Tag: CLOUD

Finnish investigators suspect Baltic Sea cable damage was intentional
Summary: Finnish authorities are investigating the Eagle S oil tanker for potentially severing subsea cables intentionally on Christmas Day. The investigation is ongoing, with suspicions raised about the crew’s actions while dragging the anchor for an extended distance. The case has sparked debate over whether the incidents are accidental or part of a deliberate pattern of behavior.…
Read More
From SIEM to Ticketing: Streamlining Security Operations with Cado’s Export Capabilities
Cado’s export capabilities enhance security operations by streamlining data flow between SIEMs, ticketing systems, and forensic platforms. This integration reduces manual errors, improves efficiency, and ensures timely incident resolution. Affected: Cado platform, SIEMs, ticketing systems

Keypoints :

Modern SOCs face challenges with manual data transfers and incompatible formats.…
Read More
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
Summary: Cisco has issued critical software updates to address a privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management system, allowing remote attackers to gain administrator access. Additionally, patches were released for a denial-of-service (DoS) flaw in BroadWorks and an integer underflow bug in ClamAV. The vulnerabilities highlight ongoing security challenges faced by organizations using Cisco products.…
Read More
Advanced Threat Detection: Exploitation Tactics from a CIRT Technical Interview
This article examines two scenarios wherein attackers exploit misconfigured Redis servers and utilize cloud storage resources to execute malicious scripts and gain unauthorized access. The sophisticated techniques employed emphasize the necessity for proactive defensive measures. Affected: Redis servers, macOS systems

Keypoints :

Attackers exploit misconfigurations in Redis services to execute remote commands.…
Read More
Four Critical Ivanti CSA Vulnerabilities Exploited, CISA and FBI Urge Mitigation
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory regarding the active exploitation of four critical vulnerabilities in Ivanti Cloud Service Appliances. These include CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380, which can lead to unauthorized access, remote code execution, and credential theft.…
Read More
TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware
Summary: Google has identified a financially motivated threat actor named TRIPLESTRENGTH, which targets cloud environments for cryptojacking and on-premise ransomware attacks. The actor employs stolen credentials to hijack cloud resources for cryptocurrency mining and advertises access to compromised servers. Additionally, TRIPLESTRENGTH has been linked to ransomware operations using various malicious tools and has actively sought partnerships for further attacks.…
Read More
FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
Summary: The US government has disclosed details of two exploit chains used by Chinese hackers to infiltrate Ivanti Cloud Service Appliances (CSA), highlighting significant vulnerabilities. Four critical security flaws have been identified, which are actively exploited by these threat actors. The advisory emphasizes the importance of monitoring and securing affected systems to prevent further intrusions.…
Read More
BreachForums admin to be resentenced after appeals court slams supervised release
Summary: Conor Fitzpatrick, the founder of the cybercrime platform BreachForums, is set to be resentenced after a three-judge panel vacated a previous lenient sentence that allowed him to serve only 17 days in prison. The appellate court criticized the district court’s decision, which was influenced by Fitzpatrick’s age and autism diagnosis, for being “substantively unreasonable” given his extensive criminal activities.…
Read More

Victim: sdkgroup.com Country : HK Actor: ransomhub Source: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/035b01ba-eeed-4514-8e06-9e9b4f865797/ Discovered: 2025-01-22 20:24:11.626081 Published: 2025-01-22 20:23:01.411307 Description : Global business consulting firm Specializes in information technology and business process services Helps clients implement and optimize corporate IT strategies Offers IT consulting, cloud services, data analytics, and software development Serves diverse industries: logistics, healthcare, banking, energy Provides support in multiple languages Operates in several countries

About Country: Hong Kong (HK)

– Cybersecurity Framework: Hong Kong has a structured approach to cybersecurity, governed by the Hong Kong Cybersecurity Strategy initiated by the government to enhance resilience against cyber threats.…

Read More
Trump admin tells all Democrats on intelligence oversight board to resign
Summary: The Trump administration has requested the resignation of all Democratic members from the Privacy and Civil Liberties Oversight Board (PCLOB), a move seen as part of a broader effort to remove Biden appointees from federal positions. This board, which is intended to operate with bipartisan support, has recently been in the spotlight due to its divided stance on the renewal of a controversial foreign spying law.…
Read More
China-linked hacker group targets victims in East Asia with malicious VPN installers
Summary: A new Chinese state-sponsored hacker group, PlushDaemon, has been targeting users in East Asia through an espionage campaign involving a compromised VPN installer from South Korean firm IPany. The attackers deployed custom malware capable of extensive data collection and spying on victims. Although discovered recently, PlushDaemon has been active since at least 2019, focusing on espionage against various entities across multiple countries.…
Read More
Iran and Russia deepen cyber ties with new agreement
Summary: A recent agreement between Iran and Russia aims to enhance military, security, and technological cooperation, particularly in cybersecurity and internet regulation. The deal, signed by leaders of both nations, seeks to formalize their close ties and establish stronger control over the digital space. Both countries, known for their restrictive internet policies, plan to collaborate on countering cybercrime and managing national internet segments.…
Read More

Victim: ilemgroup.com Country : US Actor: ransomhub Source: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/823476cb-66c0-4a28-9ae7-021ef226cd7a/ Discovered: 2025-01-22 14:48:02.057309 Published: 2025-01-22 14:46:52.636515 Description : Technology company specializing in IT solutions Main areas: IT system integration, software development, data management, cloud services, and cybersecurity Based in Switzerland and Morocco Helps businesses improve through innovative technological strategies Offers digital transformation and tech consultancy services Focus on quality and efficiency

About Country: United States

– Cybersecurity Framework: The US has developed a comprehensive cybersecurity framework led by the National Institute of Standards and Technology (NIST), which helps organizations manage and reduce cybersecurity risk.…

Read More
Trump administration removes private sector leaders from all DHS panels, including CSRB
Summary: The Trump administration has removed private sector members from all Department of Homeland Security (DHS) committees, including the Cyber Safety Review Board (CSRB), in a move aimed at prioritizing national security. This decision comes as the CSRB investigates the Salt Typhoon hacks, attributed to Chinese-linked attackers, which have affected multiple telecommunications companies.…
Read More
Cyber Insights 2025: APIs – The Threat Continues
Summary: SecurityWeek’s Cyber Insights 2025 highlights expert predictions regarding the increasing vulnerabilities associated with APIs as their usage expands. As organizations adopt more SaaS applications and AI-driven tools, APIs are becoming prime targets for cybercriminals, leading to a significant rise in API-related breaches. Experts emphasize the urgent need for improved API security measures to combat these evolving threats.…
Read More
Hidden Threats of Game Assistants | Analysis Report on the “Catlavan” Backdoor Spread in Gaming Forums
As the user base for online gaming grows, so does the gray market for cheats and auxiliary software, which has also led to the spread of malware. A breakthrough in malicious file detection technology by BinaryAI identifies a recent attack targeting users in Russian-based gaming environments, linked to a backdoor named “Catlavan.”…
Read More