Tag: EXPLOIT

Daily News Update: Friday, March 28, 2025 (Australia/Melbourne)
A wave of cybersecurity incidents has revealed vulnerabilities across various platforms, affecting developers, healthcare providers, enterprises, and individuals. Notably, npm packages were compromised to steal sensitive information, a critical flaw was patched in Firefox, a ransomware fine was issued to a UK company, and numerous vulnerabilities were identified in solar inverters.…
Read More
Red Team Perspective: Known Attack Surface and Potential Risks of GitLab – Security KER – Security Information Platform
This article discusses various known attack surfaces and potential risks associated with GitLab, highlighting a range of vulnerabilities, including Remote Code Execution (RCE), SSRF, XSS, and permission escalation issues. The information covers the history of vulnerabilities, their impact, and famous cases, emphasizing the importance of security measures for self-managed GitLab instances.…
Read More
RST TI Report Digest: 31 Mar 2025
This week’s threat intelligence report reveals an analysis of multiple cyber threat reports. Key highlights include espionage tactics from APT groups, sophisticated malware deployments, and various Indicators of Compromise (IoCs) detected across platforms. The ongoing evolution of cyber threats emphasizes adaptive techniques utilized by attackers to infiltrate critical sectors.…
Read More
Exposed Jupyter Notebooks Targeted to Deliver Cryptominer
Cado Security Labs uncovered a new cryptomining campaign that exploits misconfigured Jupyter Notebooks across Windows and Linux systems. This campaign employs a series of executables, scripts, and binary downloads to install cryptominers targeting various cryptocurrencies. Affected: Jupyter Notebooks, Windows systems, Linux systems, cloud environments

Keypoints :

A cryptomining campaign utilizes Jupyter Notebooks, targeting Windows and Linux.…
Read More
Gamaredon Exploits Troop Movement Lures to Spread Remcos via DLL Sideloading
Summary: A targeted malware campaign by the Russian state-aligned group Gamaredon is exploiting Windows shortcut files to disseminate the Remcos backdoor, primarily targeting users in Ukraine. By masquerading as sensitive military documents, this operation takes advantage of the ongoing geopolitical strife, using sophisticated techniques for stealth and access retention.…
Read More
Samsung Tickets Data Leak: Infostealers Strike Again in Massive Free Dump
This article discusses a massive data breach impacting Samsung Germany, where a hacker known as “GHNA” leaked approximately 270,000 customer tickets due to credentials stolen by infostealer malware back in 2021. The breach highlights the dangers of unmonitored and unrotated credentials, leading to potential exploitation and privacy violations for thousands of customers.…
Read More
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed the presence of a new malware, RESURGE, targeting vulnerabilities in Ivanti Connect Secure appliances. This malware exploits a recently patched security flaw (CVE-2025-0282) and has capabilities enhancing its evasion and operational effectiveness. It is linked to espionage activities potentially conducted by state-sponsored threat actors.…
Read More

Victim: system-toolsgmbh.de Country : DE Actor: safepay Source: http://nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#system Discovered: 2025-03-30 03:00:51.848357 Published: 2025-03-30 02:59:17.048647 Description : System-Tools GmbH, a victim of ransomware based in Germany, experienced a significant cyberattack perpetrated by the Safepay group. This incident highlights the growing threat of ransomware in the region, as cybercriminals increasingly target businesses to exploit sensitive data and demand ransom payments.…
Read More
Lucid: The Rising Threat of Phishing-as-a-Service
Summary: The report by Prodaft reveals the emergence of Phishing-as-a-Service (PhAAS) platforms, particularly focusing on the Lucid platform operated by Chinese-speaking threat actors. This platform facilitates large-scale phishing attacks targeting individuals and organizations worldwide through sophisticated mechanisms that exploit messaging technologies. The rise of such platforms underscores a growing threat landscape, intensifying the risks associated with financial cybercrime and the need for enhanced security measures.…
Read More

Victim: iDRAC (Integrated Dell Remote Access Controller) management interface for Dell servers Country : US Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/ad6984e5580ef3f07fbae9adf2551978d8161dc7083dcd448c2e9c31e35f4593/ Discovered: 2025-03-29 16:24:09.007725 Published: 2025-03-29 16:23:00.879679 Description : The ransomware attack targeted the iDRAC (Integrated Dell Remote Access Controller) management interface for Dell servers in the United States, with the notorious cybercriminal group Babuk2 being the identified actor behind the intrusion.…
Read More
Major Cyber Attacks Targeting Transportation & Logistics Industry
The transportation and logistics industry is increasingly targeted by cybercriminals as they exploit vulnerabilities to disrupt operations and steal sensitive data. Major incidents include ransomware attacks affecting ports and airports, along with data breaches that raise severe concerns about data security within the sector. Affected: transportation and logistics industry, public infrastructure, cybersecurity sector

Keypoints :

Transportation and logistics sector is a major target for cybercriminals due to valuable data.…
Read More
CHOCO TEI WATCHER mini Devices Found Vulnerable to Critical Remote Exploits, CISA Warns
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory regarding multiple critical vulnerabilities in the CHOCO TEI WATCHER mini manufactured by Inaba Denki Sangyo Co., Ltd. These vulnerabilities may allow attackers to exploit the device, compromising sensitive information and operational integrity in industrial environments.…
Read More
BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
Summary: Threat hunters infiltrated the infrastructure of the BlackLock ransomware group, revealing significant operational security flaws and exposing data linked to its activities. A critical vulnerability was identified in their Data Leak Site (DLS), allowing access to sensitive configuration files and command histories. This incident highlights the increasing complexity of ransomware operations and their interconnections in the underground economy.…
Read More

Victim: brune.com.br – Group MC (conglomerate) Country : BR Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/c5fc6f5c6ce071766c550bc58b3b4f4dcc2b9d1a35ef5672aa6f4e888bb12f92/ Discovered: 2025-03-29 02:49:11.993029 Published: 2025-03-29 02:48:06.355590 Description : Brune.com.br, a conglomerate under Group MC in Brazil, has recently fallen victim to a ransomware attack orchestrated by the Babuk2 group. This incident highlights the increasing threat of cyber crime faced by large corporations, as attackers seek to exploit vulnerabilities for financial gain.…
Read More

Summary: The video discusses the vulnerabilities associated with VH backups and how ransomware gangs exploit these weaknesses to compromise sensitive data, delete backups, or encrypt data. It emphasizes the importance of securing VH servers by disconnecting them from the domain and following best practices.

Keypoints:

The flaw in backups can lead to unauthorized code presence.…
Read More
CISA has reported on three malicious files acquired from an Ivanti Connect Secure device compromised through CVE-2025-0282. The files exhibit functionalities similar to known malware, including command and control capabilities and log tampering. RESURGE, the primary file, can modify files and create a web shell. Another file, a variant of SPAWNSLOTH, tampered with logs, while the third one included a shell script that extracts kernel images.…
Read More