Top News

• Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

"The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop."

Link

TLP¹ : Green

• Compromised ultralytics PyPI package delivers crypto coinminer

"A compromised build environment led to a malicious deployment of a popular AI library that had the potential of delivering other malware."

Link

TLP¹ : Green

• MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks

"Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Romania's election systems targeted in over 85,000 cyberattacks

"A declassified report from Romania’s Intelligence Service says that the country’s election infrastructure was targeted by more than 85,000 cyberattacks."

Link

TLP¹ : Green

• Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers

"Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Anna Jaques Hospital ransomware breach exposed data of 300K patients

"Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 310,000 patients."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Google Fixes Critical RCE Vulnerabilities in December 2024 Pixel Security Update

"Google has rolled out its December 2024 security update for Pixel devices, addressing a total of 28 vulnerabilities, including two critical remote code execution (RCE) flaws in the Cellular baseband subcomponent."

Link

TLP¹ : Green

• QNAP Addresses High Severity Vulnerabilities in License Center and Operating Systems

"QNAP, a leading provider of network-attached storage (NAS) solutions, has issued a security advisory addressing multiple vulnerabilities affecting its License Center and QTS/QuTS hero operating systems."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Who handles what? Common misconceptions about SaaS security responsibilities

"In this Help Net Security interview, James Dolph, CISO at Guidewire, addresses common misconceptions about security responsibilities in cloud environments, particularly in SaaS, and how these misunderstandings can lead to security risks."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Network Abuses Leveraging High-Profile Events: Suspicious Domain Registrations and Other Scams

"Threat actors frequently exploit trending events like global sporting championships to launch attacks, including phishing and scams. Because of this, proactive monitoring of event-related domain abuse is crucial for cybersecurity teams."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp