October 24, 2024 at 04:25PM A critical vulnerability (CVE-2024-47575) in Fortinet’s FortiManager has been exploited by threat actor UNC5820, compromising over 50 devices. This flaw allows unauthorized access and manipulation, raising security concerns. Though sensitive information was extracted, no follow-up attacks have been reported. Immediate forensic investigations and remediation efforts are advised. ### Meeting Takeaways … Read more
October 14, 2024 at 10:30PM Cisco is investigating claims of a data breach after a hacker, “IntelBroker,” alleged the theft of sensitive files including source code and customer data. The investigation follows IntelBroker’s announcement of selling the stolen data on a hacking forum. The connection to previous breaches remains unclear. ### Meeting Takeaways: 1. **Investigation … Read more
October 9, 2024 at 06:26PM The Internet Archive’s “Wayback Machine” experienced a data breach, exposing a user authentication database with 31 million records. The breach was confirmed after hacker alerts appeared on the site. The stolen data includes email addresses and hashed passwords. A DDoS attack was also reported, claimed by the BlackMeta group. ### … Read more
October 8, 2024 at 06:07AM GoldenJackal, a little-known threat actor, has been linked to cyber attacks on embassies and governmental organizations. They aim to infiltrate air-gapped systems using bespoke toolsets. The attacks targeted a South Asian embassy in Belarus and a European Union government organization. The group has displayed advanced capabilities, using multiple malware families … Read more
October 7, 2024 at 10:56AM Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, were breached by the Chinese hacking group Salt Typhoon. The attack aimed at gathering intelligence from systems used by the U.S. federal government for network wiretapping requests. This sophisticated group has also targeted entities in other countries and utilizes various … Read more
October 2, 2024 at 09:08PM CeranaKeeper, a China-aligned threat actor, has conducted large-scale data exfiltration in Southeast Asia. ESET researchers found that the group has been active since early 2022, using tools associated with Mustang Panda and exploiting file-sharing services. They breached Thai government systems and conducted extensive data harvesting, demonstrating rapid evolution and persistence. … Read more
October 2, 2024 at 12:15PM CeranaKeeper, a new threat actor, has been conducting data exfiltration attacks in Southeast Asia, targeting countries like Thailand, Myanmar, the Philippines, Japan, and Taiwan. Utilizing backdoors through legitimate cloud and file-sharing services, the group demonstrates a relentless and creative approach, with an extensive custom toolset for massive data siphoning. ESET … Read more
October 1, 2024 at 01:27AM Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API, enabling attackers to co-opt instances into a malicious Docker Swarm. The attacks leverage Docker for access, spawning a cryptocurrency miner, and orchestrating lateral movement to related hosts. The campaign also demonstrates the use of evolving malware and … Read more
September 30, 2024 at 08:00AM Microsoft warns of cybercriminal gang Storm-0501 targeting US organizations’ hybrid cloud environments with ransomware deployments. Active since 2021, the financially motivated group employs various ransomware families and exploits weak credentials and known vulnerabilities to gain control of networks, compromise devices, and deploy ransomware, posing a threat across multiple sectors. Based … Read more
September 26, 2024 at 08:54AM Threat actors linked to North Korea have introduced two new malware strains, named KLogEXE and FPSpy, as part of their cyber activity. These strains enhance the capabilities of the group known as Sparkling Pisces and are used for espionage and data collection. The targets have mainly been in South Korea … Read more