Tag: FIREWALL

Make your own Pentest Lab, — Part 1 (The Creation)
The article describes a pentesting project conducted at the Rochester Institute of Technology, involving the creation of a penetration testing lab. The project is structured into three phases: setting up a vulnerable environment, implementing monitoring tools, and conducting attacks while documenting the findings. Aimed at beginners to intermediate ethical hackers, it highlights specific vulnerabilities, tools used for exploiting them, and mitigation strategies.…
Read More
Unmasking the new persistent attacks on Japan
Cisco Talos discovered a malicious campaign attributed to an unknown attacker targeting organizations in Japan since January 2025, primarily exploiting the CVE-2024-4577 vulnerability to gain initial access and deploy advanced adversarial tools via Cobalt Strike. The attacker’s activities entail credential theft, system compromise, and potential lateral movement which could impact various industries.…
Read More
Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems
This article discusses the malicious exploitation of Traffic Distribution Systems (TDS) by threat actors to redirect victims and mask their attack infrastructure. It examines the characteristics differentiating malicious TDS from benign ones, such as longer redirection chains and greater connectivity among URLs. Moreover, it outlines a machine learning-based detection system developed to identify malicious TDS infrastructures.…
Read More
China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain
Summary: Microsoft has revealed a concerning shift in tactics by the Chinese espionage group Silk Typhoon, which is now focusing on the global IT supply chain instead of high-profile cloud services. The group is employing stolen API keys and compromised credentials to infiltrate IT services and managed service providers, allowing them to conduct reconnaissance and data exfiltration.…
Read More
Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
In this blog entry, we explore the tactics employed by the Black Basta and Cactus ransomware groups to compromise systems and exfiltrate sensitive information. They leveraged social engineering, remote access tools, and the BackConnect malware to establish persistent control over infected machines. Mitigating damages, businesses must adopt enhanced security protocols.…
Read More
Turkey’s Attacking APT Groups and Attack Analyses
This study offers a comprehensive examination of Advanced Persistent Threats (APTs), focusing on their dynamics, techniques employed, and preventive measures. The article discusses the identification of APTs, the reasons behind attacks on Turkey, and their geopolitical and economic impacts. Furthermore, it explains the concept of Tactics, Techniques, and Procedures (TTP), their subdivision into sub-techniques, and details effective strategies to mitigate APT attacks.…
Read More
Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools
Cisco Talos has identified multiple cyber espionage campaigns linked to the Lotus Blossom group, targeting sectors including government, manufacturing, telecommunications, and media. Utilizing Sagerunex and other tools, these attacks showcase advanced tactics for persistence and evasion, underscoring the group’s long-standing operations since 2012. Affected: government, manufacturing, telecommunications, media

Keypoints :

Multiple cyber espionage campaigns identified by Cisco Talos attributed to the Lotus Blossom group.…
Read More
Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations
This article details a malicious actor identified as CL-STA-0049, connected to a suspected Chinese threat group targeting governments and critical sectors in Southeast Asia and South America since March 2023. The group employs sophisticated tactics, including a backdoor known as Squidoor, to steal sensitive information and maintain covert communication channels.…
Read More
Fake WordPress Plugin Impacts SEO by Injecting Casino Spam
This article discusses the tactic of attackers using fake WordPress plugins to inject malware, particularly casino spam, into websites. By disguising malicious plugins as innocuous, attackers evade detection and compromise site integrity. The narrative follows an investigation into a client’s compromised site, examining the methods of detection and removal of the fake plugin, emphasizing the importance of website security.…
Read More
Play Ransomware: Exposing One of 2024’s Greediest Cyber Extortionists
Play ransomware, also known as PlayCrypt, is a cybercrime organization that has surfaced since 2022, targeting organizations globally through sophisticated double-extortion tactics. They encrypt systems after exfiltrating sensitive data, demanding communication via email without revealing ransom amounts. The group has stricken over 300 entities across multiple sectors such as telecommunications, healthcare, and government.…
Read More
Unmasking Advanced Persistent Threats: How Threat Actors Stay Hidden and What We Can Do About It
Advanced Persistent Threats (APTs) represent a growing danger in the cyber landscape, characterized by sophisticated techniques aimed at infiltrating networks for espionage or theft. Their highly stealthy operations often go undetected for extended periods, posing significant challenges for security measures. Key insights from a recent study illuminate their methodologies and defensive strategies for safeguarding against these threats.…
Read More
The Ultimate Black Basta Chat Leak Part 2 – Veeam & Confluence
This article analyzes the tactics, techniques, and procedures (TTPs) of the LockBit and Black Basta ransomware groups, specifically focusing on their exploitation of Confluence software. Their similarities and differences are explored, along with methods for detection and incident response. Tools used for attacks, the attack flow, and risks involved are highlighted, along with suggestions for monitoring and protection strategies.…
Read More
PolarEdge: Unveiling an uncovered ORB network
The article discusses the PolarEdge botnet, which exploits the CVE-2023-20118 vulnerability in various Cisco Small Business Routers and causes compromised devices to launch coordinated attacks. The botnet has infected over 2,000 assets globally using sophisticated methods including web shells and a TLS backdoor. The research emphasizes the need for monitoring edge devices due to their vulnerability and operational importance to threat actors.…
Read More
Everest Forms Plugin Exposes Over 100,000 WordPress Sites to Complete Takeover
Summary: A critical security vulnerability, CVE-2025-1128, has been identified in the Everest Forms WordPress plugin that affects over 100,000 websites, allowing unauthenticated attackers to upload files, execute remote code, and potentially delete essential configuration files. The plugin, used widely for forms and surveys, suffers from inadequate file validation, increasing the risk of complete site compromise.…
Read More