Ratatouille: Cooking Up Chaos in the I2P Kitchen
This report details the discovery and analysis of a sophisticated multi-stage Remote Access Trojan (RAT) named I2PRAT, identified during a campaign called ClickFix12. The malware uses advanced evasion techniques, including privilege escalation and dynamic API resolution, while communicating covertly over the I2P network. The report discusses its infection chain, functionalities, and potential tracking and detection strategies for detecting I2PRAT in compromised systems.…
Read More
DeepSeek AI Fails Multiple Security Tests, Raising Red Flag for Businesses
Summary: Recent testing from AppSOC revealed that the Chinese generative AI model DeepSeek failed 6,400 security tests, showcasing a critical lack of guardrails and a high risk for enterprises. The model demonstrated alarming failure rates in generating malware and viruses, with researchers recommending organizations to refrain from using it for any business applications.…
Read More
Malware Analysis Tutorial
The article outlines the steps taken by a junior cybersecurity analyst to investigate a suspicious file (image.exe) found on a company workstation. It details both static and behavioral analysis methods utilized to understand the file’s behavior and how it may impact the network. The analysis uncovers obfuscation methods and network connections, setting the groundwork for further investigation into Indicator of Compromise (IoC) and the remote Command and Control (C2) server.…
Read More
US-CERT Vulnerability Summary for the Week of February 3, 2025 – RedPacket Security
The CISA Vulnerability Bulletin reports on new vulnerabilities identified within the past week, detailing their severity and impact based on the Common Vulnerability Scoring System (CVSS). Several vulnerabilities lack CVSS scores but involve critical systems including industrial automation, cybersecurity tools, and various software applications. Affected: 2N Access Commander, ABB ASPECT-Enterprise, Advantive VeraCore, Alexandros Georgiou Bitcoin Wallets, AMD EPYC, Apache Cassandra, Apache James server, Apache ShardingSphere, Cisco Identity Services Engine, IBM Cognos Analytics, and more.…
Read More
XE Group Shifts From Card Skimming to Supply Chain Attacks
Summary: The XE Group, a Vietnamese cybercrime organization known for credit card theft, has expanded its operations to targeted information stealing from manufacturing and distribution supply chains. Utilizing zero-day vulnerabilities in VeraCore’s warehouse management platform, the group has displayed increasing sophistication and adaptability in their cyber attacks.…
Read More
Further insights into Ivanti CSA 4.6 vulnerabilities exploitation
This report analyzes widespread exploitation of Ivanti Cloud Service Appliance (CSA) vulnerabilities, particularly CVE-2024-8963, identified between October 2024 and January 2025. The vulnerabilities resulted in the deployment of webshells on many affected devices, with insights into the operational tactics of the threat actors. The report delves into the root causes of these vulnerabilities, the exploitation methods, and the implications for defenders responding to such attacks.…
Read More
Congressional leaders given access to surveillance court in bid for more transparency
Summary: The Foreign Intelligence Surveillance Court (FISC) is opening its doors to select congressional leaders, allowing them to observe proceedings in-person, as part of an effort to increase transparency. This move follows critiques labeling the court a “rubber stamp” for government surveillance activities. Critics argue that while transparency is needed, permitting congressional access may not significantly reduce the court’s mystique and could lead to potential leaks.…
Read More
Summary: ABB has issued a cybersecurity advisory regarding a critical path traversal vulnerability (CVE-2024-48510) in its Drive Composer software, affecting versions 2.9.0.1 and earlier. Rated 9.8 on the CVSS scale, the vulnerability could allow attackers to gain unauthorized access to the file system, execute arbitrary code, and compromise systems.…
Read More
Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
Summary: Threat actors are exploiting Google Tag Manager (GTM) to implement credit card skimmer malware on Magento-based e-commerce sites. The malicious code, disguised within a typical GTM setup, allows attackers to harvest sensitive customer data during checkout. Three sites are currently confirmed to be infected with this malware, which has seen a reduction from an earlier report of six infections.…
Read More
Analyst Burnout Is an Advanced Persistent Threat
Summary: The cybersecurity industry is facing a critical crisis due to the burnout of security analysts and leadership. With an alarming number of professionals contemplating leaving the field, the focus must shift from merely hiring new talent to supporting and empowering existing personnel. To sustain effective cybersecurity defense, organizations must prioritize the welfare of their defenders and harness their expertise alongside technological advancements.…
Read More
Magecart Attackers Abuse Google Ad Tool to Steal Data
Summary: Cybercriminals exploit Google Tag Manager (GTM) to inject malicious code into Magento-based e-commerce sites, primarily targeting payment card data. The attack represents a novel form of Magecart strategy, using legitimate marketing scripts as a front for card skimming. Investigators discovered at least six affected sites already, highlighting the widespread and active nature of this threat.…
Read More

Victim: BOZICKDIST.COM Country : Actor: clop Source: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/bozickdist-com Discovered: 2025-02-10 15:13:29.448568 Published: 2025-02-10 15:12:07.938056 Description : Company Name: Bozick Distributors Inc. Website: BOZICKDIST.COM Industry: Athletic and outdoor shoes wholesale Location: United States Reputation: Established name for high-quality sportswear products Target Customers: Sports retailers and commercial establishments Product Offerings: Athletic shoes, clothing, and sports accessories

About Country: Cybersecurity Perspective and Ransomware Cases

– Cybersecurity Framework: The country has established national cybersecurity strategies to enhance protection against cyber threats, with ongoing efforts to update regulations and standards.…

Read More
THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]
Summary: This update highlights significant cybersecurity threats, including the ongoing exploitation of ASP.NET machine keys and various vulnerabilities in remote desktop software and file archiving tools. Additionally, the report covers notable ransomware trends, attack campaigns from the Lazarus Group and new malware initiatives, and the alarming use of abandoned AWS S3 buckets for supply chain attacks.…
Read More
RST TI Report Digest: 10 Feb 2025
This report provides a comprehensive overview of recent cybersecurity threats from various actors, detailing their tactics, techniques, and indicators of compromise. The analysis covers sophisticated groups like XE Group, MuddyWater, and others, revealing their complex operations and targeting sectors affected by ongoing geopolitical tensions, particularly within financial and governmental infrastructures.…
Read More
AhnLab EDR Utilization in Detecting Akira Ransomware Attack Case – ASEC
Akira is a relatively new ransomware actor active since March 2023, known for infiltrating organizations, encrypting files, and stealing sensitive information for negotiation purposes. The ransomware attacks have significantly impacted numerous sectors, as demonstrated by statistics from 2024. Affected: organizations, information technology, cybersecurity

Keypoints :

Akira ransomware has been active since March 2023.…
Read More