August 18, 2024 at 09:57PM
A new malware called EDRKillShifter has been identified by Sophos, using legitimate but vulnerable drivers to deliver ransomware to targets and disrupt endpoint detection and response software. Additionally, a critical vulnerability has been reported in SolarWinds Web Help Desk, while NetSuite SuiteCommerce and SiteBuilder sites are found to be exploitable. Lastly, Evolution Mining, Kootenai Health, and five malware variants are discussed.
After reviewing the meeting notes, I have identified two critical vulnerabilities mentioned and several malware-related incidents. The first critical vulnerability is a SolarWinds vulnerability (CVE-2024-28986) with a severity score of 9.8, impacting the SolarWinds Web Help Desk. The second vulnerability involves NetSuite SuiteCommerce or SiteBuilder, which may leak customer PII due to poor access control configuration.
In terms of the malware-related incidents, it’s noted that a new malware dubbed EDRKillShifter has been discovered, which leverages vulnerable Windows drivers to deploy ransomware and shut down endpoint detection and response software. Additionally, several ransomware incidents, including one targeting an Australian gold mining company, a healthcare firm in Idaho, and specific malware variants that had a significant impact in the second quarter of 2024, have been reported.
It’s essential to proactively manage and mitigate these risks by applying necessary patches, conducting access control assessments, and strengthening security measures to protect against known malware families. I can also assist in preparing a comprehensive report summarizing these key findings for further review and action.