Tag: VPN

CISA Warns of Critical Edimax IP Camera Flaw (CVE-2025-1316) with Public Exploits and No Vendor Fix
Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has alerted users about a critical vulnerability (CVE-2025-1316) in Edimax IC-7100 IP cameras, with a CVSS score of 9.8. This flaw enables remote code execution due to the camera’s inability to properly handle incoming requests. CISA emphasizes the urgent need for users to secure their devices as public exploits are already available and Edimax has not coordinated a fix.…
Read More
New ‘Desert Dexter’ Campaign Hits Over 900 Victims in Middle East, North Africa, and Other Regions
Summary: A malicious campaign known as “Desert Dexter” has infected around 900 victims mainly in the Middle East and North Africa, employing sophisticated tactics to deploy a modified version of AsyncRAT malware. The campaign leverages social media and legitimate platforms, utilizing geopolitical themes to lure victims into downloading malicious scripts.…
Read More
The first week of March saw the addition of nine new vulnerabilities to the CISA Known Exploited Vulnerabilities catalog, pointing to increased targeting of enterprise and IT infrastructure. Notably, botnet threats like EnemyBot and Sysrv-K took advantage of these vulnerabilities. Additionally, advanced threat actor Silk Typhoon exploited a zero-day vulnerability in Ivanti Pulse Connect VPN, underscoring the need for adaptive security measures.…
Read More
Summary: Microsoft Threat Intelligence reports that the Chinese state-backed cyber-espionage group, Silk Typhoon, has shifted tactics to exploit IT supply chains by targeting remote management tools and cloud applications. Their focus on infiltrating IT service providers and infrastructure companies allows them to indirectly access downstream networks, posing significant risks to various sectors.…
Read More
Dark Web Profile: Ghost (Cring) Ransomware – SOCRadar® Cyber Intelligence Inc.
The Ghost (Cring) ransomware is a critical cybersecurity threat primarily targeting organizations with vulnerable systems, including healthcare, finance, government, and education sectors. This ransomware employs sophisticated techniques such as exploiting vulnerabilities, lateral movement, and advanced evasion methods to encrypt sensitive data and demand ransom payments. Affected: healthcare, financial services, government, critical infrastructure, manufacturing, education, professional services, retail, e-commerce

Keypoints :

Ghost (Cring) ransomware has been active since at least 2021, targeting vulnerable internet-facing systems.…
Read More
Unveiling EncryptHub: Analysis of a Multi-Stage Malware Campaign
EncryptHub, a notable cybercriminal organization, has gained increasing attention from threat intelligence teams due to its operational security missteps. These lapses have allowed analysts to gain insights into their tactics and infrastructure. The report details EncryptHub’s multi-stage attack chains, trojanized application distribution strategies, and their evolving killchain, making them a significant threat in the cyber landscape.…
Read More
EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing
Summary: EncryptHub, a financially motivated threat actor, is executing advanced phishing campaigns focused on deploying information stealers and ransomware while developing a new tool named EncryptRAT. The group utilizes a variety of distribution methods, including third-party PPI services, to enhance their attack efficacy. Organizations are urged to adopt multi-layered security strategies to combat these evolving threats.…
Read More
Silk Typhoon Shifts Tactics to Exploit Common IT Solutions
A new tactic shift by the Chinese espionage group Silk Typhoon has been identified, showcasing their increasing exploitation of common IT solutions to gain access. Their operations have affected numerous sectors including IT services, healthcare, government, and education, primarily in the US. Their methods include credential abuse, exploiting zero-day vulnerabilities, and lateral movement.…
Read More
China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain
Summary: Microsoft has revealed a concerning shift in tactics by the Chinese espionage group Silk Typhoon, which is now focusing on the global IT supply chain instead of high-profile cloud services. The group is employing stolen API keys and compromised credentials to infiltrate IT services and managed service providers, allowing them to conduct reconnaissance and data exfiltration.…
Read More
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Summary: The Silk Typhoon hacking group has adapted its tactics to exploit the IT supply chain, targeting remote management tools and cloud applications to gain access to corporate networks. Microsoft Threat Intelligence highlighted their method of using stolen API keys for reconnaissance and data collection, indicating a shift toward more sophisticated exploitation techniques.…
Read More
Cisco warns of Webex for BroadWorks flaw exposing credentials
Summary: Cisco has issued a warning about a vulnerability in Webex for BroadWorks that allows unauthenticated remote attackers to access sensitive credentials. The company has implemented a configuration change to address the flaw and recommends that customers restart their Cisco Webex app. Admins are advised to use secure transport for SIP communication while the fix is applied to their systems.…
Read More
Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
Summary: Recent analysis indicates that affiliates of the Black Basta ransomware group have shifted their tactics to utilize the CACTUS ransomware, deploying a shared BackConnect module for continued access to infected systems. This convergence of techniques, including social engineering tactics like email bombing and Quick Assist, highlights the evolving nature of ransomware attacks.…
Read More
Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
In this blog entry, we explore the tactics employed by the Black Basta and Cactus ransomware groups to compromise systems and exfiltrate sensitive information. They leveraged social engineering, remote access tools, and the BackConnect malware to establish persistent control over infected machines. Mitigating damages, businesses must adopt enhanced security protocols.…
Read More
Social Engineering: The Art of Psychological Exploitation Part 4
This article explores various social engineering crimes and case studies, emphasizing the significance of understanding these tactics for self-protection and cybersecurity awareness. Notable scams include QR code replacements, call forwarding scams, SIM swap scams, job fraud, phishing-as-a-service, and the notorious 2020 Twitter Bitcoin scam. These incidents highlight human vulnerability in cybersecurity and the need for continuous vigilance.…
Read More
Monday, March 3, 2025
The Qilin ransomware group has claimed responsibility for a cyber attack on Lee Enterprises, a prominent U.S. media company, disrupting its operations and threatening to release stolen data by March 5 unless a ransom is paid. The breach resulted in unauthorized access to sensitive information, affecting numerous publications and digital platforms.…
Read More
The New Ransomware Groups Shaking Up 2025
Summary: In 2024, global ransomware attacks surged to 5,414 incidents, marking an 11% increase from the previous year, with a notable spike in attacks during Q2 and Q4. The emergence of 46 new ransomware groups, especially RansomHub, has significantly transformed the ransomware landscape, with these groups adopting aggressive strategies and collaborations.…
Read More
Turkey’s Attacking APT Groups and Attack Analyses
This study offers a comprehensive examination of Advanced Persistent Threats (APTs), focusing on their dynamics, techniques employed, and preventive measures. The article discusses the identification of APTs, the reasons behind attacks on Turkey, and their geopolitical and economic impacts. Furthermore, it explains the concept of Tactics, Techniques, and Procedures (TTP), their subdivision into sub-techniques, and details effective strategies to mitigate APT attacks.…
Read More