VPN Archives - Page 5 of 46 - Cybersecurity News Everyday

Healthcare Malware Hunt, Part 1: Philips DICOM Viewers

The article discusses a campaign by the China-based Advanced Persistent Threat (APT) group Silver Fox, which exploited vulnerabilities in Philips DICOM viewers to deploy malware such as a Remote Access Tool (RAT), keyloggers, and crypto miners targeting healthcare organizations. The healthcare sector remains a significant target for cyberattacks, necessitating robust security measures.…

Threat Research

Astrill VPN: Silent Push Publicly Releases New IPs on VPN Service Heavily Used by North Korean Threat Actors

March 1, 2025 admin

The Lazarus Group from North Korea continues to use Astrill VPN to obscure their IP addresses during cyber attacks. Recent findings confirm that both the “Contagious Interview” subgroup and DPRK Fake IT workers employ this VPN to hide their activities. Silent Push has compiled a real-time updated list of Astrill VPN IP addresses to help protect users from these threats.…

Cyber Security News

[Law] Member of a harassment and hacking group convicted in the UK

March 1, 2025 Immnuniweb

Summary: Richard Ehiemere, a 21-year-old from Hackney, was convicted for his role in the online network “The Com,” involving serious offenses like child sexual abuse material (CSAM) distribution and hacking. He accessed Discord channels linked to the hacking group CVLT and shared stolen data, while also attempting to mask his identity.…

Cyber Attack

DragonForce Ransomware Group Targets Saudi Arabia with Large-Scale Data Breach

March 1, 2025 LeakNews

Summary: The DragonForce ransomware group has executed its first major attack in Saudi Arabia, exfiltrating over 6 TB of sensitive data from large enterprises in the real estate and construction sectors. This strategic assault coincided with a set extortion deadline prior to Ramadan, showcasing DragonForce’s sophisticated ransomware-as-a-service operations.…

0Trash

Threat Context Monthly: Executive Intelligence Briefing for February 2025 – Black Basta, & M_A_G_A

February 28, 2025February 28, 2025 iocOne

This article highlights the recent activities of the Black Basta ransomware group, focusing on their internal operations and significant data leaks. Furthermore, it discusses another threat actor, M_A_G_A, who is engaged in distributing malware. The insights provided shed light on the evolving tactics and techniques employed by these cybercriminals.…

Cyber Security News

Privacy tech firms warn France’s encryption and VPN laws threaten privacy

February 28, 2025 BleepingComputer

Summary: Privacy-focused email provider Tuta and the VPN Trust Initiative are voicing concerns over proposed French laws that would impose backdoors in encrypted communication systems and restrict VPN access to pirate sites. The amendments, supported by law enforcement, threaten user privacy and security, with potential legal conflicts against European GDPR and Germany’s IT security regulations.…

Cyber Security News

Chinese APT Uses VPN Bug to Exploit Worldwide OT Orgs

February 27, 2025 CybersecurityNews

Summary: Chinese cybercriminals, attributed to APT41, have exploited a high-severity vulnerability in Check Point security gateways, targeting sensitive operational technology organizations globally. The attackers utilized a VPN bug to gain access to valuable intellectual property, primarily affecting manufacturing companies, including many small businesses that lack robust cybersecurity measures.…

Threat Research

Resecurity | DragonForce Ransomware Group is Targeting Saudi Arabia

February 27, 2025 iocOne

The DragonForce ransomware group has recently targeted organizations in the Kingdom of Saudi Arabia, resulting in the significant exfiltration of over 6 TB of confidential data from a major real estate and construction firm. The incident highlights a worrying trend of cyber threats against critical infrastructure in the region, indicating a potential expansion beyond the MENA area.…

Interesting Stuff

Awesome OSINT Curated list of amazingly awesome open source intelligence tools and resources

February 27, 2025February 27, 2025 admin

https://github.com/jivoi/awesome-osint

A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources).

This list is to help all of those who are into Cyber Threat Intellience (CTI), threat hunting, or OSINT.…

Interesting Stuff

Github Not The Hidden Wiki

February 27, 2025February 27, 2025 admin

https://github.com/notthehiddenwiki/NTHW/tree/nthw

There are already 2853 links on our wiki!

