Summary: France’s cybersecurity agency warns of hacking group linked to Russia’s Foreign Intelligence Service (SVR) targeting French diplomatic entities.
Threat Actor: Russia’s Foreign Intelligence Service (SVR) | Russia’s Foreign Intelligence …
Summary: France’s cybersecurity agency warns of hacking group linked to Russia’s Foreign Intelligence Service (SVR) targeting French diplomatic entities.
Threat Actor: Russia’s Foreign Intelligence Service (SVR) | Russia’s Foreign Intelligence …
Summary: Brighton Park Capital has made an $112 million investment in PortSwigger, an application security software provider, to support its growth and innovation initiatives.
Threat Actor: Brighton Park Capital | …
Threat Actor: Brain Cipher ransomware group | Brain Cipher ransomware group Victim: Indonesia Terkoneksi | Indonesia Terkoneksi Price: N/A Exfiltrated Data Type: N/A
Key Points :
The Brain Cipher ransomware…Published On : 2024-06-29
Executive SummaryAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This …
Identifier: TRR240601.
SummaryHunting for malicious infrastructure possibly targeting the Israeli government, we identified a previously unreported, long-standing and suspicious domain. The latter is still active at the time of …
ModiLoader aka DBatLoader – Active IOCsJune 21, 2024Multiple IBM i and WebSphere Application Server VulnerabilitiesJune 21, 2024
Analysis SummaryThe SideWinder APT (Advanced Persistent Threat) Group is a sophisticated cyber …
Whitebox penetration testing, especially for complex web applications, can be daunting due to the vast amount of code and interconnections between various components. Breaking down the application into manageable …
AhnLab SEcurity intelligence Center (ASEC) is responding to recently discovered cases that are using the SmallTiger malware to attack South Korean businesses. The method of initial access has not yet …
Summary: SolarWinds has released version 2024.2, which includes new features and upgrades, as well as patches for three security vulnerabilities.
Threat Actor: None identified.
Victim: SolarWinds.
Key Point :
SolarWinds…Summary: This content discusses the disclosure of a critical vulnerability in Apache HugeGraph, an open-source graph database, and the availability of proof-of-concept exploits for remote command execution.
Threat Actor: N/A…
In May 2023, in a threat hunt across Sophos Managed Detection and Response telemetry, Sophos MDR’s Mark Parsons uncovered a complex, long-running Chinese state-sponsored cyberespionage operation we have dubbed “Crimson …
Published On : 2024-06-06
Mustang Panda, also known as Bronze President, is a Chinese cyber threat actor, active since 2012. This group has launched cyberattacks against organizations worldwide, targeting foreign …
ReversingLabs researchers recently discovered a malicious, open source package: xFileSyncerx on the Python Package Index (PyPI). The package, with close to 300 registered downloads, contained separate malicious “wiper” components. Is …
On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed in several Arctic Wolf Incident …
Threat Actor: Unknown | Unknown Victim: Hugging Face | Hugging Face Price: Not specified Exfiltrated Data Type: Spaces secrets
Additional Information:
The security breach affected Hugging Face’s Spaces platform. Unauthorized…Published On : 2024-06-03
Executive SummaryAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This …
Threat Actor: Unknown | Unknown Victim: Cryptocurrency platform | Cryptocurrency platform Price: $50,000 Exfiltrated Data Type: User portfolios, email addresses, phone numbers, and other sensitive information
Additional Information :
System…Key Points
The cyber threat landscape has seen a significant increase in information-stealing (infostealer) malware activity, with a 30.5% rise in marketplace listings for “stealer logs” from Q3 to Q4…During a recent red team operation, NetSPI discovered a local privilege escalation path in the default installation of Microsoft Service Fabric Runtime, a software commonly used for local application development. …
In so many penetration tests or assessments, the client gives you a set of subnets and says “go for it”. This all seems reasonable, until you realize that if you …
Summary: Bugcrowd, a cybersecurity company, has made its first purchase by acquiring an external attack surface management vendor to enhance visibility and management of potential attack surfaces.
