‘Operation Endgame’ Hits Malware Delivery Platforms
Source: Krebs on Security
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedID, Smokeloader and Trickbot.
Ticketmaster hacked. Breach affects more than half a billion users.
Source: Mashable
Emails, phone numbers, addresses, and even financial details have allegedly been exposed by a notorious hacker group. The "notorious hacker group" ShinyHunters is claiming responsibility for the breach affecting roughly 560 million Ticketmaster customers. The hacker group is selling the 1.3 terabyte-sized trove of data for a one-time price of $500,000 on a popular hacking forum.
Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access
Source: Dark Reading
Corporate admins should patch the max-severity CVE-2024-23108 immediately, which allows unauthenticated command injection. A proof-of-concept exploit (PoC) for a critical vulnerability in Fortinet's FortiSIEM product has emerged, paving the way for broad exploitation.
Check Point Issues Emergency Patch for Security Gateways
Source: Data Breach Today
Attackers are escalating attempts to compromise poorly secured virtual private networks to gain remote, initial access to enterprise networks. Check Point later on Tuesday released an emergency patch to address a vulnerability being exploited in the wild, designated CVE-2024-24919, that exists in security gateways that have Remote Access VPN or the Mobile Access blade enabled.
Everbridge warns of corporate systems breach exposing business data
Source: Bleeping Computer
Everbridge, an American software company focused on crisis management and public warning solutions, notified customers that unknown attackers had accessed files containing business and user data in a recent corporate systems breach.