LockBit 3.0 ransomware primarily targets Windows systems, exploiting vulnerabilities in Active Directory and Microsoft Exchange Server. It employs various tactics for initial access, data encryption, and data exfiltration, threatening victims with public data leaks unless ransoms are paid. LockBit has been particularly active in sectors such as healthcare, finance, and critical infrastructure, leveraging advanced techniques to evade detection.…
Read More
Tag: CLOUD
Summary: The Justice Department has indicted five individuals for facilitating a scheme that allowed North Korean nationals to secure employment with U.S. companies, generating substantial revenue for the North Korean government. The operation involved using forged documents and remote access software to enable North Koreans to work from abroad while laundering the earnings through a Chinese bank account.…
Read More
Summary: The FBI has issued a warning about North Korean IT workers who exploit their access to steal source code and extort U.S. companies. These workers often impersonate legitimate staff and utilize various tactics to conceal their identities, posing significant security risks to organizations. The FBI has recommended measures to mitigate these threats, including verifying identities and monitoring network activity.…
Read More
Summary: LinkedIn Premium customers are suing the platform for allegedly sharing their private messages with third parties without consent to train AI models. The lawsuit claims that LinkedIn enabled data sharing by default and failed to adequately disclose this in its privacy policy. Users argue that their messages are now embedded in AI models, which cannot be reversed, raising significant privacy concerns.…
Read More
Summary: Cyber Insights 2025 explores expert predictions on the evolution of malware, focusing on ransomware, the influence of AI, and the impact of geopolitics. As cybercriminals adapt their tactics, ransomware remains a prevalent threat, while advancements in AI may lead to faster and more sophisticated attacks.…
Read More
Summary: Cyberattackers are exploiting multiple Ivanti vulnerabilities to compromise the company’s Cloud Service Appliance (CSA). CISA and the FBI have identified several critical vulnerabilities that allow attackers to gain initial access and execute remote code on victim networks. Organizations are urged to upgrade their systems and implement detection methods to mitigate these threats.…
Read More
Summary: QNAP has addressed six critical vulnerabilities in its HBS 3 Hybrid Backup Sync software that could allow attackers to execute remote code on unpatched NAS devices. These vulnerabilities, identified as CVE-2024-12084 through CVE-2024-12747, can be exploited by attackers with anonymous read access to the vulnerable servers.…
Read More
Victim: WorldNet Telecommunications LLC
Country : PR
Actor: akira
Source:
Discovered: 2025-01-23 14:50:37.795226
Published: 2025-01-23 14:50:32.167431
Description :
WorldNet provides a comprehensive range of technology solutions for companies.
Services include digital security, IT consulting, and voice and data services.
Offers cloud services and broadband Internet solutions.…
Read More
Summary: Organizations are facing challenges in managing and retrieving data stored across multiple applications, making enterprise search increasingly complex. Doti AI, a new AI-powered platform, aims to streamline data access while ensuring data security by consolidating information and implementing strict access controls. The platform allows users to efficiently find relevant information within their workflows without compromising sensitive data.…
Read More
Summary: Finnish authorities are investigating the Eagle S oil tanker for potentially severing subsea cables intentionally on Christmas Day. The investigation is ongoing, with suspicions raised about the crew’s actions while dragging the anchor for an extended distance. The case has sparked debate over whether the incidents are accidental or part of a deliberate pattern of behavior.…
Read More
Cado’s export capabilities enhance security operations by streamlining data flow between SIEMs, ticketing systems, and forensic platforms. This integration reduces manual errors, improves efficiency, and ensures timely incident resolution. Affected: Cado platform, SIEMs, ticketing systems
Read More
Keypoints :
Modern SOCs face challenges with manual data transfers and incompatible formats.…
Summary: Cisco has released patches for three vulnerabilities, including a critical flaw in Meeting Management that allows remote attackers to gain administrator privileges. Additionally, a high-severity bug in Cisco BroadWorks could lead to denial-of-service conditions, while a medium-severity issue in ClamAV could crash the scanning process.…
Read More
Summary: Cisco has issued critical software updates to address a privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management system, allowing remote attackers to gain administrator access. Additionally, patches were released for a denial-of-service (DoS) flaw in BroadWorks and an integer underflow bug in ClamAV. The vulnerabilities highlight ongoing security challenges faced by organizations using Cisco products.…
Read More
This article examines two scenarios wherein attackers exploit misconfigured Redis servers and utilize cloud storage resources to execute malicious scripts and gain unauthorized access. The sophisticated techniques employed emphasize the necessity for proactive defensive measures. Affected: Redis servers, macOS systems
Read More
Keypoints :
Attackers exploit misconfigurations in Redis services to execute remote commands.…
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory regarding the active exploitation of four critical vulnerabilities in Ivanti Cloud Service Appliances. These include CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380, which can lead to unauthorized access, remote code execution, and credential theft.…
Read More
Summary: Google has identified a financially motivated threat actor named TRIPLESTRENGTH, which targets cloud environments for cryptojacking and on-premise ransomware attacks. The actor employs stolen credentials to hijack cloud resources for cryptocurrency mining and advertises access to compromised servers. Additionally, TRIPLESTRENGTH has been linked to ransomware operations using various malicious tools and has actively sought partnerships for further attacks.…
Read More
Summary: The US government has disclosed details of two exploit chains used by Chinese hackers to infiltrate Ivanti Cloud Service Appliances (CSA), highlighting significant vulnerabilities. Four critical security flaws have been identified, which are actively exploited by these threat actors. The advisory emphasizes the importance of monitoring and securing affected systems to prevent further intrusions.…
Read More
This advisory from CISA and FBI discusses the exploitation of multiple vulnerabilities in Ivanti Cloud Service Appliances (CSA) that occurred in September 2024. The vulnerabilities include administrative bypass, SQL injection, and remote code execution, which were exploited to gain unauthorized access, execute commands, and implant webshells.…
Read More
Summary: Conor Fitzpatrick, the founder of the cybercrime platform BreachForums, is set to be resentenced after a three-judge panel vacated a previous lenient sentence that allowed him to serve only 17 days in prison. The appellate court criticized the district court’s decision, which was influenced by Fitzpatrick’s age and autism diagnosis, for being “substantively unreasonable” given his extensive criminal activities.…
Read More
Victim: sdkgroup.com
Country : HK
Actor: ransomhub
Source: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/035b01ba-eeed-4514-8e06-9e9b4f865797/
Discovered: 2025-01-22 20:24:11.626081
Published: 2025-01-22 20:23:01.411307
Description :
Global business consulting firm
Specializes in information technology and business process services
Helps clients implement and optimize corporate IT strategies
Offers IT consulting, cloud services, data analytics, and software development
Serves diverse industries: logistics, healthcare, banking, energy
Provides support in multiple languages
Operates in several countries
About Country: Hong Kong (HK)
Read More
– Cybersecurity Framework: Hong Kong has a structured approach to cybersecurity, governed by the Hong Kong Cybersecurity Strategy initiated by the government to enhance resilience against cyber threats.…