FIREWALL Archives - Page 2 of 46 - Cybersecurity News Everyday

Microsoft Threat Intelligence has revealed that the Chinese espionage group Silk Typhoon is shifting tactics to exploit IT solutions and cloud applications for gaining access to organizations. Despite not directly targeting Microsoft services, they utilize unpatched applications for malicious activities once inside a victim’s network. The article emphasizes the need for awareness and suggests mitigation strategies to defend against this growing threat.…

Threat Research

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

March 18, 2025 Reliaquest

This report discusses the ongoing exploitation of older VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684, highlighting how attackers, including cybercriminal and state-sponsored groups, continue to target these flaws for credential theft and administrative control. The research indicates substantial growth in discussions around Fortinet VPN vulnerabilities on cybercriminal forums, illustrating their significance in the current threat landscape.…

Interesting Stuff

TryHackMe Ignite Room Walkthrough: Exploiting Fuel CMS 1.4.1 RCE

March 18, 2025March 18, 2025 Infosecwriteups

This article provides a detailed walkthrough of exploiting a Remote Code Execution vulnerability found in Fuel CMS 1.4.1 (CVE-2018–16763) through TryHackMe’s Ignite room. It covers the steps from enumeration to post-exploitation, emphasizing the importance of input validation and system patching for defense. Affected: Fuel CMS, web applications

Keypoints :

Exploit Remote Code Execution vulnerability in Fuel CMS 1.4.1.…

Threat Research

New XCSSET Malware Adds New Obfuscation and Persistence Techniques to Infect Xcode Projects | Microsoft Security Blog

March 18, 2025March 18, 2025 microsoft

A new variant of XCSSET malware has been discovered, which is specifically designed to infect macOS Xcode projects. This sophisticated malware utilizes advanced obfuscation, updated persistence techniques, and novel infection strategies to exfiltrate sensitive information, including digital wallet data. It operates in a stealthy manner, often remaining fileless, which complicates detection and removal efforts.…

Cyber Security News

‘Mora_001’ ransomware gang exploiting Fortinet bug spotlighted by CISA in January

March 17, 2025 CybersecurityNews

Summary: A new ransomware operation named Mora_001 is exploiting two vulnerabilities in Fortinet products linked to the LockBit group. The operation has led to the deployment of a ransomware strain called SuperBlack, which takes advantage of security weaknesses in Fortigate firewall appliances. Researchers warn that threat actors are targeting organizations that have not applied necessary patches to these vulnerabilities.…

Cyber Security News

THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More

March 17, 2025 CybersecurityNews

Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…

Threat Research

Credit Card Skimmer and Backdoor on WordPress E-commerce Site

March 16, 2025 Sucuri

The increasing sophistication of e-commerce malware has led to serious security threats for platforms such as WordPress WooCommerce. A recent case uncovered a coordinated attack involving a credit card skimmer, a hidden backdoor file manager, and a reconnaissance script, aimed at stealing customer data and maintaining long-term access.…

Cyber Security News

Ransomware gang creates tool to automate VPN brute-force attacks

March 15, 2025 BleepingComputer

Summary: The Black Basta ransomware operation has developed an automated brute-forcing tool named ‘BRUTED’ that targets edge networking devices such as firewalls and VPNs. This framework enhances their ransomware attacks by providing streamlined access to vulnerable endpoints, with reports of increased credential-stuffing attacks throughout 2024. The tool has been designed to evade detection while significantly increasing attack efficiency on various remote-access products.…

Cyber Security News

Why Most Microsegmentation Projects Fail—And How Andelyn Biosciences Got It Right

March 14, 2025 CybersecurityNews

Summary: Microsegmentation can be a crucial strategy for achieving Zero Trust security, but traditional approaches often fail due to complexity and operational disruptions. Andelyn Biosciences successfully implemented Elisity’s identity-based microsegmentation approach, allowing them to rapidly secure their networks without significant downtime or resource allocation. This case highlights the importance of visibility and policy simulation in modern segmentation efforts.…

Threat Research

SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware

March 14, 2025 TrendMicro

Trend Research’s analysis of SocGholish’s MaaS framework highlights its critical role in delivering RansomHub ransomware via compromised websites. Utilizing highly obfuscated JavaScript loaders, SocGholish evades detection and successfully executes malicious tasks. Notably, the framework propels initial access for ransomware attacks, mainly affecting government entities in the United States.…

