3rd February – Threat Intelligence Report

Download our Hazard Intelligence Bulletin for the most recent information on digital research for the week of February 3rd.

TOP ATTACKS AND BREACHES

    The giant sports products company Mizuno USA has confirmed that a cyber-attack that took place between August and October 2024 resulted in the theft of personal information from its network. The data breach included titles, Social Security numbers, economic account information, driver’s license facts, and card numbers. The BianLian malware group claimed responsibility for the assault.

This threat ( Ransomware ) is protected by Check Point Harmony Endpoint and Threat Emulation. Wins. BianLian. ta. *, Ransomware. Wins. BianLian, Backdoor. Wins. BianLian, HackTool. Wins. BianLian )

    El Cruce hospital in Buenos Aires, Argentina, suffered a ransomware attack by the Medusa malware group. The organization threatened to release 760GB of patient data, including patient information, unless it received$ 200K in Bitcoin after launching a major strike on the patient’s IT networks.

This risk is protected by the Check Point Harmony Endpoint and Threat Emulation.

    On January 26th, a ransom attack targeted New York Blood Center Enterprises, which affected their IT systems. Body donations are delayed because the heart center has taken its system offline and said there isn’t a set date for system restoration.

  • Tata Technologies, an American technology company, was the victim of a malware attack that caused momentary suspension of some IT services while primary client delivery systems remained intact. No danger actor has claimed responsibility for the assault, and it’s not known if any information was stolen.
  • Between November 28, 2024 and January 8, 2025, Asian product manufacturer Wacom experienced a cyber-attack that was likely to lead to customer payment cards theft from its online store. When making purchases on Wacom’s site, the attackers used malicious code to spoof pay card data.
  • Community Health Center, a company of US healthcare providers, was the victim of a data breach that exposed over one million people’s delicate personal and medical information. The violation, which occurred on January 2, 2025, involved illicit access to CHC’s techniques, compromising personal information, Social Security numbers, health information, and financial information.
  • The Persian hacktivist group Handala abused the crisis systems of various Jewish kindergartens and educational facilities to play alarm sirens and numerous terrorism-supporting songs. The group claimed to have targeted Jewish technology company Maagar-Tec, which runs panic button systems in schools.
  • Millers Group, a British company that deals in architecture, made a cyber-attack that involved unauthorized access to its systems. The business has never made any details about when the attack took place or whether any information was leaking. No risk actor has so far made a claim of responsibility.

Threats AND Areas

    More than a million lines of log torrents were discovered in a publicly accessible ClickHouse collection belonging to the novel Chinese AI website DeepSeek. The data included highly sensitive information, such as chat past, API mysteries, and server information. Due to the absence of identification or protection mechanisms, this exposure gave DeepSeek total control over database operations and possible privilege escalation in its environment. The issue was fixed following its publication.

  • A critical-severity vulnerability ( CVE-2024-55591 ) in Fortinet’s FortiOS was as actively exploited in the wild. A distant intruder can gain super-admin protections through crafted calls to Node by using an Authentication Bypass Using an Alternate Path or Channel risk. js http unit.

Fortinet Multiple Products Authentication Bypass ( CVE-2024-55591 ): Protection against this threat ( Celution Point IPS, CVE-2024-55591 ) )

    Essential flaws in Node. js variations (v18. by, v20. by, v22. by, v23. by ) could result in data fraud, DoS, and system settlement. Significant vulnerabilities include CVE-2025-23087 through CVE-2025-23089, affecting different versions with issues such as employee authority bypasses, way routing, and memory leaks. These make it possible for remote attackers to execute arbitrary code, compromise systems, and possibly gain unauthorised access.

Risk INTELLIGENCE REPORTS

    Xloader malware, a successor to Formbook known for stealing information from web browsers, email clients, and FTP applications, employs increased subterfuge and encryption techniques like execution password encryption and NTDLL wire evasion. It establishes persistence by copying itself to certain sites, modifying Windows registry entries, and using approach shot.

Harmony Endpoint and Check Point Threat Emulation offer protection against this threat ( Trojan ). Win. Xloader, Trojan. Win. Xloader. jo, Trojan. Wins. Xloader. tayc, Trojan. Wins. Xloader. ta. * )

    By encrypting data and changing registry keys for boldness, a recently discovered malware called Windows Locker, first discovered on GitHub in December 2024, is targeted at victims. It uses AES encryption methods to encode data and avoids traditional recovery techniques. Additionally, Windows Locker deletes dark copies, leaving users able to get manipulated documents.

  • Arcus Media malware maintains registry-based boldness and uses the ShellExecuteExW API without granting administrative access to the ransomware’s technical analysis. It halts essential procedures like SQL servers and contact customers via the CreateToolhelp32Snapshot API, encrypts data with the ChaCha20 encryption adding” ]Encrypted]. Arcus” to filenames, and hinders healing by deleting dark files, disabling system treatment, and clearing function logs.

DNS checker

Leave a Comment