Threat Actor: N/A …
Artificial Intelligence (AI) is increasingly being integrated into various industries, and cybersecurity is no exception. This article delves into the potential of AI to transform the cybersecurity landscape, addressing …
This post is also available in: 日本語 (Japanese)
Executive SummaryA Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter. This …
Summary: This article discusses Hackbat, an open-source penetration testing tool that is built around a custom PCB and a RP2040 microcontroller from the Raspberry Pi Pico W.
Threat Actor: Hackbat …
Summary: This content discusses the challenges organizations face in developing responsible AI while balancing technological advancement and compliance with ethical standards and regulatory requirements.
Threat Actor: N/A
Victim: N/A
Key …
Summary: This content discusses the limitations of password protection for files sent via email and explores the effectiveness of software and hardware encryption in protecting personal and business files from …
Summary: Telus has acquired Vumetric Cybersecurity, a Toronto-based cybersecurity provider, to enhance its security services portfolio and offer advanced penetration testing to identify vulnerabilities and threats for companies in North …
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These …
Summary: This content discusses reNgine, an open-source automated reconnaissance framework for web applications that aims to streamline the recon process.
Threat Actor: N/A Victim: N/A
Key Point :
reNgine was…An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.
The technique was most …
Threat Actor: Czech Republic’s Office for Personal Data Protection (ÚOOÚ) | ÚOOÚ Victim: Avast | Avast Price: $14.8 million Exfiltrated Data Type: Sensitive personal data, including browsing habits, interests, location, …
Published On : 2024-04-26
EXECUTIVE SUMMARY:At Cyfirma, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This …
Summary: This article discusses how researchers at the University of Illinois Urbana-Champaign found that an AI agent created with OpenAI’s GPT-4 can exploit unpatched vulnerabilities without precise technical information, highlighting …
AhnLab SEcurity intelligence Center (ASEC) recently discovered that the Metasploit Meterpreter backdoor has been installed via the Redis service. Redis is an abbreviation of Remote Dictionary Server, which is an …
Identifier: TRR240401
On March 25, 2024, the U.S. Department of Justice (DoJ) released an indictment of seven hackers associated with APT31, a “hacking group in support of China’s Ministry of …
Threat Actor: Credential Stuffing | Credential Stuffing Victim: Roku | Roku Price: N/A Exfiltrated Data Type: User account information
Additional Information :
Roku experienced a second data breach incident, affecting…Summary: This article discusses the importance of exposure management in cybersecurity and how organizations can prioritize their security efforts to protect their most vulnerable areas.
Threat Actor: N/A
Victim: N/A…
Introduction
In the ongoing cat-and-mouse game between cyber attackers and defenders, the battleground has shifted from traditional malware tactics to more sophisticated methods of infiltration. One such technique gaining traction …
Published On : 2024-03-27
EXECUTIVE SUMMARYAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This …
This blog post discusses the IDAT Loader malware and its unique method of retrieving data from PNG files. It also explores the attack chain observed in two separate incidents involving …
____________________
Armed forces use war-gaming exercises for training, and cybersecurity exercises are now being used to test and improve organizations’ ability to detect and respond to cyber threats.
Key Point …
Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies.
When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers …
Cleartext credentials are commonly targeted in a penetration test and used to move laterally to other systems, obtain sensitive information, or even further elevate privileges. While this is a low …
Ransomware, a phenomenon now very well known, serves one ultimate and obvious purpose:
Monetary gain for the cybercriminal(s).However, multiple scenarios are, in fact, possible. Consider any and all of …
In this blog, we present a proof of value study demonstrating the value of detecting attempted DNS exfiltration and Command and Control …
[Update] April 8, 2024: “From ALPHV to RansomHub: Change Healthcare”
A new threat actor has emerged in the ransomware landscape, distinguishing themselves by making claims and backing them up with …
During the course of an intrusion investigation in late October 2023, Mandiant observed novel N-day exploitation of CVE-2023-46747 affecting F5 BIG-IP Traffic Management User Interface. Additionally, in February 2024, we observed …
Given a diverse customer base, Huntress sees a wide range of activity even when it comes to persistent threat actors. When such a threat actor makes attempts to compromise …