RECONNAISSANCE – Cybersecurity News Everyday

Nmap for Beginners

January 18, 2025January 18, 2025 iocOne

Nmap is a powerful network scanning tool used for discovering hosts and services on a network. This overview provides tips on maximizing its potential, including the use of various flags for enhanced scanning, such as aggressive scans and vulnerability detection. Affected: network security, penetration testing, bug bounty programs

Keypoints :

Nmap is used for network probing, service discovery, and operating system identification.…

Trash

Unmasking the Shadows: Inside the Dark Web of coinbase-mywallet.com Phishing and Malware Networks

January 18, 2025 iocOne

Phishing domains like coinbase-mywallet.com pose significant threats to users in the cryptocurrency and finance sectors by mimicking legitimate services to harvest sensitive information. This investigation reveals the domain’s connections to the APT40 threat group, showcasing the sophisticated infrastructure and tactics employed in these malicious operations. Affected: cryptocurrency sector, finance sector

Keypoints :

coinbase-mywallet.com…

Info Data Leak

FCC orders telecoms to secure their networks after Salt Tyhpoon hacks

January 18, 2025January 18, 2025 BleepingComputer

Summary: The FCC has mandated U.S. telecommunications carriers to enhance their cybersecurity measures following the Salt Typhoon breaches that compromised multiple networks. This ruling requires telecom companies to secure their systems against cyberattacks and submit annual certifications of their cybersecurity risk management plans. The action aims to address vulnerabilities exposed by the breaches attributed to a Chinese hacking group, emphasizing the urgent need for improved defenses against nation-state threats.…

Threat Research

BlackSuit Ransomware Group: What Have Changed After Royal Ransomware

January 17, 2025 Picussecurity

The BlackSuit ransomware group, an evolution of the Royal ransomware, has emerged as a significant cyber threat since mid-2023, utilizing advanced tactics to extort over $500 million from various industries worldwide. This analysis delves into their operational strategies, notable incidents, and defense mechanisms to mitigate their impact.…

Info Data Leak

CISA warns of exploited Fortinet bugs as Microsoft issues its biggest Patch Tuesday in years

January 17, 2025January 18, 2025 RecordedFuture

Summary: A zero-day vulnerability in FortiGate firewalls is actively being exploited by hackers, prompting urgent action from the federal government and cybersecurity firms. The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies patch this vulnerability by January 21, highlighting its critical nature. Additionally, concerns have been raised about an older vulnerability that has recently led to the leak of configurations for thousands of FortiGate devices.…

Threat Research

Fortinet firewalls hit with new zero-day attack, older data leak

January 17, 2025 Rapid7

Rapid7 is investigating two significant incidents affecting Fortinet firewall users: a zero-day vulnerability (CVE-2024-55591) that allows remote attackers to gain super-admin privileges and a data leak involving 15,000 FortiGate firewalls. The leaked data, which includes sensitive information, is believed to be from incidents dating back to 2022.…

Cyber Security News

Build Resilience as Threat Actors Use AI to Lower Barriers to Entry

January 17, 2025January 17, 2025 iocOne

Recent FBI alerts confirm that threat actors are increasingly utilizing GenAI to enhance financial fraud and extortion tactics, making traditional methods like phishing more effective. AI-generated content aids in creating convincing spear-phishing emails and realistic fake social media profiles. As these attacks become more accessible, organizations must prepare for a growing trend in cyber threats.…

Cyber Security News

Fortinet Fixes FortiOS Zero-Day Exploited by Attackers for Months

January 16, 2025 Cyware

Summary: Fortinet has addressed a critical authentication bypass vulnerability (CVE-2024-55591) in its FortiOS firewalls and FortiProxy web gateways, which has been actively exploited by attackers as a zero-day. The vulnerability allows remote attackers to gain super-admin privileges, enabling them to execute unauthorized commands. Organizations are urged to upgrade to patched versions and monitor for indicators of compromise due to the ongoing threat from state-sponsored hackers.…

Threat Research

Securonix Threat Labs 2024 Annual Autonomous Threat Sweeper Intelligence Insights

January 16, 2025 Securonix

The 2024 Annual Cyber Threat Report reveals a significant increase in cyber threats, including advanced persistent threats (APTs) and evolving tactics used by attackers. Key incidents include the resurgence of LockBit ransomware, exploitation of vulnerabilities in widely-used technologies, and notable data breaches affecting major organizations. Affected: Ivanti Connect Secure, GlobalProtect, CrowdStrike, Snowflake, Palo Alto Networks

Keypoints :

Emerging threats exploit vulnerabilities in Ivanti Connect Secure and GlobalProtect VPN.…

Info Data Leak

UK Considers Banning Ransomware Payments

January 16, 2025January 18, 2025 admin

Summary: The U.K. government is contemplating a ban on ransomware payments to protect critical industries from cybercriminals. This proposed legislation aims to enhance reporting requirements and educate businesses on responding to ransomware threats, while also acknowledging potential negative impacts on small businesses. The initiative reflects a broader strategy to reduce financial incentives for cybercriminals and improve national cybersecurity.…

Threat Research

Unpacking the LastPass Hack: A Case Study | CSA

January 16, 2025January 16, 2025 admin

This article examines the LastPass hack, detailing how attackers exploited vulnerabilities to access sensitive customer data. It emphasizes the importance of robust security measures in cloud computing and offers practical guidelines for detection and prevention. Affected: LastPass

