Tag: MONITOR

Medical billing firm Medusind discloses breach affecting 360,000 people
Summary: Medusind, a healthcare billing provider, has reported a data breach affecting over 360,000 individuals, exposing sensitive personal and health information. The breach was detected in December 2023, and the company is offering affected individuals two years of free identity monitoring services.

Threat Actor: Cybercriminals | cybercriminals Victim: Medusind | Medusind

Key Point :

The breach exposed personal and health information, including health insurance details, payment information, and government IDs.…
Read More
How initial access brokers (IABs) sell your users’ credentials
Summary: Initial Access Brokers (IABs) are cybercriminals who infiltrate corporate networks and sell stolen access to other attackers, functioning like high-tech locksmiths. Their operations have become increasingly efficient, posing significant risks to organizations through compromised credentials.

Threat Actor: Initial Access Brokers (IABs) | Initial Access Brokers Victim: Various organizations | Amazon Web Services, Geico, ADT

Key Point :

IABs operate like legitimate businesses, offering tiered pricing and customer support for stolen access.…
Read More
Turla Cyber Campaign Targeting Pakistan’s Critical Infrastructure – SOCRadar® Cyber Intelligence Inc.
The Turla group, a state-sponsored cyber threat actor, has launched a sophisticated campaign targeting Pakistan’s critical infrastructure, including energy, telecommunications, and government networks. Using advanced techniques like phishing and malware, Turla exploits vulnerabilities to gain access and maintain persistence. This campaign highlights the importance of robust cybersecurity measures to combat complex cyber threats.…
Read More
Sharing of Telegram User Data Surged After CEO Arrest
Summary: Telegram’s policy on sharing user data with law enforcement has shifted dramatically following the arrest of its CEO, Pavel Durov, leading to increased cooperation in cases beyond terrorism. This change raises concerns about the potential migration of cybercriminals to more privacy-focused platforms.

Threat Actor: Cybercriminals | cybercriminals Victim: Telegram users | Telegram users

Key Point :

Telegram previously shared user data only in terrorism cases, but now cooperates in fraud and cybercrime cases.…
Read More
Consumer products to get ‘Cyber Trust’ marks in 2025, White House says
Summary: The U.S. Cyber Trust Mark will soon be introduced on consumer smart devices, providing a way for consumers to identify products that meet federal cybersecurity standards. This initiative aims to enhance consumer confidence in the security of connected devices amid rising cyber threats.

Threat Actor: Cyber attackers | cyber attackers Victim: American consumers | American consumers

Key Point :

The Cyber Trust Mark program allows manufacturers to undergo cybersecurity audits for their smart products.…
Read More
Data Breach Affects Kladovaya Zdorovya LLC in Russia
Threat Actor: Unknown | Unknown Victim: Kladovaya Zdorovya LLC | Kladovaya Zdorovya LLC Price: Not disclosed Exfiltrated Data Type: Sensitive customer details

Key Points :

Data breach reported involving Kladovaya Zdorovya LLC, a healthcare company. Leaked data includes sensitive customer information, raising privacy concerns. Implications for trust and security in the healthcare sector.…
Read More
CISA: Third-Party Data Breach Limited to Treasury Dept.
Summary: The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed a third-party breach affecting only the US Treasury Department, attributed to Chinese threat actors. The breach involved exploiting a vulnerability in BeyondTrust’s software, allowing unauthorized access to sensitive systems and data.

Threat Actor: Chinese threat actors | Chinese threat actors Victim: US Treasury Department | US Treasury Department

Key Point :

CISA confirmed that the breach was limited to the Treasury Department and no other federal agencies were impacted.…
Read More
Tracking Deployment of Russian Surveillance Technologies in Central Asia and Latin America
This article discusses the proliferation of Russia’s System for Operative Investigative Activities (SORM) in Central Asia and Latin America, revealing the export activities of major SORM providers and the associated risks of government surveillance. It highlights the misuse of surveillance technologies by governments and offers mitigation strategies for companies operating in these regions.…
Read More
Summary: Recent research has uncovered significant vulnerabilities in Argo Workflows, an open-source tool for Kubernetes, primarily due to misconfigurations that can lead to severe security breaches. These flaws allow attackers to gain unauthorized access and escalate privileges within Kubernetes clusters.

Threat Actor: Cybercriminals | cybercriminals Victim: Organizations using Argo Workflows | organizations using Argo Workflows

Key Point :

Default Unauthenticated Access: Many instances lack authentication, allowing unrestricted access to workflows.…
Read More
The Overlooked Risks of Open-Source Software in Industrial Security |
Summary: Open-source software (OSS) is increasingly adopted in industrial environments for its cost-efficiency and flexibility, but it poses significant security risks if not properly managed. Organizations must navigate these vulnerabilities to leverage OSS effectively while safeguarding critical infrastructure.

Threat Actor: Malicious actors | malicious actors Victim: Industrial organizations | industrial organizations

Key Point :

OSS is attractive for its cost-saving and customization capabilities but can introduce security vulnerabilities.…
Read More
Green Bay Packers’ online store hacked to steal credit cards
Summary: The Green Bay Packers have reported a security breach involving their online retail store, where a threat actor injected a card skimmer script to steal customers’ personal and payment information. The team has since disabled payment capabilities and initiated an investigation into the incident.

Threat Actor: Unknown | unknown Victim: Green Bay Packers | Green Bay Packers

Key Point :

The breach occurred between late September and October 2024, affecting customers who used specific payment options.…
Read More
The cyber threat landscape in 2025 is expected to be influenced by technological advancements, evolving cybercriminal tactics, and geopolitical tensions. Organizations need to enhance their cybersecurity measures to address these emerging challenges effectively. Affected Platform: Cybersecurity, Operational Technology, AI, IoT, Supply Chain

Keypoints :

The cyber threat landscape is becoming increasingly sophisticated and hazardous.…
Read More
CISA: No Federal Agency Beyond Treasury Impacted by BeyondTrust Incident
Summary: The US cybersecurity agency CISA reported that the recent cybersecurity incident involving a BeyondTrust service primarily affected the Department of the Treasury, with no other federal agencies impacted. The attack, attributed to Chinese state-sponsored hackers, exploited a compromised API key, leading to unauthorized access to Treasury workstations and documents.…
Read More

Cyberhaven faced a significant data breach involving a malicious browser extension that targeted customer accounts for information theft. The incident underscores the vulnerabilities associated with browser extensions and the need for improved extension management practices. Affected Platform: Chrome Web Store

Keypoints :

Cyberhaven’s breach was due to the compromise of a Chrome Web Store administrative account.…
Read More
Vulnerable Moxa Devices Expose Industrial Networks to Attacks
Moxa has issued a warning about high-severity and critical vulnerabilities in its cellular routers and network security appliances, allowing remote attackers to gain root privileges and execute arbitrary commands. Immediate firmware updates are recommended to mitigate these risks. Affected Platform: Moxa cellular routers, secure routers, network security appliances

Keypoints :

Moxa warns of two critical vulnerabilities affecting its devices.…
Read More

Kairos is a low-profile cyber extortion group active since late 2024, focusing on data theft and extortion rather than ransomware. They have targeted 14 victims, primarily in the U.S., and employ Initial Access Brokers to streamline their attacks. Their tactics include data exfiltration and threats of public exposure to pressure victims into paying ransoms.…
Read More