Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin
Cybersecurity researchers have unmasked the identity of one of the individuals who is believed to be associated with the e-crime actor known as XE Group.
According to Menlo Security, which pieced together the information from different online sources, “Nguyen Huu Tai, who also goes by the names Joe Nguyen and Thanh Nguyen, has the strongest likelihood of being involved with the XE Group.”
XE
Cybersecurity researchers have unmasked the identity of one of the individuals who is believed to be associated with the e-crime actor known as XE Group.
According to Menlo Security, which pieced together the information from different online sources, “Nguyen Huu Tai, who also goes by the names Joe Nguyen and Thanh Nguyen, has the strongest likelihood of being involved with the XE Group.”
XE
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
The Fix and Mitigation
Octopus Deploy has not identified any known mitigations for CVE-2024-2975, making it crucial for users to upgrade to a fixed version.
The company has released the following patched versions of Octopus Server:
2023.4.8432
2024.1.12087
2024.2.2075
Upgrade Recommendations
Octopus Deploy recommends upgrading to the latest version, 2024.1.12087, to ensure protection against the vulnerability.
For users unable to upgrade to the latest version, the following upgrade paths are advised:
For versions 0. x.x to 4. x.x, and 2018. x to 2022.x: Upgrade to 2024.1.12087 or greater
For versions 2023.1.x to 2023.3.x: Upgrade to 2024.1.12087 or greater
For versions 2023.4.x: Upgrade to 2023.4.8432 or greater
For versions 2024.1.x: Upgrade to 2024.1.12087 or greater
Support and Exploitation Status
Octopus Deploy’s security team has not observed any public announcements or malicious exploitation of CVE-2024-2975.
However, given the flaw’s severity, users are encouraged to take immediate action.
The discovery of CVE-2024-2975 reminds us of the importance of maintaining up-to-date software to safeguard against potential security threats. Octopus Server users should review their installed versions and promptly upgrade to secure their systems from this high-severity vulnerability.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Cybersecurity in the AI Era: Insights from Unit 42’s Kyle Wilhoit, Director of Threat Research
Join us on the latest episode of Threat Vector to dive into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. The podcast also touches on the threat research published by Unit 42 regarding the unique characteristics of Medusa ransomware with Unit 42 researchers Doel Santos, principal threat researcher, and Anthony Galiette, senior malware reverse engineer.
This thought-provoking discussion, hosted by David Moulton, director of thought leadership at Unit 42, focuses on the current state and future trends of AI in cyberthreats. Discover how AI is reshaping the landscape of cyberattacks, the role of generative AI in threat actor tactics, and the challenges of attribution in AI-driven cyberattacks.
Wilhoit shares his perspectives on the notable use cases where adversarial AI techniques have been employed and how cybersecurity professionals can adapt to these emerging challenges. Learn about the balance between targeted and non-targeted AI-driven attacks and the strategies being developed to counteract them effectively.
The conversation then shifts to new research on Medusa ransomware, with experts Santos and Galiette, offering a snapshot of the threat intel they published on the Unit 42 Threat Research Center. Their research exposes how Medusa employs sophisticated methods for propagation and evasion, a unique multi-extortion strategy, transparently pressurizing victims with online ransom demands, and a detailed breakdown of Medusa ransomware’s operations and the proactive protective measures suggested by Palo Alto Networks. Read More
A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and…