Intro

We believe that knowledge should be free! So we collected many valuable links from various specialists in their fields and created this wiki. Regardless of whether you are just starting your adventure with cybersecurity or you have been in this world for a long time, you will definitely find something for yourself on this wiki.…

Cyber Attack

EncryptHub Exposed: 600+ Targets Hit by LARVA-208

February 27, 2025 LeakNews

Summary: A new threat actor, LARVA-208 (EncryptHub), has been conducting sophisticated spear-phishing attacks since June 2024, utilizing innovative techniques like smishing and vishing to gain access to corporate networks. They have obtained 70 domain names to impersonate legitimate VPN login pages and exploit vulnerabilities to harvest user credentials, followed by deploying ransomware to demand payments.…

Cyber Attack

EncryptHub breaches 618 orgs to deploy infostealers, ransomware

February 26, 2025 BleepingComputer

Summary: The threat actor known as ‘EncryptHub’ has been actively targeting organizations globally since June 2024, using spear-phishing and social engineering tactics to gain access to corporate networks. Upon infiltration, EncryptHub installs remote access tools and deploys data-stealing malware, often culminating in ransomware attacks. This sophisticated group also engages in domain purchasing for phishing, demonstrating advanced cyber-attack techniques to evade detection and compromise high-value targets.…

Cyber Attack

Leaked Black Basta Ransomware Chat Logs Reveal Inner Workings and Internal Conflicts

February 26, 2025 LeakNews

Summary: A leak of more than a year’s worth of internal chat logs from the Black Basta ransomware gang reveals insights into their operations and internal conflicts. The Russian-language conversations from 2023 to 2024 expose the group’s targeting of entities, including Russian banks, and highlight their tactics, such as exploiting security vulnerabilities and social engineering.…

Threat Research

Linux Detection Engineering – The Grand Finale on Linux Persistence – Elastic Security Labs

February 26, 2025February 26, 2025 iocOne

This article concludes the “Linux Persistence Detection Engineering” series by exploring advanced persistence mechanisms in Linux. Key topics include manipulation of GRUB and initramfs for persistence, exploitation of PolicyKit (Polkit) permissions, D-Bus configuration for unauthorized access, and NetworkManager dispatcher scripts. Readers are equipped with practical examples and detection strategies to bolster their defenses against Linux persistence threats.…

Cyber Security News

The Lurking Threat of Edge Security Products

February 26, 2025February 26, 2025 iocOne

Recent weeks have seen a surge in severe vulnerabilities affecting edge security products, which are now being exploited by attackers seeking easy access to networks. Vulnerabilities in devices like VPNs and firewalls have drawn attention as viable alternatives to phishing attacks. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) has identified several significant vulnerabilities, including authentication bypasses in products from Palo Alto Networks and SonicWall.…

Threat Research

Malicious LNK Analysis

February 26, 2025 iocOne

A detailed analysis of a malicious LNK file that executes a PowerShell script to download additional malware. The analysis reveals the structure of the LNK file, the payload it carries, and the indicators of compromise associated with it. The piece emphasizes the importance of understanding the attributes of the malicious file and the steps taken by the attacker to execute their plan.…

Silent Push Pivots into New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to .4B ByBit Hack and Past Attacks

Threat Research

Silent Push Pivots into New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past Attacks

February 26, 2025 admin

Silent Push analysts uncovered critical infrastructure used by the Lazarus APT Group, linking them to the historic .4 billion Bybit crypto heist through a recently registered domain. They identified an email connected to past attacks and noted the group’s preference for particular VPN IP addresses while exploiting fake job interviews on LinkedIn to deploy malware.…

Threat Research

PolarEdge: Unveiling an uncovered ORB network

February 25, 2025 SekoiaIO

The article discusses the PolarEdge botnet, which exploits the CVE-2023-20118 vulnerability in various Cisco Small Business Routers and causes compromised devices to launch coordinated attacks. The botnet has infected over 2,000 assets globally using sophisticated methods including web shells and a TLS backdoor. The research emphasizes the need for monitoring edge devices due to their vulnerability and operational importance to threat actors.…

0Trash

In Focus: Dpose Ransomware – Technical Analysis and Mitigation Strategies

February 25, 2025February 26, 2025 iocOne

The article discusses the emergence of a new ransomware variant called Dpose, highlighting its sophisticated encryption techniques and stealth strategies aimed at maximizing damage. Dpose employs random four-character file extensions, disrupts recovery options, and operates under the Ransomware-as-a-Service model, mirroring trends in modern cyber threats. The article also outlines its financial impacts on various sectors, mitigation strategies, and the future of ransomware, particularly focusing on advanced AI techniques.…

Threat Research

FBI-CISA Ghost Ransomware Warning Shows Staying Power of Old Vulnerabilities

February 25, 2025 Cyble

A recent advisory from the FBI and CISA highlights the ongoing threat posed by the Ghost (Cring) ransomware group, which continues to exploit unpatched vulnerabilities in outdated software. The group, primarily motivated by financial gain, targets organizations globally and utilizes established techniques from previous years. The report underscores the critical importance of maintaining cybersecurity hygiene and patching known vulnerabilities to protect against these persistent threats.…

Tag: VPN