March 26, 2024 at 10:03AM Staying informed on threat-actor group behavior is crucial for navigating the dynamic security landscape. This is key for both organizations and individuals. Based on the meeting notes, a clear takeaway would be the importance of staying informed about threat-actor group behavior in order to effectively navigate the ever-changing security landscape … Read more
March 20, 2024 at 10:36AM A low-level threat actor is using common malware and genuine software to attack Russian businesses. It appears that a relatively simple threat actor is focusing on Russian companies, using commonly available malware as well as legitimate software. Full Article
March 18, 2024 at 03:08PM Despite a slight increase in patching, over 133,000 Fortinet appliances remain vulnerable to the critical security flaw CVE-2024-21762. The vulnerability allows remote code execution and is actively exploited. Another critical flaw, CVE-2023-48788, has been disclosed, adding to the patching workload. The widespread attacks make swift patching crucial. Key takeaways from … Read more
March 18, 2024 at 04:58AM APT & Targeted Attacks Summary An APT campaign named Earth Krahang targets government entities worldwide, with a focus in Southeast Asia, but also in Europe, America, and Africa. Using public-facing servers and spear phishing emails, the threat actor aims to conduct cyberespionage by abusing compromised government infrastructure. The campaign involves … Read more
March 17, 2024 at 07:24PM AT&T denied that the leaked data impacting 71 million people originated from its systems, following a hacker’s attempt to sell the data. Another hacker later leaked the data for free, containing personal information like names, addresses, and encrypted social security numbers. The source of the data remains a mystery, posing … Read more
March 16, 2024 at 04:48PM ShadowSyndicate, a ransomware actor, has targeted servers vulnerable to CVE-2024-23334 in the aiohttp Python library. The vulnerability allows remote attackers to access files on affected servers. Exploitation attempts were observed, originating from five IP addresses connected to ShadowSyndicate. Cyble’s data shows about 44,170 exposed aiohttp instances globally, making the extent … Read more
March 14, 2024 at 04:35PM CVE-2024-48788, a recent Fortinet flaw, is expected to be a prime target, particularly for nation-state sponsored actors, due to its similarity to other vulnerabilities. Based on the meeting notes, the key takeaway is that CVE-2024-48788, similar to other recent Fortinet vulnerabilities, is expected to be a highly desirable target, particularly … Read more
March 14, 2024 at 10:07AM Attributing a cyber incident to a specific threat actor involves multiple factors. Based on the meeting notes, it is clear that attributing a cyber incident to a specific threat actor is a complex task with many factors involved. Full Article
March 14, 2024 at 01:21AM In mid-January 2024, a DarkGate malware campaign leveraged a Microsoft Windows security flaw, leading to attacks targeting financial institutions. The flaw, CVE-2024-21412, was fixed in February 2024, but not before being exploited in conjunction with Google Ads open redirects. This tactic allowed threat actors to distribute malicious software installers, resulting … Read more
March 13, 2024 at 02:48PM Fortinet patched a critical remote code execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) software, impacting versions 7.0 and 7.2. The company also fixed an out-of-bounds write weakness in FortiOS and FortiProxy captive portal, as well as other high-severity flaws. A prior RCE bug was disclosed, potentially exploited … Read more