Tag: MONITOR

Tails 6.11 Fixes Exploitable Vulnerabilities with Critical Security Patches
Summary: The Amnesic Incognito Live System (Tails) has released version 6.11 to address critical security vulnerabilities identified during an external audit. These vulnerabilities, while requiring prior exploitation, could have led to significant privacy breaches, prompting the Tails team to recommend an immediate upgrade for users.

Threat Actor: Unknown | unknown Victim: Tails Users | Tails Users

Key Point :

Critical vulnerabilities in Tails 6.10 and earlier versions could allow persistent malware installation via Tails Upgrader.…
Read More
The Feed 2025-01-10

“`html

Check Point Research has identified a new version of the Banshee macOS stealer malware, which has been evading detection since September 2024. The malware targets macOS users, stealing sensitive information and utilizing an encryption algorithm similar to Apple’s XProtect. Despite the shutdown of its original operations after a code leak, Banshee continues to be distributed through phishing websites and malicious GitHub repositories.…
Read More
The State of Magecart: A Persistent Threat to E-Commerce Security
Magecart attacks continue to pose a significant threat to e-commerce websites, particularly during the holiday season. Cybercriminals exploit vulnerabilities in platforms like Magento to steal sensitive cardholder information. Recent attacks have utilized known vulnerabilities to inject skimmer codes, capturing user data during checkout processes. Mitigation strategies include patching vulnerabilities, implementing Content Security Policies, and monitoring for unauthorized script activity.…
Read More
Chinese spies targeting new Ivanti vulnerability, Mandiant says
Summary: A newly discovered vulnerability in Ivanti’s Connect Secure VPN is being exploited by China-based espionage threat actors, prompting urgent action from U.S. cybersecurity agencies. Mandiant’s analysis highlights the ongoing risks and the potential for widespread exploitation of this vulnerability.

Threat Actor: UNC5221 | UNC5221 Victim: Ivanti | Ivanti

Key Point :

Mandiant identified exploitation of CVE-2025-0282 by Chinese hackers, linked to previous attacks on Ivanti products.…
Read More
Microsoft fixes OneDrive bug causing macOS app freezes
Summary: Microsoft has resolved an issue causing macOS applications to freeze when opening or saving files in OneDrive, specifically affecting macOS 15 Sequoia. Users are advised to update to macOS 15.2 or follow a temporary workaround until they can upgrade.

Threat Actor: Microsoft | Microsoft Victim: macOS users | macOS users

Key Point :

Issue affects macOS 15 Sequoia users when opening or saving files in OneDrive.…
Read More
MirrorFace hackers targeting Japanese govt, politicians since 2019
Summary: A cyber-espionage campaign linked to the Chinese state-backed hacking group “MirrorFace” has been targeting Japan since 2019, aiming to steal advanced technology and national security intelligence. The campaign has evolved through distinct phases, employing various attack methods and malware to infiltrate government and technology sectors.…
Read More
Xanthops.com Database Report Leaked
Threat Actor: Unknown | unknown Victim: Xanthops.com | Xanthops.com Price: Not specified Exfiltrated Data Type: User data (names, email addresses, encrypted passwords, transaction details)

Key Points :

A significant data breach has exposed the full database of Xanthops.com. Compromised information includes sensitive user data such as names, email addresses, and encrypted passwords.…
Read More
New Zealand: Unauthorized Access to Two Companies Reported
Threat Actor: Unknown | unknown Victim: Two Companies in New Zealand | two companies in New Zealand Price: Not disclosed Exfiltrated Data Type: Sensitive corporate data

Key Points :

Unauthorized access to the systems of two companies based in New Zealand has been reported. The breach includes access to sensitive corporate data, raising concerns about cybersecurity vulnerabilities.…
Read More
OpenSSH Under Siege: PoC Exploit Released for Infamous “regreSSHion” Bug
Summary: The OpenSSH “regreSSHion” vulnerability (CVE-2024-6387) poses a significant threat to Linux systems, allowing attackers to exploit weaknesses in SSH session handling for unauthorized access and code execution. Immediate action is required from security administrators to patch systems and enhance security measures against potential exploits.

