Treasury hackers also breached US foreign investments review office
Summary: Silk Typhoon, a Chinese state-backed hacking group, has breached multiple offices within the U.S. Treasury Department, targeting systems that review foreign investments and administer sanctions. The attackers aimed to gather intelligence on potential sanctions against Chinese entities by exploiting a stolen API key.

Threat Actor: Silk Typhoon | Silk Typhoon Victim: U.S.…

Read More

Date Reported: 2025-01-07 Country: CAN | Canada Victim: Organisation des magasins d’alcool du Nouveau-Brunswick | New Brunswick Liquor Corporation Website: anbl.com Additional Information :

New Brunswick liquor stores have been closed for over two days. A potential cybersecurity threat prompted the organization to shut down its systems on Tuesday.…
Read More
STIIIZY data breach exposes cannabis buyers’ IDs and purchases
Summary: STIIIZY, a popular cannabis brand, disclosed a data breach involving the theft of sensitive customer information through a compromised point-of-sale vendor. The breach affected numerous customers, exposing personal details such as government IDs and transaction histories.

Threat Actor: Everest Ransomware Gang | Everest Victim: STIIIZY | STIIIZY

Key Point :

Data breach occurred after hackers compromised STIIIZY’s point-of-sale vendor.…
Read More
Tails 6.11 Fixes Exploitable Vulnerabilities with Critical Security Patches
Summary: The Amnesic Incognito Live System (Tails) has released version 6.11 to address critical security vulnerabilities identified during an external audit. These vulnerabilities, while requiring prior exploitation, could have led to significant privacy breaches, prompting the Tails team to recommend an immediate upgrade for users.

Threat Actor: Unknown | unknown Victim: Tails Users | Tails Users

Key Point :

Critical vulnerabilities in Tails 6.10 and earlier versions could allow persistent malware installation via Tails Upgrader.…
Read More
Unmasking Play Ransomware: Tactics, Techniques, and Mitigation Strategies
Summary: The Play ransomware, linked to the North Korean Andariel group, employs sophisticated techniques during the lateral movement phase of attacks, exploiting vulnerabilities and leveraging legitimate tools to infiltrate networks. Organizations are urged to enhance their security measures to combat these evolving threats.

Threat Actor: Andariel Group | Andariel Group Victim: Various Organizations | Various Organizations

Key Point :

Play ransomware encrypts files and follows a double extortion model, stealing data before encryption.…
Read More
In Other News: Bank of America Warns of Data Breach, Trucking Cybersecurity, Treasury Hack Linked to Silk Typhoon
Summary: This week’s cybersecurity news roundup highlights significant developments, including vulnerabilities, data breaches, and geopolitical implications involving major companies and organizations.

Threat Actor: Natohub, Silk Typhoon | Natohub, Silk Typhoon Victim: International Civil Aviation Organization, Bank of America, Green Bay Packers | International Civil Aviation Organization, Bank of America, Green Bay Packers

Key Point :

The US Defense Department has linked Tencent and CATL to the Chinese military.…
Read More
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
Summary: Cybersecurity researchers have identified a new AI-assisted ransomware group called FunkSec, which has targeted over 85 victims since its emergence in late 2024. The group employs double extortion tactics and operates under a ransomware-as-a-service model, with connections to hacktivist activities.

Threat Actor: FunkSec | FunkSec Victim: Various organizations | various organizations

Key Point :

FunkSec uses double extortion tactics, combining data theft with encryption to pressure victims.…
Read More
In Other News: Bank of America Warns of Data Breach, Trucking Cybersecurity, Treasury Hack Linked to Silk Typhoon
Summary: BayMark Health Services has begun notifying patients of a data breach resulting from a ransomware attack, which compromised personal information. The incident has affected patient data, including Social Security numbers and medical information, prompting the company to offer identity protection services.

Threat Actor: Ransomhub | Ransomhub Victim: BayMark Health Services | BayMark Health Services

Key Point :

BayMark operates around 200 addiction treatment facilities across the US, treating over 70,000 patients daily.…
Read More
CVE-2024-5594 (CVSS 9.1): Critical Vulnerability in OpenVPN Enables Code Execution
Summary: OpenVPN has released version 2.6.11 to patch three critical vulnerabilities, including one that allows arbitrary data injection into third-party executables. Users are urged to update to this version to mitigate potential security risks.

Threat Actor: Malicious OpenVPN peers | malicious OpenVPN peers Victim: OpenVPN users | OpenVPN users

Key Point :

CVE-2024-5594 allows attackers to inject arbitrary data into third-party executables or plugins, with a CVSS score of 9.1.…
Read More
New PayPal Phishing Scam Bypasses Security Measures
Summary: A new sophisticated PayPal phishing tactic has emerged, which effectively bypasses traditional phishing detection methods, as detailed by Fortinet’s CISO, Carl Windsor. This attack tricks users into linking their accounts to attackers by using seemingly legitimate emails and URLs.

Threat Actor: Unknown | unknown Victim: Individuals using PayPal | PayPal

Key Point :

The phishing email appears legitimate, with a valid sender address and genuine-looking URL.…
Read More
Chinese spies targeting new Ivanti vulnerability, Mandiant says
Summary: A newly discovered vulnerability in Ivanti’s Connect Secure VPN is being exploited by China-based espionage threat actors, prompting urgent action from U.S. cybersecurity agencies. Mandiant’s analysis highlights the ongoing risks and the potential for widespread exploitation of this vulnerability.

Threat Actor: UNC5221 | UNC5221 Victim: Ivanti | Ivanti

Key Point :

Mandiant identified exploitation of CVE-2025-0282 by Chinese hackers, linked to previous attacks on Ivanti products.…
Read More
Global: Huge Leak of URL Login Credentials and Passwords
Threat Actor: Unknown | unknown Victim: Global Users | global users Price: Not applicable Exfiltrated Data Type: URL login credentials and passwords

Key Points :

A massive data breach has exposed approximately 296,896,878 URL login credentials and passwords. The leaked database contains sensitive user information, raising significant online security and privacy concerns.…
Read More