Examining the Johnson-Lebedev Connection & Implications
This report aims to provide an analysis of the relationship between former UK Prime Minister Boris Johnson and Evgeny Lebedev, a media mogul and son of a former KGB agent.…
Outlook Email Authentication Bypass: Display Name Obfuscation
Original Source: GitLab Repository The Vulnerability The issue lies in the “display name” of an email’s “From” header in Outlook. It appears that this display name can be manipulated to…
Active Exploitation of Zero-Day Vulnerability (CVE-2023-38606) Affecting All Apple Products
The Centre for Cyber Security Belgium (CERT.be) has issued an advisory warning of an actively exploited zero-day vulnerability (CVE-2023-38606) affecting all Apple products. This vulnerability, which allows for the modification…
OSS Supply Chain Attacks Targeting the Banking Sector: A Detailed Analysis
Introduction In a significant development in the cybersecurity landscape, the banking sector has recently been the target of two distinct open-source software (OSS) supply chain attacks. These attacks, detected by…
Unmasking the Geopolitical Underpinnings of Ransomware Attacks: A Review
In the ever-evolving field of Cyber Threat Intelligence (CTI), understanding the motivations behind cyber-attacks is paramount for effective threat mitigation and response. While financial gain is often a primary driver,…
Unveiling TETRA:BURST – A Deep Dive into the Critical Vulnerabilities of Global Emergency Communication Systems
Introduction The Terrestrial Trunked Radio (TETRA), a communication system extensively utilized by government agencies, law enforcement, and emergency services organizations across Europe, the United Kingdom, and numerous other countries, has…
Unraveling Phishing SMS Campaigns: A Collaborative Success Story
A recent operation against phishing SMS campaigns in the UK, shared via a tweet by Jake from JCyberSec_ (@JCyberSec_) and a LinkedIn post by the Dedicated Card and Payment Crime…
Ivanti Endpoint Manager Mobile (EPMM) CVE-2023-35078
Ivanti, a leading provider of IT software solutions, has recently addressed a critical zero-day authentication bypass vulnerability in its Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability,…
Threat Actor Profile: APT32
APT32, also known as OceanLotus Group, is a Vietnam-based threat group that has been active since at least 2014. This group is known for its sophisticated attacks on several private…
Zero-day vulnerability exploited in cyberattack on Norwegian government’s IT systems
On July 24, 2023, the Norwegian government announced that its ICT platform, used by 12 of its ministries, had been compromised in a cyberattack. The attack was carried out by…