Threat Actor: Unknown | unknown Victim: Linux Systems | Linux Systems

Key Point :

The vulnerability affects OpenSSH versions 8.5p1 through 9.8p1 on glibc-based Linux systems.…
Read More
Black Basta’s Tactical Evolution: Deploying Zbot, DarkGate, and Bespoke Malware – SOCRadar® Cyber Intelligence Inc.
Black Basta is a sophisticated ransomware group that employs advanced social engineering and malware tactics to breach organizational defenses. Their recent operations involve phishing, impersonation, and exploitation of remote access tools, impacting various sectors globally. Affected: healthcare, finance, manufacturing, energy, national security

Keypoints :

Black Basta utilizes phishing emails to create a smokescreen for attacks.…
Read More
Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
Summary: Ivanti has reported a critical security vulnerability (CVE-2025-0282) affecting its products, which is currently being actively exploited, allowing unauthenticated remote code execution. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging immediate patching.

Threat Actor: UNC5337 | UNC5337 Victim: Ivanti | Ivanti

Key Point :

CVE-2025-0282 is a stack-based buffer overflow with a CVSS score of 9.0, affecting multiple Ivanti products.…
Read More
Hijacking Azure Machine Learning Notebooks (via Storage Accounts)
The article discusses vulnerabilities in the Azure Machine Learning (AML) service, particularly focusing on excessive Storage Account permissions that allow code execution in user-created Jupyter notebooks. It highlights a previously remediated privilege escalation vulnerability and introduces a tool for dumping stored credentials from AML workspaces. Affected: Azure Machine Learning

Keypoints :

The Azure Machine Learning (AML) service is used for data processing and integrates with other Azure services.…
Read More
Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims’ Wallets
Socket’s threat research team has identified malicious npm packages that exfiltrate Solana private keys via Gmail. These packages, which typosquat popular libraries, serve as malware that drains victims’ wallets. The threat actors utilize overlapping tactics and Gmail’s SMTP servers for data exfiltration, making detection difficult. The malicious packages remain live on npm, prompting efforts for their removal.…
Read More
Ivanti Warns of New Zero-Day Attacks Hitting Connect Secure Product
Summary: Ivanti has disclosed two critical vulnerabilities in its enterprise products, with one already being exploited in the wild. The vulnerabilities, CVE-2025-0282 and CVE-2025-0283, allow remote code execution and privilege escalation attacks, respectively.

Threat Actor: Unspecified | Unspecified Victim: Ivanti | Ivanti

Key Point :

Two vulnerabilities, CVE-2025-0282 (critical) and CVE-2025-0283 (high), have been identified in Ivanti’s products.…
Read More
Medical billing firm Medusind discloses breach affecting 360,000 people
Summary: Medusind, a healthcare billing provider, has reported a data breach affecting over 360,000 individuals, exposing sensitive personal and health information. The breach was detected in December 2023, and the company is offering affected individuals two years of free identity monitoring services.

Threat Actor: Cybercriminals | cybercriminals Victim: Medusind | Medusind

Key Point :

The breach exposed personal and health information, including health insurance details, payment information, and government IDs.…
Read More
How initial access brokers (IABs) sell your users’ credentials
Summary: Initial Access Brokers (IABs) are cybercriminals who infiltrate corporate networks and sell stolen access to other attackers, functioning like high-tech locksmiths. Their operations have become increasingly efficient, posing significant risks to organizations through compromised credentials.

Threat Actor: Initial Access Brokers (IABs) | Initial Access Brokers Victim: Various organizations | Amazon Web Services, Geico, ADT

Key Point :

IABs operate like legitimate businesses, offering tiered pricing and customer support for stolen access.…
Read More
Turla Cyber Campaign Targeting Pakistan’s Critical Infrastructure – SOCRadar® Cyber Intelligence Inc.
The Turla group, a state-sponsored cyber threat actor, has launched a sophisticated campaign targeting Pakistan’s critical infrastructure, including energy, telecommunications, and government networks. Using advanced techniques like phishing and malware, Turla exploits vulnerabilities to gain access and maintain persistence. This campaign highlights the importance of robust cybersecurity measures to combat complex cyber threats.…
Read More