17.12.2024 Read More
Voodoo Bear (APT44 - Part 3)
Alias: ELECTRUM, Telebots, IRON VIKING, BlackEnergy (Group), Quedagh, Voodoo Bear, IRIDIUM, Seashell Blizzard, FROZENBARENTS
IT news and trends
Latest updates and hand-picked resources.
Cyber Threat Intelligence (21)
11.12.2024 Read More
Voodoo Bear (APT44 - Part 2)
In summary, it can be said that Voodoo Bear is part of the Russian government's ‘Ministry of Defence’ and is therefore state-sponsored. In addition, many different sectors are targeted by the group.
06.12.2024 Read More
Voodoo Bear (APT44 - Part 1)
In modern cyber warfare, not only independent hacker groups utilize digital arsenals, but states also deploy these means to enforce their interests.
18.11.2024 Read More
Wiper-Ransomware (Part 2)
Wiper is ransomware that pursues destruction as its goal. For example, it deletes the MBR, MFT, overwrites the files or encrypts the files and destroys the decrypt key.
12.11.2024 Read More
Wiper-Ransomware (Part 1)
A wiper is a ransomware whose main function is wiping, i.e. deleting or overwriting data, damaging the MBR (Master Boot Record) or MFT (Mater File Table).
01.10.2024 Read More
Fancy Bear (APT28)
It is becoming increasingly common for various media outlets to draw attention to Threat Actor attacks. Due to the political situation in different countries, it often happens that politically motivated hacker attacks are hinted at in such reports.
05.08.2024 Read More
Cozy Bear (APT29) Constant presences
Alongside Cozy Bear, other groups like APT28 (Fancy Bear), Voodoo Bear, Primitive Bear, and Venomous Bear employ advanced tactics to infiltrate and extract data from their targets.
29.07.2024 Read More
Enhancing Security with Microsoft Defender for Cloud Apps' New In-Browser Protection
Microsoft has introduced a new in-browser protection feature for Microsoft Defender for Cloud Apps. This update is designed to strengthen security by offering real-time monitoring and control over user activities in sanctioned and unsanctioned cloud applications.
04.06.2024 Read More
Weak DMARC security policies are exploited by APT43
Advanced Persistent Threat (APT) group APT43, originating from North Korea and known for its espionage activities, is currently exploiting poorly configured or unconfigured DMARC policies.
24.02.2024 Read More
Securing the Digital Frontier: Strategies Against the Rising Tide of Ransomware Threats
In the digital age, the threat landscape evolves with alarming speed, and ransomware groups are at the forefront of this change, wreaking havoc on businesses and individuals alike.
28.01.2024 Read More
Unraveling the "Mother of All Breaches": A Cybersecurity Alarm Bell
The "Mother of All Breaches" (MoAB), a term now synonymous with one of the largest data leaks in the history of cybersecurity, has been a jolting wake-up call for digital security worldwide. This breach encompassed a staggering 12 TB of information, impacting over 26 BN records.
28.01.2024 Read More
The Dual Faces of AI: From ChatGPT to Malicious Models
The realm of Artificial Intelligence (AI) is rapidly evolving, ushering in transformative tools like ChatGPT and Microsoft Copilot, which have revolutionized how we interact with technology.
17.01.2024 Read More
Navigating the Threat Landscape: Understanding and Mitigating Evilginx and Evilginx2 in the Age of Multi-Factor Authentication
In the dynamic world of cybersecurity, the evolution of attack methods like Evilginx and Evilginx2, designed to bypass robust defenses such as Multi-Factor Authentication (MFA), is closely matched by developments in attack frameworks.
13.01.2024 Read More
CVE-2023-7028 - Critical GitLab Vulnerability
CVE-2023-7028 is a critical vulnerability in GitLab that allows unauthorized account takeovers through a password reset mechanism. It was assigned a CVSS score of 10.0, indicating the highest level of severity.
12.01.2024 Read More
QR-Code Phishing: Navigating the New Frontier in Cybersecurity with Microsoft Defender for Office 365
In the realm of cybersecurity, the advent of QR-code phishing has introduced a novel challenge, reshaping the dynamics of digital threats and defenses. QR-code phishing, or 'Quishing,' is a tactic where QR codes are manipulated to facilitate phishing attacks.
23.12.2023 Read More
CVE-2023-50164 - RCE Vulnerability Apache Struts2
CVE-2023-50164 is a critical vulnerability discovered in Apache Struts 2. This vulnerability is related to a path traversal flaw that allows a remote attacker to upload malicious files to vulnerable servers, potentially leading to Remote Code Execution (RCE) on the target server.
27.11.2023 Read More
The LinkedIn Security Breach and the Intricacies of Data Scraping
The 2023 LinkedIn security breach, initially perceived as a significant threat, turned out to be less severe due to the inclusion of many fictitious email addresses. This incident, which involved the extraction of large data sets from LinkedIn, highlights the growing concern around data scraping practices by hackers.
14.09.2023 Read More
CVE-2023-38831 & CVE-2023-40477 - WinRAR Zero-days
CVE-2023-38831 identifies a file extension spoofing vulnerability in WinRAR, a popular Windows tool for compressing and decompressing files. This flaw allowed clever individuals to create ZIP or RAR files that appeared ordinary but were structured in a way that concealed malicious code.
31.08.2023 Read More
CVE-2023-36741 – Microsoft Edge bug
This is a vulnerability in Microsoft Edge (Chromium-based) that could allow an attacker to elevate their privileges on the affected system. The vulnerability has been assigned a high severity rating with a CVSS score of 8.3, indicating that it poses a significant risk.
23.08.2023 Read More
Cyber Briefing 08/2023
We see an increasing demand for information on current CVEs, APTs, malware, etc.. The newsletter will be our way to satisfy this demand and focus on threats, which are relevant to our customers.
21.08.2023 Read More
CVE-2023-35078 - Ivanti zero-day
The cybersecurity landscape has recently been shaken by a significant vulnerability in Ivanti Endpoint Manager Mobile (EPMM), previously known as MobileIron Core. This authentication bypass vulnerability has had a notable impact, affecting 12 ministries in Norway and illustrating its potential for widespread damage.