Top News

• North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts

"North Korean state-sponsored hackers, known as APT37 or ScarCruft, have been employing sophisticated tactics to breach systems, leveraging malicious ZIP files containing LNK files to initiate attacks."

Link

TLP¹ : Green

• Fortinet Identifies Malicious Packages in the Wild: Insights and Trends from November 2024 Onward

"FortiGuard Labs has analyzed malicious software packages detected from November 2024 to the present, identifying various techniques used to exploit system vulnerabilities."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa

"Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder."

Link

TLP¹ : Green

• US govt says Americans lost record $12.5 billion to fraud in 2024

"The U.S. Federal Trade Commission (FTC) said today that Americans lost a record $12.5 billion to fraud last year, a 25% increase over the previous year."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• X hit by ‘massive cyberattack’ amid Dark Storm’s DDoS claims

"The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Multiple vulnerabilities found in ICONICS industrial SCADA software

"The since-patched vulnerabilities allowed for privilege escalation, DLL hijacking, file modification and even total system compromise."

Link

TLP¹ : Green

• SAP Patches High-Severity XSS and Authorization Flaws in Latest Security Updates

"SAP has released its latest round of security updates, addressing 21 new vulnerabilities and providing 3 updates to previously released Security Notes. "

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• How remote work strengthens cybersecurity teams

"The global transition to remote work has reshaped traditional workplace dynamics, introducing challenges and opportunities for cybersecurity teams. For CISOs and security professionals, embracing a remote workforce can be a strategic advantage, enhancing team capabilities and driving the modernization of security practices."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Blind Eagle: …And Justice for All

"Check Point Research discovered a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. The campaigns are linked to Blind Eagle, also known as APT-C-36, and deliver malicious .url files, which cause a similar effect to the CVE-2024-43451 vulnerability."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp