Cisco Investigates Data Breach: Sensitive Information Reportedly For Sale on Hacking Forum
Cisco is investigating a recent data breach after a threat actor known as “IntelBroker” claimed to have stolen sensitive data from the company’s internal repositories and has listed it for…
Nation-State Adversaries Exploit Ivanti CSA Zero-Days: A Deep Dive into Targeted Attacks and Vulnerability History
Overview Ivanti’s Cloud Services Appliance (CSA) has become a prime target for nation-state actors exploiting zero-day vulnerabilities to gain unauthorised access to critical infrastructure. Fortinet’s recent report unveils that these…
Ivanti CSA Hit with Three New Zero-Day Vulnerabilities in Active Exploitation
Ivanti recently disclosed three newly identified zero-day vulnerabilities in its Cloud Services Appliance (CSA), all of which are actively exploited in the wild. These vulnerabilities, tracked as CVE-2024-9379, CVE-2024-9380, and…
File Hosting Services Misused for Identity Phishing: Microsoft’s Analysis
Microsoft’s latest threat intelligence report highlights an ongoing trend where threat actors exploit legitimate file-hosting services, such as OneDrive, SharePoint, and Dropbox, to deliver identity-focused phishing attacks. These services’ familiarity…
Microsoft’s October 2024 Patch Tuesday: Five Zero-Day Vulnerabilities Fixed, Including Actively Exploited Flaws
Microsoft’s October 2024 Patch Tuesday release addresses 118 security vulnerabilities, including five zero-day vulnerabilities. These zero-days impact various components, from MSHTML to Microsoft Management Console (MMC), and pose significant risks…
Alleged Credit Suisse Data Breach: Employee Data Compromised
Reports have emerged of an alleged data breach at Credit Suisse, potentially impacting sensitive data of nearly 19,000 employees in India. This incident marks yet another challenge for the bank,…
Evil Corp and LockBit Connection Exposed: NCA Unmasks Cybercrime Kingpin
In a significant development, the UK’s National Crime Agency (NCA) has named Aleksandr Ryzhenkov as a key figure in the notorious Russian cybercrime group Evil Corp, while also identifying him…
Leveraging Windows Event Logs to Identify Human-Operated Ransomware: Insights from JPCERT/CC
Introduction In September 2024, JPCERT/CC released a detailed blog post uncovering how Windows Event Logs can be a powerful tool for identifying human-operated ransomware campaigns. The research focuses on notable…
LummaC2: Obfuscation Through Indirect Control Flow
A recent analysis of the LummaC2 (LUMMAC.V2) malware reveals its use of advanced obfuscation techniques, specifically leveraging indirect control flow manipulation to make reverse engineering significantly more challenging. This type…
CTI Trends – September 2024
As we approach the final quarter of 2024, the cyber threat intelligence (CTI) landscape continues to evolve, driven by a combination of emerging threats, geopolitical factors, and the maturation of…