The company recommends users to update to Avalanche 6.4.3 to apply all the fixes and emphasizes the importance of having the MSSQL database password readily available. Users can download the update and find further instructions on Ivanti’s website.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.