Multiple threat groups have targeted organizations worldwide through the exploitation of two old vulnerabilities in a DrayTek product. Tenable researchers discovered two flaws in DrayTek VigorConnect, a management software for DrayTek network equipment, in 2021, which the US Cybersecurity and Infrastructure Security Agency (CISA) has now added to its Known Exploited Vulnerabilities (KEV) catalog. The exploited flaws are path traversal issues that enable an unauthenticated attacker to download arbitrary files with root privileges from the underlying operating system.

Security researchers discovered a new distribution mechanism for the "Lumma Stealer" infostealer malware. The mechanism is a "checker" tool used by hackers to validate stolen credentials. According to Veriti, the checker software was distributed by a user named "Bilalkhanicom" on a popular hacking forum, targeting other cybercriminals. Verity says the checker tool promoted by Bilalkhanicom promised to let fellow cybercriminals validate OnlyFans logins, check account balances, verify if payment methods were attached, and determine if accounts had creator privileges.

Semiconductor supplier Microchip Technology recently confirmed that personal information and other types of data were stolen from its systems during a recent ransomware attack.  The company disclosed the incident on August 20.  Roughly a week later, the Play ransomware gang claimed responsibility for the assault, adding Microchip to its Tor-based website.  The cybercriminals said they were able to siphon personal information, employee IDs, and various business and financial documents.

Cisco recently announced patches for multiple vulnerabilities, including two critical-severity flaws in Smart Licensing Utility and a medium-severity Identity Services Engine flaw for which proof-of-concept (PoC) code exists.  According to Cisco, the Smart Licensing Utility bugs, tracked as CVE-2024-20439 and CVE-2024-20440 (CVSS score of 9.8), could allow remote, unauthenticated attackers to access sensitive information or log in as administrators.

A new supply chain attack technique named "Revival Hijack" by the software supply chain security company JFrog has been used in the wild to infiltrate downstream organizations. The method could be used to hijack 22,000 existing Python Package Index (PyPI) packages, potentially resulting in "hundreds of thousands" of malicious downloads. It involves hijacking PyPI software packages by manipulating the option to re-register them once the original owner has removed them from the repository. This article continues to discuss the new Revival Hijack supply chain attack technique.

Cisco's site for selling company-themed merchandise has temporarily been taken down due to hackers compromising it with JavaScript code that steals sensitive customer details entered at checkout. The researchers who discovered it say that it appears to be a "CosmicSting" attack in which threat actors inject HTML or JavaScript code in CMS blocks rendered in the checkout flow. This article continues to discuss the compromise of Cisco's store site by hackers through the injection of malicious JavaScript code.

The frequency, severity, and costs of ransomware attacks continue to grow. Recent reports show rising attacks on healthcare, manufacturing, and other critical sectors. Organizations are often hit multiple times, and ransom payments rarely stop further disruption. Semperis' "2024 Ransomware Risk Report" found that 74 percent of victims were attacked multiple times in a year. This article continues to discuss key findings and observations regarding ransomware attacks.