Tag: LEARN

Russian espionage and financial theft campaigns have ramped up, Ukraine cyber agency says
Summary: Ukrainian cyber agencies report a rise in sophisticated cyberattacks primarily attributed to three Russia-linked hacker groups targeting government and critical services. The attacks have focused on espionage, financial theft, and psychological warfare, with the most active group being UAC-0010, also known as Gamaredon. Over the past year, Ukraine’s cybersecurity incident response center has addressed over 1,000 incidents, indicating a significant threat to national security.…
Read More
Kimsuky Hacking Group’s Malware Attack on the Korean Defense Industry Association – Defense Industry Digital Innovation Seminar (Planned) (2025.1.12)
This article discusses the malicious activities of the North Korean hacking group Kimsuky, which targets the Korea Association of Defense Industry Studies. The group is known for its various espionage missions, including the distribution of malware disguised as a seminar invitation. The malware is delivered via email and executes harmful scripts upon opening an attached document.…
Read More
VMware ESXi Logging and Detection Opportunities
This article discusses the unique challenges faced by Detection Engineers in securing ESXi environments, which often lack adequate security controls. It highlights the importance of effective log sources, common adversary techniques, and provides a Python-based CLI tool for automating detection tasks. Affected: ESXi

Keypoints :

ESXi environments are often considered legacy and may lack effective maintenance and security controls.…
Read More
US issues final rule barring Chinese, Russian connected car tech
Summary: The U.S. Commerce Department has announced a new rule prohibiting the import of certain vehicle connectivity technologies from China and Russia, citing national security concerns. This regulation aims to prevent foreign adversaries from accessing sensitive data and potentially manipulating connected vehicles.

Threat Actor: Chinese and Russian state-sponsored cyber actors | Volt Typhoon Victim: U.S.…

Read More
Hegseth says debate over Cyber Command, NSA leadership would reach ‘conclusion’
Summary: President-elect Donald Trump’s nominee for Defense Secretary, Pete Hesgeth, aims to resolve the ongoing debate regarding the dual-hat leadership of U.S. Cyber Command and the NSA. He acknowledges the complexities of this relationship and emphasizes the need for effective cybersecurity measures against foreign threats.

Threat Actor: Salt Typhoon, Volt Typhoon | Salt Typhoon, Volt Typhoon Victim: U.S.…

Read More
Tennessee-based mortgage lender confirms December cyberattack
Summary: Mortgage Investors Group (MIG), a major mortgage lender in the Southeast U.S., experienced a cybersecurity incident that exposed sensitive customer information. The attack, attributed to the Black Basta ransomware gang, has raised concerns about the security of financial institutions in the housing industry.

Threat Actor: Black Basta | Black Basta Victim: Mortgage Investors Group | Mortgage Investors Group

Key Point :

Unauthorized access to MIG’s computer environment led to the exposure of sensitive personal information.…
Read More
New Startups Focus on Deepfakes, Data-in-Motion & Model Security
Summary: In 2024, early growth startups faced challenges in securing capital, yet there was a surge in investments focused on data and AI security, particularly addressing deepfakes and disinformation. The landscape saw significant developments in monitoring technologies and data leakage concerns, prompting a shift in how organizations approach cybersecurity.…
Read More

Victim: Geb,äudereinigungsakademie Country : AT Actor: 8base Source: http://xfycpauc22t5jsmfjcaz2oydrrrfy75zuk6chr32664bsscq4fgyaaqd.onion/company/7890512 Discovered: 2025-01-14 12:14:03.637547 Published: 2025-01-14 12:12:55.637728 Description : Geb,äudereinigungsakademie Gebäudereinigungs akademie in Austria offers professional training in building cleaning, home maintenance and pest control. The center is equipped with modern equipment and offers certified courses that meet international standards.…
Read More
Russia’s largest platform for state procurement hit by cyberattack from pro-Ukraine group
Summary: Roseltorg, Russia’s primary electronic trading platform for government and corporate procurement, confirmed it was targeted by a cyberattack, initially misrepresented as maintenance. The pro-Ukraine hacker group Yellow Drift claimed responsibility, alleging they deleted 550 terabytes of data from the platform.

Threat Actor: Yellow Drift | Yellow Drift Victim: Roseltorg | Roseltorg

Key Point :

Roseltorg initially reported service outages due to maintenance before revealing a cyberattack.…
Read More
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
Summary: The increasing prevalence of SaaS applications introduces significant identity, data security, and third-party risks, which are exacerbated by SaaS sprawl. Organizations must prioritize securing their SaaS attack surface in 2025 to mitigate these vulnerabilities effectively.

Threat Actor: Cybercriminals | cybercriminals Victim: Organizations using SaaS | organizations using SaaS

Key Point :

Modern work heavily relies on SaaS, leading to rapid account creation and an expanded attack surface.…
Read More

➡️ 𝐏𝐫𝐞-𝐫𝐞𝐪𝐮𝐢𝐬𝐢𝐭𝐞𝐬⭐ Introduction to Malware Analysis https://github.com/0xrajneesh/Malware-Analysis-Projects-for-Beginners/blob/main/Introduction-to-Malware-Analysis.md⭐ Malware Analyst Guide 2024 https://youtu.be/tUsx0I0TK54➡️ 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐏𝐫𝐨𝐣𝐞𝐜𝐭𝐬⭐ Static Analysis of a Simple Malware Sample https://github.com/0xrajneesh/Malware-Analysis-Projects-for-Beginners/blob/main/Project Static Analysis of a Simple Malware Sample.md⭐ Analyzing FTP Log Files Using Splunk SIEM https://github.com/0xrajneesh/Splunk-Projects-For-Beginners/blob/main/project%232-analyzing-ftp-logs-using-splunk-siem.md⭐ Analyzing HTTP Log Files Using Splunk SIEM https://github.com/0xrajneesh/Splunk-Projects-For-Beginners/blob/main/project%233-analyzing-http-logs-using-splunk-siem.md⭐…

Read More
CISA Releases the Cybersecurity Performance Goals Adoption Report
Summary: CISA has released a report detailing the benefits of adopting Cybersecurity Performance Goals (CPGs) for critical infrastructure sectors. The report analyzes data from 7,791 organizations and highlights the sectors most impacted by CPG adoption.

Threat Actor: N/A | CISA Victim: N/A | critical infrastructure sectors

Key Point :

CISA’s CPGs are voluntary practices aimed at enhancing cybersecurity for critical infrastructure.…
Read More
Deep Dive Into a Linux Rootkit Malware
This article discusses a critical zero-day exploit affecting CentOS Linux, where attackers gain full remote control of compromised systems through a rootkit and malicious scripts. The analysis details the techniques used by the attackers to hijack network traffic and execute commands. Affected: CentOS Linux

Keypoints :

Critical vulnerability allows full remote control of CentOS systems.…
Read More