InfoSec News 20250211
Top News
-
Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores
"Sucuri researchers observed threat actors leveraging Google Tag Manager (GTM) to install e-skimmer software on Magento-based e-stores."
TLP1 : Green
-
Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks
"Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
US sanctions LockBit ransomware’s bulletproof hosting provider
"The United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang."
TLP1 : Green
-
Hacker pleads guilty to SIM swap attack on US SEC X account
"Today, an Alabama man pleaded guilty to hijacking the U.S. Securities and Exchange Commission (SEC) account on X in a January 2024 SIM swapping attack."
TLP1 : Green
-
Police arrests 4 Phobos ransomware suspects, seizes 8Base sites
"A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base’s dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims worldwide."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
120K Victims Compromised in Memorial Hospital Ransomware Attack
"After claiming responsibility for the ransomware attack in 2024, the "Embargo" ransomware group posted 1.15 terabytes of stolen data to its public Tor site."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Apple fixes zero-day exploited in 'extremely sophisticated' attacks
"Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and "extremely sophisticated" attacks."
TLP1 : Green
-
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw
"Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Protecting Your Software Supply Chain: Assessing the Risks Before Deployment
"Imagine you're considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization's environment."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Abusing libxml2 quirks to bypass SAML authentication on GitHub Enterprise (CVE-2025-23369)
"Last year, GitHub had issued some CVEs for issues that affected their SAML authentication implementation, for example, you can read about CVE-2024-4985/CVE-2024-948 on ProjectDiscovery blog. I decided to take a look on it maybe there was still some problems left."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.