Talk to an expert

Category: Threat Briefs

Scattered Spider, Oktapus, UNC3944, Scatter Swine – MGM Resorts Compromise

Threat Summary: On September 11th, 2023, MGM Resorts suffered a crippling ransomware attack that resulted in 10 days of computer system downtime as well as an estimated overall loss of $80,000,000. The threat actor, dubbed Scattered Spider, is claiming ownership of this hack and alleges to have ties with the infamous ALPHV/BlackCat ransomware gang. In […]

Flax Typhoon APT 

Threat Summary:Flax Typhoon is a suspected China-based, nation-state threat actor whose TTPs appear to be closely aligned with espionage objectives and extended persistence. Despite activity tracing back to mid-2021, this APT's final objectives are unknown and they have been observed mostly targeting government, education, and critical manufacturing organizations in Taiwan; Though a small subset of […]
Threat Brief: Ivanti/MobileIron Sentry Authentication Bypass Vulnerability (CVE-2023-38035)

Ivanti/MobileIron Sentry Authentication Bypass Vulnerability (CVE-2023-38035)

Threat Summary: CVE-2023-38035 allows an unauthenticated attacker to access sensitive admin configuration APIs on versions 9.18 and prior of Ivanti Sentry over port 8443. These configuration APIs are then used by the MobileIron Configuration Service (MICS), which upon successful exploitation, could lead to remote code execution with root permissions and configuration changes to MICS. Lumifi's […]
Threat Brief: Storm-0558 Unleashes Authentication Token Forgery

Storm-0558 Unleashes Authentication Token Forgery

Threat Summary: Storm-0558 is suspected to be a China-based, nation-state threat actor whose TTPs are closely aligned with espionage objectives. This threat actor managed to compromise an inactive MSA signing key which was then used to sign fabricated authentication tokens. Authentication tokens are short-lived credentials that are used to authenticate users to a service. They […]

Update on PrintNightmare & Kaseya Ransomware

Over the 4th of July weekend, two breaches were brought to Lumifi's attention pertaining to PrintNightmare and Kaseya. Details on PrintNightmare While you likely do not have Print Servers exposed to the world (we hope not), we also wanted to note that we are aware of this and have diligently reviewed detection methodology. POC code […]

F5 BIG-IP Vulnerabilities

Twelve days ago, F5 announced several security vulnerabilities that went primarily overshadowed by the Exchange/Hafnium situation. It's important to understand that some of these are critical, remote command execution-level vulnerabilities that require nothing more than an attacker to connect to an F5 BIG-IP device. For those devices, being positioned "in front of" web server clusters […]
Privacy PolicyTerms & ConditionsSitemapSafeHotline