Tag: HUNTING

Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine | Microsoft Security Blog
Microsoft Threat Intelligence has reported on the Russian nation-state actor Secret Blizzard, which has been using co-opted tools and infrastructure from other threat actors to conduct espionage activities against targets in Ukraine. The campaigns have involved the deployment of custom malware, including the Tavdig and KazuarV2 backdoors, often facilitated through cybercriminal tools like Amadey bot malware.…
Read More
Dark Web Profile: OilRig (APT34)
OilRig, also known as APT34, is a state-sponsored APT group linked to Iranian intelligence, primarily targeting sectors like government, energy, finance, and telecommunications. Their sophisticated cyber-espionage tactics include spear-phishing and custom malware, making them a persistent threat across the Middle East and beyond. Affected: government, energy, financial, telecommunications sectors

Keypoints :

OilRig is a state-sponsored APT group associated with Iranian intelligence.…
Read More
FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
Summary: The US government has disclosed details of two exploit chains used by Chinese hackers to infiltrate Ivanti Cloud Service Appliances (CSA), highlighting significant vulnerabilities. Four critical security flaws have been identified, which are actively exploited by these threat actors. The advisory emphasizes the importance of monitoring and securing affected systems to prevent further intrusions.…
Read More
Automating Threat Data Retrieval: How ThreatConnect, Polarity, and the TQL Generator are Changing the Game | ThreatConnect
This article discusses the challenges faced by CTI Analysts in investigating phishing campaigns and how tools like ThreatConnect, Polarity, and the TQL Generator can streamline workflows by automating data retrieval, enriching threat intelligence, and improving real-time collaboration. Affected: organizations, cybersecurity analysts

Keypoints :

CTI Analysts often struggle with slow manual processes when investigating threats.…
Read More
Book Review: Infected – A Candid Look at VirusTotal’s Birth and Legacy
Summary: Bernardo Quintero’s book, “Infected: From Side Project to Google – The Journey behind VirusTotal,” chronicles his journey from a young computer enthusiast in Spain to the founder of VirusTotal, a pivotal tool in cybersecurity. The narrative blends personal anecdotes with insights into the evolution of malware detection and the eventual acquisition by Google.…
Read More
CVE-2025-21298 Detection: Critical Zero-Click OLE Vulnerability in Microsoft Outlook Results in Remote Code Execution
The article discusses the critical Microsoft Outlook vulnerability CVE-2025-21298, which allows remote code execution (RCE) through specially crafted emails. This zero-click flaw has a CVSS score of 9.8 and poses significant risks to email security. Immediate action is recommended, including applying patches and utilizing detection tools.…
Read More

Summary: The video discusses the top six cybersecurity projects for beginners to enhance their resumes and improve their chances of getting hired in 2025. Each project aims to provide hands-on experience and build technical skills essential for cybersecurity roles.

Keypoints:

Project 1: Securing Azure Active Directory – Learn to manage identities and access in cloud and hybrid environments, including user/group management and Azure AD domain services.…
Read More
Criminal IP Teams Up with OnTheHub for Digital Education Cybersecurity
Summary: AI SPERA has partnered with OnTheHub to offer its Criminal IP cybersecurity solution to students and educational institutions at affordable prices. This initiative aims to enhance cybersecurity awareness and protection in the education sector, providing globally compliant solutions. The partnership will facilitate access to high-quality threat intelligence data for academic purposes, thereby reinforcing the cybersecurity infrastructure in educational organizations worldwide.…
Read More
TA505 is a financially motivated cybercriminal group known for large-scale malware distribution and sophisticated phishing campaigns. Active since 2015, they utilize advanced social engineering tactics and target various sectors, including finance and healthcare. The article discusses threat hunting techniques in Azure/XDR to detect TA505 activities. Affected: finance, retail, healthcare, critical infrastructure

Keypoints :

TA505 is also known as GOLD TAHOE or FIN11.…
Read More

Summary: The video discusses the common challenges faced by bug bounty hunters, particularly the issue of reporting duplicates. It emphasizes the importance of developing deep technical knowledge and understanding specific vulnerabilities rather than relying on generic tools and techniques. The speaker encourages viewers to commit to becoming experts in their chosen areas of web security, as this knowledge will set them apart in the competitive field of bug hunting.…
Read More
Mercedes-Benz Head Unit security research report
This report details the vulnerabilities discovered in the Mercedes-Benz User Experience (MBUX) infotainment system, particularly focusing on the first generation of MBUX subsystems. The research highlights the importance of diagnostic software, the architecture of MBUX, and the various attack vectors identified during testing. Affected: Mercedes-Benz MBUX

Keypoints :

Research focused on the first generation of MBUX infotainment system.…
Read More
New Star Blizzard spear-phishing campaign targets WhatsApp accounts | Microsoft Security Blog
In mid-November 2024, Microsoft Threat Intelligence reported a shift in tactics by the Russian threat actor Star Blizzard, who began targeting WhatsApp accounts through spear-phishing campaigns. This new approach involves impersonating US government officials to lure victims into malicious links that compromise their WhatsApp data. The campaign highlights the actor’s resilience and adaptability in the face of operational disruptions.…
Read More
Gootloader inside out
The Gootloader malware employs sophisticated social engineering tactics to infect users through compromised WordPress sites. It manipulates search engine results to direct victims to these sites, where they encounter fake message boards that link to the malware. The infection process is complex and heavily obfuscated, making it difficult for even site owners to detect.…
Read More
Ransomware sanctions, software security among key points in new Biden executive order
Summary: President Joe Biden’s executive order focuses on enhancing federal cybersecurity, addressing cybercrime, and securing commercial software. It aims to make it more difficult and costly for foreign adversaries and ransomware criminals to execute cyberattacks against the U.S. The order outlines nine key initiatives to strengthen America’s digital infrastructure and improve the security of both government and private sector systems.…
Read More
Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service
In December 2024, a new Adversary-in-the-Middle (AiTM) phishing kit known as Sneaky 2FA was identified, targeting Microsoft 365 accounts. This phishing kit, sold as Phishing-as-a-Service (PhaaS) by the cybercrime service “Sneaky Log”, utilizes sophisticated techniques including autograb functionality and anti-bot measures. The analysis reveals its operational methods, including the use of Telegram for distribution and support.…
Read More