The Ntirety Weekly Threat Intelligence Report: December 9, 2024

The Ntirety Weekly Threat Intelligence Report: December 9, 2024

Welcome to Ntirety's Threat Intelligence Summary, where our elite Security and Threat Response Team delivers critical insights and expert analysis. Each report highlights the most pressing cyber threats and vulnerabilities currently active, to educate and raise awareness among our partners, customers, and the broader community. Committed to securing mission-critical data, Ntirety's managed security services proactively monitor and combat these threats to ensure the safety of our customers.


Industry Breaches:

  • Bologna FC: Bologna Football Club 1909 has confirmed it suffered a ransomware attack after its stolen data was leaked online by the RansomHub extortion group. The Italian football team warns not to download or disseminate any of the stolen data, claiming it is a "serious criminal offense."
  • UK Hospitals: Two hospitals affiliated with the UK's National Health Service (NHS) were victims of cyberattacks in the past week, though the incidents are not believed to be connected. Alder Hey Children's Hospital got hit with a ransomware attack, while the nature of an incident at Wirral University Teaching Hospital remains undisclosed.
  • Stoli: Stoli Group's U.S. companies have filed for bankruptcy following an August ransomware attack and Russian authorities seizing the company's remaining distilleries in the country. As Chris Caldwell, the President and Global Chief Executive Officer of Stoli USA and Kentucky Owl, the two Stoli Group subsidiaries, said in a Friday filing, this comes after the August attack severely disrupted its IT systems, including its enterprise resource planning (ERP) platform.
  • BT Group: Multinational telecommunications giant BT Group (formerly British Telecom) has confirmed that its BT Conferencing business division shut down some of its servers following a Black Basta ransomware breach. BT Group is the United Kingdom's leading fixed and mobile telecom provider. It also provides managed telecommunications, security, and network and IT infrastructure services to customers in 180 countries.

Threats to Watch:

  • Rockstar 2FA: A new phishing-as-a-service (PhaaS) platform named 'Rockstar 2FA' has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials. Like other AiTM platforms, Rockstar 2FA enables attackers to bypass multifactor authentication (MFA) protections on targeted accounts by intercepting valid session cookies. 
  • VEEAM: Data protection vendor Veeam released an update to address a critical vulnerability affecting the Veeam Service Provider Console (VSPC) that, if exploited, could lead to remote code execution (RCE). Tracked as CVE-2024-42448 with a CVSS score of 9.9, the vulnerability was discovered by Veeam during internal testing.
  • Solana Web3.js: A sophisticated supply chain attack has been identified within the widely used @solana/web3.js JavaScript library, potentially jeopardizing the security of numerous developers and users within the Solana ecosystem. Malicious code was injected into versions 1.95.6 and 1.95.7 of the library, which is downloaded over 350,000 times weekly from the npm registry. This code was designed to exfiltrate private keys, leaving users vulnerable to cryptocurrency theft.
  • Salt Typhoon: The scope of the Chinese government hacking campaign came into further focus on Wednesday, as senior White House officials revealed that eight telecommunications giants in the U.S. were breached and that companies in multiple other countries were also hacked.
  • Bootloader Vulnerability Cisco: Tracked as CVE-2024-20397, the high-impact security defect exists due to insecure bootloader settings that enable an attacker to execute specific commands to bypass the verification process and load unverified software. While authentication is not required for the successful exploitation of the flaw, physical access is, Cisco notes in its advisory. The bug can also be exploited by an authenticated, local attacker that has administrative privileges.


Concerned about the security of your network, systems, applications, or data? Given the ever-growing list of cyber threats, your concerns are justified. 

For over 25 years, Ntirety has been at the forefront of helping organizations anticipate and stay protected from both known and emerging cyber threats. Contact us to discover how our proactive managed security services can strengthen your organization's security posture and provide peace of mind. 

Get Started 

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics