19 April 2024

6 min read

Palo Alto Networks urges patch of critical vulnerability | Cyber Intelligence Briefing: 19 April

April 2024
Palo Alto Networks urges patch of critical vulnerability | Cyber Intelligence Briefing: 19 April placeholder thumbnail


Top news stories this week

  1. Zero-day alert. Palo Alto Networks releases an advisory for the actively exploited PAN-OS firewall software vulnerability.
  2. Break the bank. Change Healthcare ransomware attack causes USD 872 million in losses.
  3. Seized. Europol takes down Phishing-as-a-Service Platform LabHost.
  4. Time to patch. Hackers are exploiting a Fortinet vulnerability as Ivanti releases patches for critical flaws.
  5. Data lawsuits. MGM attempts to stop FTC investigation as Cerebral agrees to USD 7 million settlement.
  6. On the hunt. LockBit cases continue as UK investigators close in on group’s affiliates. 

1. Palo Alto PAN-OS firewalls under attack    

Palo Alto Networks has issued a security advisory urging to patch a critical zero-day vulnerability, tracked as CVE-2024-3400, in their PAN-OS firewall software. If exploited, this vulnerability allows a remote, unauthenticated attacker to run commands on an affected device, providing them initial access to the network. The vulnerability is being actively exploited in the wild, and early mitigations were found to be ineffective against attacks.

So What?

Organisations should closely follow vendor advisories for the latest updates and guidance.

[Researcher: Ineta Simkunaite] 

2. Change Healthcare ransomware attack causes USD 872 million in losses 

UnitedHealth has confirmed it suffered USD 872 million in losses in quarter one earnings as a result of a ransomware attack on its subsidiary Change Healthcare earlier this year. Direct cyber response costs accounted for USD 593 million of the loss, with USD 279 million resulting from business interruption.

Separately, the threat actor RansomHub has begun publishing data allegedly stolen form Change Healthcare on the dark web.

So what?

Proactively engaging cybersecurity experts to develop incident response plans can prevent the substantial financial repercussions of a cyber incident.

[Researcher: David Broome]

3. Europol takes down phishing platform LabHost

Europol, supported by  law enforcement from 19 countries, has successfully disrupted the world’s largest phishing-as-a-service platform Labhost. Since 2021, the platform had been offering illicit phishing services for a monthly fee, including a tool named LabRat tool, that provided low skilled cyber criminals the tools to steal bank card numbers, pin numbers and passwords.

So what?

The Labhost takedown poses a significant blow. However, new services may soon emerge to fill the gap.

[Researcher: Lena Krummeich]

New call-to-action


4. Critical Fortinet and Ivanti vulnerabilities

Threat actors are exploiting a critical vulnerability (CVE-2023-48788) in Fortinet's FortiClient Enterprise Management Server (EMS) to execute unauthorised code through specially designed requests.

Separately, Ivanti has issued patches to address 27 vulnerabilities, including two critical ones (CVE-2024-24996 and CVE-2024-29204), in its Avalanche mobile device management (MDM) solution which could allow attackers to remotely execute commands.

So what?

Both vendors have released patches for critical vulnerabilities. Users of the affected products should immediately update to the latest versions.

[Researcher: Aditya Ganjam Mahesh]

5. MGM attempts to stop FTC investigation and Cerebral agrees $7 million settlement

MGM Resorts is suing the FTC to stop a data security investigation following a 2023 cyber attack. The entertainment giant has claimed the investigation is inappropriate because it is not a financial institution.  

Separately, telehealth firm Cerebral has agreed to a USD 7 million settlement to the FTC over allegations of improperly disclosing sensitive health data to various social media platforms, impacting 3.2 million users.

So what?

These large-scale cases pave the way for data breach litigations, emphasising the importance of prioritising data privacy and cyber security.

[Researcher: Amy Gregan]


6. LockBit cases continue as UK investigators close in group’s affiliates

Investigators from the UK National Crime Agency (‘NCA’) have reportedly established the “real world identities” of several LockBit affiliates, according to a senior investigator at the agency. The NCA obtained a list of 200 of the group’s affiliates during an international operation designed to disrupt the group in February 2024.

So what?

S-RM has been engaged on several LockBit cases since the attempted takedown of the group, indicating that they are still active despite the continued focus from law enforcement.

[Researcher: Waithera Junghae]



The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.


Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.