Tag: MONITOR

Vulnerable Moxa Devices Expose Industrial Networks to Attacks
Moxa has issued a warning about high-severity and critical vulnerabilities in its cellular routers and network security appliances, allowing remote attackers to gain root privileges and execute arbitrary commands. Immediate firmware updates are recommended to mitigate these risks. Affected Platform: Moxa cellular routers, secure routers, network security appliances

Keypoints :

Moxa warns of two critical vulnerabilities affecting its devices.…
Read More

Kairos is a low-profile cyber extortion group active since late 2024, focusing on data theft and extortion rather than ransomware. They have targeted 14 victims, primarily in the U.S., and employ Initial Access Brokers to streamline their attacks. Their tactics include data exfiltration and threats of public exposure to pressure victims into paying ransoms.…
Read More
CISA: Treasury was only federal agency impacted by recent China breach
Summary: A recent breach by state-backed Chinese hackers primarily affected the U.S. Treasury Department, which was targeted for its sensitive information regarding potential sanctions. The Cybersecurity and Infrastructure Security Agency (CISA) is collaborating with the Treasury and BeyondTrust to address the incident’s implications.

Threat Actor: Chinese state-backed hackers | Chinese state-backed hackers Victim: U.S.…

Read More
PEAKLIGHT: Illuminating the Shadows
PEAKLIGHT is a sophisticated PowerShell-based downloader identified by Mandiant that delivers malware-as-a-service infostealers through obfuscated scripts and various payloads. The initial infection vector involves Microsoft Shortcut Files (LNK) that execute PowerShell scripts to download malicious binaries. The campaign utilizes techniques like obfuscation and memory-only execution to evade detection.…
Read More

Summary: A new Android spyware called “FireScam” masquerades as a fake Telegram Premium app to steal sensitive data from victims’ devices. This campaign highlights the evolving tactics of threat actors who exploit legitimate applications and services to distribute malware.

Threat Actor: Unknown | FireScam Victim: Individuals and organizations | Android users

Key Point :

FireScam uses a phishing site to deliver a malicious version of Telegram Premium.…
Read More

Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed that a recent breach of the Treasury Department by Chinese state-sponsored hackers did not affect other federal agencies. The breach involved a compromised BeyondTrust instance, targeting specific offices to gather intelligence on potential sanctions.

Threat Actor: Chinese state-sponsored hackers | Chinese state-sponsored hackers Victim: U.S.…

Read More

Summary: Moxa has issued a warning regarding high-severity and critical vulnerabilities affecting its cellular routers and network security appliances, allowing remote attackers to gain root privileges and execute arbitrary commands. Immediate action is recommended to mitigate risks associated with these vulnerabilities.

Threat Actor: Remote attackers | remote attackers Victim: Moxa device users | Moxa device users

Key Point :

Two vulnerabilities identified: CVE-2024-9138 (high severity) and CVE-2024-9140 (critical severity).…
Read More

Victim: Maverick Constructors Country : US Actor: akira Source: Discovered: 2025-01-06 17:02:02.058061 Published: 2025-01-06 17:02:01.319426

Description : MAVERICK CONSTRUCTORS, LLC is a construction company based out of Lutz, Florida, United States.

We are ready to upload more than 35 GB of private corporate docum ents including: financial data (audits, payment details, reports) , contact numbers and e-mail addresses of employees and customers etc.…

Read More

Summary: The cybersecurity landscape of 2025 is expected to be shaped by evolving threats, particularly from human vulnerabilities, cryptocurrency exchanges, state-sponsored attacks, supply chain vulnerabilities, and the adoption of cybersecurity mesh architecture. Organizations must adapt their strategies to bolster defenses and enhance resilience against these emerging challenges.…
Read More

Summary: Security researchers have disclosed a Windows Registry Elevation of Privilege vulnerability (CVE-2024-43452) that could allow attackers to gain SYSTEM-level access. The flaw is rooted in a design oversight in memory management during the loading of registry hives, which can be exploited under specific conditions.

Threat Actor: Unknown | unknown Victim: Microsoft Windows | Microsoft Windows

Key Point :

The vulnerability is classified as CVSS 7.5 and was reported by Mateusz Jurczyk of Google Project Zero.…
Read More

Threat Actor: Unknown | unknown Victim: Coinbase Users | Coinbase Users Price: Sold online (exact price not disclosed) Exfiltrated Data Type: Sensitive user information

Key Points :

Alleged sale of sensitive Coinbase user data raises privacy concerns. Leaked data may include account credentials, transactional histories, and personal identification documents.…
Read More

Date Reported: 2024-11-13 Country: USA Victim: Youth Eastside Services | Youth Eastside Services Website: youtheastsideservices.org Additional Information :

The non-profit organization Youth Eastside Services experienced a cyberattack in November 2024. An unauthorized third party accessed their computer system and viewed sensitive consumer information. Compromised data included names, birth dates, addresses, demographic information, medical information, and insurance details.…
Read More

Summary: In 2024, cyber threats targeting SaaS platforms surged dramatically, with significant increases in password attacks and phishing attempts resulting in billions in losses. Security teams must prioritize risk assessments and adopt monitoring tools to defend against evolving threats from notable cybercriminals.

Threat Actor: ShinyHunters | ShinyHunters Victim: Snowflake | Snowflake

Key Point :

ShinyHunters exploited a misconfiguration to breach over 165 organizations, emphasizing the importance of proper security measures.…
Read More

Summary: Recent developments in cybersecurity reveal significant vulnerabilities in trusted software like browser extensions and voice assistants, exposing sensitive user data to malicious actors. This week’s focus highlights the ongoing risks associated with digital convenience and the importance of vigilance in online activities.

Threat Actor: Flax Typhoon (Chinese state-sponsored) | Flax Typhoon Victim: Cyberhaven | Cyberhaven

Key Point :

Dozens of Google Chrome extensions were found stealing sensitive data from 2.6 million devices.…
Read More

The ClickFix campaign utilizes social engineering tactics to deploy malware on Windows and macOS platforms by presenting fake Google Meet error messages. Users are tricked into downloading malware disguised as troubleshooting files. This campaign highlights the dangers of browser-based attacks and the need for enhanced security measures.…
Read More

The Water Makara campaign is a sophisticated spear-phishing attack targeting Brazilian organizations, utilizing obfuscated JavaScript to deliver the Astaroth malware. This malware compromises systems undetected, posing significant threats to sectors like banking and national security. Affected Platform: Brazilian organizations

Keypoints :

Water Makara is a spear-phishing attack specifically aimed at Brazilian organizations.…
Read More

Threat Actor: Unknown | Lelivrescolaire.fr Victim: Lelivrescolaire.fr | Lelivrescolaire.fr Price: Not disclosed Exfiltrated Data Type: User account details, student and educator data

Key Points :

The breach exposes sensitive user information, raising privacy concerns. Potential risks include identity theft and phishing attacks. Highlights the need for improved cybersecurity measures in educational platforms.…
Read More