Keypoints :

LastPass is a SaaS provider specializing in password vault solutions.…

Threat Research

Kimsuky Hacking Group’s Malware Attack on the Korean Defense Industry Association – Defense Industry Digital Innovation Seminar (Planned) (2025.1.12)

January 15, 2025 iocOne

This article discusses the malicious activities of the North Korean hacking group Kimsuky, which targets the Korea Association of Defense Industry Studies. The group is known for its various espionage missions, including the distribution of malware disguised as a seminar invitation. The malware is delivered via email and executes harmful scripts upon opening an attached document.…

Threat Research

Volt Typhoon: Analyzing Espionage Campaigns Against Critical Infrastructure

January 15, 2025January 15, 2025 iocOne

Volt Typhoon, a Chinese state-sponsored APT group, is known for targeting critical infrastructure in the US, UK, Canada, and Australia by exploiting vulnerabilities in outdated SOHO devices. Their stealthy tactics involve using legitimate tools to blend malicious activities with normal network traffic, making detection difficult. Affected: United States, United Kingdom, Canada, Australia

Keypoints :

Volt Typhoon is linked to espionage and information gathering targeting critical infrastructure.…

Threat Research

Campaign TrailRansomHub Ransomware: Darktrace’s Investigation of the Newest Tool in ShadowSyndicate’s ArsenalbyQing Hong Kwa

January 15, 2025 DarkTrace

Darktrace’s investigation into RansomHub attacks revealed connections to the ShadowSyndicate threat group, which has been active since July 2022. ShadowSyndicate has adopted RansomHub’s ransomware services, leading to a surge in attacks across various sectors in late 2024. The attacks involved complex tactics, including data exfiltration and file encryption, with ransom notes threatening data leaks.…

Cyber Security News

Fortinet FortiGate Firewalls Targeted in Sophisticated Campaign Exploiting Management Interfaces

January 15, 2025January 15, 2025 SecurityOnline

Summary: A new report from Arctic Wolf Labs reveals a campaign targeting Fortinet FortiGate firewalls, where threat actors exploited vulnerabilities to manipulate configurations and gain unauthorized access. The campaign, observed between November and December 2024, involved multiple phases of exploitation affecting various organizations.Threat Actor: Unknown | unknown Victim: Organizations using Fortinet FortiGate firewalls | organizations using Fortinet FortiGate firewalls

Key Point :

Threat actors exploited management interface vulnerabilities to alter configurations and extract credentials.…

Info Data Leak

As Tensions Mount With China, Taiwan Sees Surge in Cyberattacks

January 15, 2025January 18, 2025 DarkReading

Summary: In 2024, China’s cyber-operations groups significantly escalated their attacks on Taiwanese organizations, particularly targeting government and telecommunications sectors, resulting in over 2.4 million daily attack attempts. The Taiwanese National Security Bureau reported a 20% increase in successful attacks compared to the previous year, highlighting the aggressive tactics employed by China in cyberspace.…

Threat Research

The Evolution of Ransomware: From Simple Encryption to Double Extortio…

January 15, 2025 SocRadar

The article discusses the evolution of ransomware from its inception in the late 1980s to its current state as a sophisticated and multi-faceted threat. It highlights key developments, including the introduction of cryptocurrencies, the rise of Ransomware-as-a-Service (RaaS), and the emergence of double and triple extortion tactics.…

Info Data Leak

Zero-Day Security Bug Likely Fueling Fortinet Firewall Attacks

January 15, 2025January 18, 2025 DarkReading

Summary: A zero-day vulnerability is suspected to be the cause of recent attacks on Fortinet FortiGate firewall devices, where attackers gain unauthorized access to management interfaces. Researchers from Arctic Wolf have been monitoring the campaign, which appears opportunistic rather than targeted at specific sectors.

Threat Actor: Unknown | unknown Victim: Various organizations | various organizations

Key Point :

Attackers exploited management interfaces of FortiGate devices with firmware versions between 7.0.14 and 7.0.16.…

Trash

Fortinet Warns of Auth Bypass Zero-Day Exploited to Hijack Firewalls

January 14, 2025January 15, 2025 iocOne

A new zero-day vulnerability (CVE-2024-55591) in FortiOS and FortiProxy allows attackers to hijack Fortinet firewalls, gaining super-admin privileges and compromising enterprise networks. The exploitation involves creating unauthorized admin accounts and modifying firewall settings. Organizations are urged to disable public management access. Affected: FortiOS, FortiProxy

Keypoints :

A zero-day vulnerability (CVE-2024-55591) affects FortiOS and FortiProxy versions.…

Cyber Security News

Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces

January 14, 2025 TheHackerNews

Summary: A new cyber campaign has targeted Fortinet FortiGate firewall devices with exposed management interfaces, leading to unauthorized access and configuration changes. The attackers exploited vulnerabilities to create new accounts and establish SSL VPN access for lateral movement within compromised networks.

Threat Actor: Unknown | unknown Victim: Various organizations | various organizations

Key Point :

The campaign began in mid-November 2024, with attackers gaining unauthorized access to firewall management interfaces.…

Tag: RECONNAISSANCE