Threat Research

Response to CISA Advisory (AA25-071A): #StopRansomware: Medusa Ransomware

March 14, 2025 AttackIQ

This article discusses a cybersecurity advisory released on March 12, 2025, by the FBI, CISA, and MS-ISAC regarding the Medusa ransomware, detailing its methods, impacts, and tactics used. Medusa is a Ransomware-as-a-Service operation that targets Windows environments and has affected over 300 victims. The advisory provides insights into its tactics, techniques, and procedures (TTPs) to help organizations bolster their security measures.…

Cyber Security News

New SuperBlack ransomware exploits Fortinet auth bypass flaws

March 14, 2025 BleepingComputer

Summary: A new ransomware group named ‘Mora_001’ is leveraging Fortinet vulnerabilities CVE-2024-55591 and CVE-2025-24472 to compromise firewall appliances and deploy their ransomware variant known as SuperBlack. This group utilizes a structured attack strategy, gaining high-level privileges and executing double extortion tactics. There are indications that SuperBlack is connected to LockBit operations through several shared methods and tools.…

Threat Research

Head Mare and Twelve join forces to attack Russian entities

March 14, 2025 SecureList

In September 2024, Russian companies faced a series of coordinated attacks linked to two hacktivist groups, Head Mare and Twelve. The investigation revealed a blend of new and familiar tactics, techniques, and procedures (TTPs) employed in these attacks, with indications of collaboration and tool-sharing between the groups.…

Interesting Stuff

Threat Intelligence: A Deep Dive into Cyber Kill Chains, Diamond Models, and the Zero-Day Crisis

March 13, 2025March 13, 2025 iocOne

The recent VMware zero-day vulnerability (CVE-2023–20867) has made numerous organizations—including cloud providers and financial institutions—vulnerable to serious attacks such as data theft and ransomware. This incident highlights the importance of cybersecurity frameworks like the Cyber Kill Chain and Diamond Model for developing effective defenses against increasingly sophisticated threats.…

Threat Research

The Invisible Battlefield Behind LLM Security Crisis – NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

March 13, 2025March 13, 2025 iocOne

This article discusses a series of data breaches involving large language models (LLMs) that occurred between January and February 2025. These incidents highlighted vulnerabilities in the deployment of LLMs across enterprises, resulting in extensive data leaks including API keys, user credentials, and sensitive information. The incidents serve as a wake-up call regarding “AI-driven risks” and underscore the need for improved security practices.…

Threat Research

Threat Intelligence Report : Cactus Ransomware

March 13, 2025March 13, 2025 iocOne

The Cactus Ransomware Group employs a sophisticated multi-stage attack method, featuring social engineering and exploits to compromise targeted systems. Their toolkit includes ransomware delivery, stealthy lateral movement, and custom command-and-control tactics. Though an encryption attempt was thwarted, the group demonstrated readiness to carry out a full attack cycle.…

Threat Research

Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims

March 13, 2025 Unit42

Unit 42 researchers have uncovered a widespread campaign distributing fraudulent cryptocurrency investment platforms through websites and mobile applications. The operation employs deceptive practices, impersonating well-known brands to lure victims, particularly in East Africa and Asia. By leveraging multi-level affiliate programs and unrealistic promises of high returns, the campaign closely resembles Ponzi schemes.…

Cyber Security News

Enhanced XCSSET Malware Targets MacOS Users with Advanced Obfuscation

March 13, 2025 Cyware

Summary: Microsoft Threat Intelligence has identified a new variant of XCSSET malware targeting macOS developers, featuring advanced obfuscation, updated persistence techniques, and new infection strategies. The malware exploits the collaborative nature of Xcode projects, employing a four-stage infection chain that makes it difficult to detect. Although currently observed in limited attacks, its capabilities pose a significant threat to developers and users of macOS systems.…

Threat Research

Analyzing OBSCURE#BAT: Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits

March 13, 2025 Securonix

The Securonix Threat Research team has uncovered a sophisticated malware campaign known as OBSCURE#BAT, which employs social engineering tactics and deceptive downloads to install a user-mode rootkit (r77 rootkit) that evades detection and maintains persistence on compromised systems. Attackers use fake captchas and legitimate-looking software downloads to trick users into executing obfuscated batch scripts that initiate a multi-stage infection process.…

Threat Research

#StopRansomware: Medusa Ransomware

March 13, 2025 CISA

This advisory details the tactics, techniques, and procedures (TTPs) associated with the Medusa ransomware variant. Medusa, operating as a ransomware-as-a-service (RaaS), has affected over 300 victims across various critical infrastructure sectors since its inception in June 2021. The advisory provides insights into initial access methods, lateral movement tactics, and a double extortion model employed by Medusa actors.…

Tag: FIREWALL