Tag: PASSWORD

NETGEAR Router Flaw Exploited in the Wild for Years, PoC Published
Summary: A critical security vulnerability (CVE-2024-12847) has been found in multiple Netgear routers, allowing remote attackers to gain unauthorized access. This flaw, which has been exploited since 2017, affects the embedded web server of several models, including the DGN1000 and DGN2200 v1.

Threat Actor: Remote attackers | remote attackers Victim: Netgear router users | Netgear router users

Key Point :

Vulnerability CVE-2024-12847 has a CVSS score of 9.8, indicating a severe risk.…
Read More
Phishing Trend Exploiting YouTube URLs Through Microsoft Office 365 Expiry Themes
Summary: A new wave of phishing campaigns is exploiting Microsoft 365 password expiry notifications and using cleverly disguised URLs to deceive users into revealing their credentials. These tactics involve obfuscation techniques that make malicious links appear legitimate, increasing the risk of credential theft.

Threat Actor: Phishers | phishers Victim: Microsoft 365 Users | Microsoft 365 Users

Key Point :

Phishing emails use a specific subject line format and urge users to reconfirm passwords.…
Read More
Ransomware on ESXi: The mechanization of virtualized attacks
Summary: In 2024, ransomware attacks on VMware ESXi servers surged, with average ransom demands reaching $5 million, primarily driven by variants of Babuk ransomware. The attacks exploit vulnerabilities in the vCenter server architecture, necessitating urgent security enhancements for organizations.

Threat Actor: Ransomware Groups | Babuk Victim: Organizations using VMware ESXi | VMware ESXi

Key Point :

Ransomware attacks on ESXi servers are increasingly targeting critical file types, including VMDK, VMEM, VSWP, and VMSN files.…
Read More
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
Summary: This week’s cybersecurity recap highlights critical vulnerabilities, ongoing exploits, and legal actions against threat actors, emphasizing the importance of proactive security measures. Staying informed about these threats and implementing protective strategies is essential for individuals and organizations alike.

Threat Actor: UNC5337 | UNC5337 Victim: Ivanti | Ivanti

Key Point :

A critical vulnerability in Ivanti Connect Secure appliances has been exploited as a zero-day, allowing for remote code execution.…
Read More
This article provides a comprehensive overview of significant cybersecurity incidents and vulnerabilities reported recently, including outages, data breaches, and exploits targeting various platforms. Affected: Proton Mail, Ivanti VPN, Banshee, BayMark Health Services, Medusind, MirrorFace, STIIIZY, Samsung, GFI KerioControl, Mitel MiCollab, CrowdStrike, Akamai, Casio.

Keypoints :

Proton Mail experienced a worldwide outage due to a surge in database connections during infrastructure migration.…
Read More
RST TI Report Digest: January 13, 2025
This week’s threat intelligence report from RST Cloud highlights significant cyber threats from various actors, including the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, and Southeast Asia, as well as the emergence of new malware like Banshee and the Gayfemboy botnet. The report summarizes key findings from 29 threat intelligence reports, detailing tactics, techniques, and procedures (TTPs) used in these attacks, and includes numerous indicators of compromise (IoCs).…
Read More
Hack The Box Escape
This article provides a detailed walkthrough of the “Escape” machine on Hack The Box, focusing on Active Directory enumeration techniques and exploitation methods. The author shares insights gained from the experience, including working with Kerberos, NTLM, and Certificate Authority. Affected: Hack The Box

Keypoints :

The box “Escape” is rated Medium and is the author’s first Active Directory machine.…
Read More
Summary: Cybersecurity researchers at Cyderes have identified a new phishing trend that combines YouTube URLs with Microsoft 365 password expiry alerts to trick users into revealing their credentials. This method exploits the trust associated with familiar domains to enhance the effectiveness of phishing attempts.

Threat Actor: Unknown | unknown Victim: Users of Microsoft 365 | users of Microsoft 365

Key Point :

Phishing emails use urgent subject lines to prompt immediate user action.…
Read More
VulnNet: Internal – From Recon to Root
This article provides a detailed walkthrough of exploiting a vulnerable machine named VulnNet: Internal. The process includes initial reconnaissance, service enumeration, and privilege escalation to achieve root access. Key techniques utilized include Nmap scans, SMB and NFS enumeration, Redis exploitation, and TeamCity manipulation. Affected: VulnNet: Internal

Keypoints :

Initial reconnaissance performed using Nmap to identify open ports and services.…
Read More
Telefonica Breach: Infostealer Malware Opens Door for Social Engineering Tactics
Telefonica has confirmed a significant data breach involving unauthorized access to its internal ticketing system, resulting in the extraction of sensitive employee and operational data. The breach was facilitated by infostealer malware and social engineering tactics, compromising over 15 employees and exposing 24,000 email addresses, 500,000 JIRA issues, and 5,000 internal documents.…
Read More
Solving the Ticket through Malware Artifact Analysis
This article outlines the process of analyzing malware samples as a Cyber Threat Intelligence Analyst at PandaProbe Intelligence. The steps include downloading malware samples, conducting automated and manual analyses, correlating findings with global threat intelligence, and compiling a comprehensive report for mitigation. Affected: TryHackMe, PandaProbe Intelligence

Keypoints :

Acting as a Cyber Threat Intelligence Analyst at PandaProbe Intelligence.…
Read More
Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls – Arctic Wolf
Arctic Wolf has observed a campaign targeting Fortinet FortiGate firewall devices that involves unauthorized logins, account creation, and configuration changes through management interfaces exposed on the public internet. The campaign is likely exploiting a zero-day vulnerability. Organizations are urged to disable public access to firewall management interfaces immediately.…
Read More
Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls – Arctic Wolf
Arctic Wolf has identified a campaign targeting Fortinet FortiGate firewall devices, where unauthorized administrative access was gained through exposed management interfaces. The attackers created new accounts, altered configurations, and exploited a potential zero-day vulnerability. Organizations are urged to disable public access to firewall management interfaces immediately.…
Read More
What is IOC? Tracking Threats in Cybersecurity
Indicators of Compromise (IoCs) are critical technical indicators that help detect abnormal behaviors in systems, networks, or devices, aiding in the identification of malicious activities and facilitating effective responses to threats. They play a vital role in early threat detection by cybersecurity teams. Affected: None

Keypoints :

IoCs are crucial for identifying traces of cyberattacks.…
Read More
Cybersecurity News Review Week 2
This article discusses recent significant developments in cybersecurity, including vulnerabilities in Ivanti products, phishing scams, data exposure issues, and new government initiatives aimed at improving cyber resilience. Affected: Ivanti Connect Secure, CrowdStrike, Motorola ALPR, Gmail, WordPress, CISA, UK Government

Keypoints :

Ivanti disclosed two high-severity vulnerabilities (CVE-2025–0282, CVE-2025–0283) affecting its products.…
Read More
Telefónica confirms internal ticketing system breach after data leak
Summary: Telefónica, a major Spanish telecommunications company, confirmed a breach of its internal ticketing system after data was leaked on a hacking forum. The breach was executed using compromised employee credentials, leading to the theft of approximately 2.3 GB of sensitive documents and tickets.

Threat Actor: Hellcat Ransomware Group | Hellcat Ransomware Victim: Telefónica | Telefónica

Key Point :

Telefónica’s internal ticketing system was accessed unauthorizedly, leading to a data leak.…
Read More
FunkSec – Alleged Top Ransomware Group Powered by AI
The FunkSec ransomware group emerged in late 2024, quickly gaining notoriety for claiming over 85 victims in December alone. Utilizing AI-assisted malware development, the group blurs the lines between hacktivism and cybercrime, complicating assessments of their true motivations and capabilities. Their operations raise questions about the authenticity of their claims and the reliability of current threat evaluation methods.…
Read More
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
Summary: Cybersecurity researchers have identified a new AI-assisted ransomware group called FunkSec, which has targeted over 85 victims since its emergence in late 2024. The group employs double extortion tactics and operates under a ransomware-as-a-service model, with connections to hacktivist activities.

Threat Actor: FunkSec | FunkSec Victim: Various organizations | various organizations

Key Point :

FunkSec uses double extortion tactics, combining data theft with encryption to pressure victims.…
Read More