Top News

• Cybercriminals Exploit Weekend Lull to Launch Ransomware Attacks

"Ransomware gangs are increasingly targeting weekends and holidays, when cybersecurity teams are typically less staffed, according to a new report from Semperis."

Link

TLP¹ : Green

• Unveiling LIMINAL PANDA: A Closer Look at China's Cyber Threats to the Telecom Sector

"Since at least 2020, LIMINAL PANDA has targeted telecommunications entities using custom tools that enable covert access, command and control (C2) and data exfiltration. The adversary demonstrates extensive knowledge of telecommunications networks, including understanding interconnections between providers."

Link

TLP¹ : Green

• AiTM Phishing, Hold the Gabagool: Analyzing the Gabagool Phishing Kit

"The TRAC Labs team has been monitoring the recent wave of phishing campaigns and is tracking this phishing kit under the name Gabagool targeting corporate and government employees."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

"A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection."

Link

TLP¹ : Green

• Russian Ransomware Gangs on the Hunt for Pen Testers

"In further proof of the professionalization of Russian cybercriminal groups, ransomware gangs have been posting job ads for security positions such as pen testers, looking to boost their ransomware deployment operations."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Ford investigates alleged breach following customer data leak

"Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• CVE-2024-51503: Trend Micro Deep Security Agent RCE Vulnerability Fixed

"A recently discovered vulnerability in the Trend Micro Deep Security 20 Agent could have allowed attackers to execute arbitrary code on affected machines. The vulnerability, identified as CVE-2024-51503, has been addressed in the latest update."

Link

TLP¹ : Green

• CVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to Compromise

"CVE-2024-47533 exposes Cobbler servers to unauthorized access and control, enabling attackers to manipulate system configurations."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• NHIs Are the Future of Cybersecurity: Meet NHIDR

"The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware

"Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius. Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp