Tag: VPN

Social Engineering: The Art of Psychological Exploitation Part 4
This article explores various social engineering crimes and case studies, emphasizing the significance of understanding these tactics for self-protection and cybersecurity awareness. Notable scams include QR code replacements, call forwarding scams, SIM swap scams, job fraud, phishing-as-a-service, and the notorious 2020 Twitter Bitcoin scam. These incidents highlight human vulnerability in cybersecurity and the need for continuous vigilance.…
Read More
Monday, March 3, 2025
The Qilin ransomware group has claimed responsibility for a cyber attack on Lee Enterprises, a prominent U.S. media company, disrupting its operations and threatening to release stolen data by March 5 unless a ransom is paid. The breach resulted in unauthorized access to sensitive information, affecting numerous publications and digital platforms.…
Read More
The New Ransomware Groups Shaking Up 2025
Summary: In 2024, global ransomware attacks surged to 5,414 incidents, marking an 11% increase from the previous year, with a notable spike in attacks during Q2 and Q4. The emergence of 46 new ransomware groups, especially RansomHub, has significantly transformed the ransomware landscape, with these groups adopting aggressive strategies and collaborations.…
Read More
Turkey’s Attacking APT Groups and Attack Analyses
This study offers a comprehensive examination of Advanced Persistent Threats (APTs), focusing on their dynamics, techniques employed, and preventive measures. The article discusses the identification of APTs, the reasons behind attacks on Turkey, and their geopolitical and economic impacts. Furthermore, it explains the concept of Tactics, Techniques, and Procedures (TTP), their subdivision into sub-techniques, and details effective strategies to mitigate APT attacks.…
Read More
Healthcare Malware Hunt, Part 1: Philips DICOM Viewers
The article discusses a campaign by the China-based Advanced Persistent Threat (APT) group Silver Fox, which exploited vulnerabilities in Philips DICOM viewers to deploy malware such as a Remote Access Tool (RAT), keyloggers, and crypto miners targeting healthcare organizations. The healthcare sector remains a significant target for cyberattacks, necessitating robust security measures.…
Read More
Astrill VPN: Silent Push Publicly Releases New IPs on VPN Service Heavily Used by North Korean Threat Actors
The Lazarus Group from North Korea continues to use Astrill VPN to obscure their IP addresses during cyber attacks. Recent findings confirm that both the “Contagious Interview” subgroup and DPRK Fake IT workers employ this VPN to hide their activities. Silent Push has compiled a real-time updated list of Astrill VPN IP addresses to help protect users from these threats.…
Read More
Threat Context Monthly: Executive Intelligence Briefing for February 2025 – Black Basta, & M_A_G_A
This article highlights the recent activities of the Black Basta ransomware group, focusing on their internal operations and significant data leaks. Furthermore, it discusses another threat actor, M_A_G_A, who is engaged in distributing malware. The insights provided shed light on the evolving tactics and techniques employed by these cybercriminals.…
Read More
Privacy tech firms warn France’s encryption and VPN laws threaten privacy
Summary: Privacy-focused email provider Tuta and the VPN Trust Initiative are voicing concerns over proposed French laws that would impose backdoors in encrypted communication systems and restrict VPN access to pirate sites. The amendments, supported by law enforcement, threaten user privacy and security, with potential legal conflicts against European GDPR and Germany’s IT security regulations.…
Read More
Chinese APT Uses VPN Bug to Exploit Worldwide OT Orgs
Summary: Chinese cybercriminals, attributed to APT41, have exploited a high-severity vulnerability in Check Point security gateways, targeting sensitive operational technology organizations globally. The attackers utilized a VPN bug to gain access to valuable intellectual property, primarily affecting manufacturing companies, including many small businesses that lack robust cybersecurity measures.…
Read More
Resecurity | DragonForce Ransomware Group is Targeting Saudi Arabia
The DragonForce ransomware group has recently targeted organizations in the Kingdom of Saudi Arabia, resulting in the significant exfiltration of over 6 TB of confidential data from a major real estate and construction firm. The incident highlights a worrying trend of cyber threats against critical infrastructure in the region, indicating a potential expansion beyond the MENA area.…
Read More

https://github.com/jivoi/awesome-osint

A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources).

This list is to help all of those who are into Cyber Threat Intellience (CTI), threat hunting, or OSINT.…

Read More

https://github.com/notthehiddenwiki/NTHW/tree/nthw

There are already 2853 links on our wiki!

💥 Intro

We believe that knowledge should be free! So we collected many valuable links from various specialists in their fields and created this wiki. Regardless of whether you are just starting your adventure with cybersecurity or you have been in this world for a long time, you will definitely find something for yourself on this wiki.…

Read More
Summary: A new threat actor, LARVA-208 (EncryptHub), has been conducting sophisticated spear-phishing attacks since June 2024, utilizing innovative techniques like smishing and vishing to gain access to corporate networks. They have obtained 70 domain names to impersonate legitimate VPN login pages and exploit vulnerabilities to harvest user credentials, followed by deploying ransomware to demand payments.…
Read More
EncryptHub breaches 618 orgs to deploy infostealers, ransomware
Summary: The threat actor known as ‘EncryptHub’ has been actively targeting organizations globally since June 2024, using spear-phishing and social engineering tactics to gain access to corporate networks. Upon infiltration, EncryptHub installs remote access tools and deploys data-stealing malware, often culminating in ransomware attacks. This sophisticated group also engages in domain purchasing for phishing, demonstrating advanced cyber-attack techniques to evade detection and compromise high-value targets.…
Read More
Leaked Black Basta Ransomware Chat Logs Reveal Inner Workings and Internal Conflicts
Summary: A leak of more than a year’s worth of internal chat logs from the Black Basta ransomware gang reveals insights into their operations and internal conflicts. The Russian-language conversations from 2023 to 2024 expose the group’s targeting of entities, including Russian banks, and highlight their tactics, such as exploiting security vulnerabilities and social engineering.…
Read More
Linux Detection Engineering – The Grand Finale on Linux Persistence – Elastic Security Labs
This article concludes the “Linux Persistence Detection Engineering” series by exploring advanced persistence mechanisms in Linux. Key topics include manipulation of GRUB and initramfs for persistence, exploitation of PolicyKit (Polkit) permissions, D-Bus configuration for unauthorized access, and NetworkManager dispatcher scripts. Readers are equipped with practical examples and detection strategies to bolster their defenses against Linux persistence threats.…
Read More
The Lurking Threat of Edge Security Products
Recent weeks have seen a surge in severe vulnerabilities affecting edge security products, which are now being exploited by attackers seeking easy access to networks. Vulnerabilities in devices like VPNs and firewalls have drawn attention as viable alternatives to phishing attacks. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) has identified several significant vulnerabilities, including authentication bypasses in products from Palo Alto Networks and SonicWall.…
Read More
Malicious LNK Analysis
A detailed analysis of a malicious LNK file that executes a PowerShell script to download additional malware. The analysis reveals the structure of the LNK file, the payload it carries, and the indicators of compromise associated with it. The piece emphasizes the importance of understanding the attributes of the malicious file and the steps taken by the attacker to execute their plan.…
Read More