Blog
This campaign was initially observed starting on 10/04/2024, soon after the exploit for CVE-2024-3273 became available. Subsequently, on 15/04/2024, the exploitation of CVE-2024-3721 began from the same attacker. We are confident that it is the same actor behind both exploits, as the IP addresses and malware samples were identical for both vulnerabilities.
In this comprehensive overview of cyber threats and defense strategies, we explored the CVE-2024-3400 vulnerability, a command injection flaw posing significant risks to network security. We discussed how Sphere, our advanced threat intelligence tool, offers organizations a proactive defense against evolving threats, leveraging decoys and behavioral analysis for real-time threat detection.
Smishing, a variant of phishing, exploits text messaging to deceive recipients into divulging personal or financial details.
The evolution of cryptography continues to captivate both experts and enthusiasts alike, especially in light of recent developments surrounding SHA-256 and its resilience against collision attacks. While SHA-256 remains robust for now, the history of cryptography underscores the need for continuous advancement to stay ahead of potential threats. In this dynamic landscape, zero-knowledge proofs (ZK-proofs) emerge as a formidable tool for safeguarding privacy in cryptographic protocols. These techniques allow individuals to assert possession of sensitive information without revealing the information itself, offering enhanced privacy and scalability benefits.
Delve into our in-depth investigation of FortiOS vulnerability CVE-2024-21762, where we employed reverse analysis techniques to uncover critical flaws
Sphere's proprietary threat intelligence tool has detected active exploitation of CVE-2023-20198, highlighting its critical role in cybersecurity vigilance. This detection, alongside advisories from Cisco Talos, underscores the urgent need for users to apply recommended patches and enhance network monitoring to protect against sophisticated cyber threats.
CVE-2023-6875 Exploitation in POST SMTP Mailer Plugin
Our advanced detection system, Sphere, has recently uncovered a new threat in the cybersecurity landscape. The infamous Mirai Botnet is now exploiting a vulnerability in Netgear DGN1000 routers, specifically targeting the 'Setup.cgi' Remote Code Execution.
The Norwegian National Security Authority (NSM) confirmed that a zero-day vulnerability, identified as CVE-2023-35078, was exploited to target the Norwegian government.
The cybercriminal gang successfully infiltrated Shell’s file transfer tool, MOVEit, and included the renowned British multinational on their extortion site.
Latitude Financial, an Australian consumer lender that offers personal loans and credit to customers at major retailers such as JB Hi-Fi, The Good Guys, and Harvey Norman, announced on March 22, 2021, that it had suffered a significant data breach.
Barcelona Hospital Clinic was hit by a ransomware attack on Sunday morning, which disrupted healthcare services after the hackers targeted the institution’s virtual machines.
The hacker group Medusa has targeted the Institute of Space Technology (IST), a public university in Islamabad, with a ransomware attack.
Traditional search engines like Google index websites and return web sites and web content. Shodan index IoT devices and returns publicly accessible information about them rather than website content.
A sandbox is a malware detection system that runs a suspected item in a virtual machine (VM) with a full-featured operating system and analyzes the object’s behavior to detect harmful activity.
GDPR is the world’s strongest set of data protection rules, improving how people access information about themselves and limiting what organizations can do with personal data.
The Hypertext Transfer Protocol (HTTP) is the foundation of the World Wide Web, and is used to load web pages using hypertext links. HTTP is an application layer protocol designed to transfer information between networked devices.
Using a parser, normalizer, and enrichment tool can be a valuable way to improve the efficiency and effectiveness of a Security Information and Event Management (SIEM) system.
Ransomware attacks continue to be a major concern for individuals and organizations alike. The latest addition to the growing list of ransomware threats is the Azov ransomware. Despite being new in the market, Azov has already shown its potential to cause significant damage.
Here is an example of how a Managed Security Service Provider (MSSP) might apply its services to a business.
In cybersecurity, staying vigilant against potential threats is of utmost importance. One effective strategy in this battle is the deployment of honeypots, decoy systems designed to attract and monitor malicious activities.
The Outlaw Advanced Persistent Threat (APT) group, once known for cryptomining and brute force attacks, has undergone a significant shift in their tactics.
Cybersecurity is a vast and ever-evolving field that covers a wide range of topics. From encryption and authentication to network security and incident response, the alphabet can serve as a useful metaphor for understanding the breadth of the field.
Another significant cybersecurity incident making headlines this year in Albania: A cyberattack launched by a hacker group based in Iran exploited the massive Albanian electronic services, central intelligence and the police department.
Cybersecurity is one of the biggest threats facing every company today. Cybercrime is a billion-dollar industry with no signs of slowing down. Because CEOs sit at the top of the corporate hierarchy, they must be aware of these dangers and make sure their organizations have the proper protections in place to prevent being attacked by hackers.
In today’s digital age, our online data is just as important as our physical health. Our personal information, financial data, and private conversations are all stored in the vast world of the internet. And just like our physical bodies, our online data is vulnerable to attacks. That’s where cybersecurity comes in – it’s the immune system of our digital world.
Supply chain attacks are a type of cyber attack where an attacker targets a company’s supply chain in order to gain unauthorized access to their systems or data. This involves compromising a third-party vendor or supplier that has access to the target company’s systems or data.
In recent years, the frequency and severity of hacker attacks have risen significantly. Ransomware attacks have been especially disruptive, as cybercriminals seize critical data and demand exorbitant payments for its release. This not only extorts money but also causes significant disruptions to business operations, and in some cases, even endangers lives.
The prevalence of cyberbullying has become a significant concern, particularly among children. With the increasing use of technology and online platforms, children are more vulnerable to the detrimental effects of cyberbullying.
Retail businesses face unique cybersecurity risks compared to other high-vulnerability sectors. Major retailers are highly public-facing and can easily become front-page news in case of a cyberattack
The Andromeda botnet, also known as Gamarue, Wauchos, and Andromeda Stealer, is a sophisticated and long-standing malware family that has been used for various purposes, such as spamming, DDoS attacks, and credential theft. It has been active since 2011 and has infected millions of devices worldwide.
Firewalls are essential security devices that protect networks from unauthorized access and malicious activities. These critical components operate on specialized operating systems (OS) designed to provide robust protection and optimize performance. In this article, we will delve into the world of firewalls and examine the hardened OS employed by some of the industry’s leading vendors. From well-established companies to innovative newcomers, let’s explore where firewalls run and the key characteristics of these operating systems.
In cybersecurity, safeguarding systems against unauthorized access is paramount. SSH (Secure Shell) stands as a widely-utilized protocol for remote server and network device access.
In today’s interconnected digital world, where nearly every aspect of our lives involves online accounts and personal data, ensuring the security of our information has become paramount.
Tirana International Hotel, June 30, 2023, IEKA (Institute of Registered Accounting Experts) held an important seminar on cyber security. The event highlighted the challenges of increasing cyber risk and highlighted the key role of independent auditors in identifying and mitigating these risks
Operational technology, which encompasses the hardware and software used to control and monitor physical devices and processes, plays a pivotal role in critical sectors such as energy, manufacturing, healthcare, and transportation.
Industrial control systems (ICS) form the backbone of critical infrastructure sectors, enabling the efficient management of industrial processes. However, these systems have increasingly become prime targets for malicious actors aiming to disrupt services, compromise sensitive data, or sabotage operations.
Born in 1979, it was created by Modicon and quickly became a cornerstone for establishing communication between intelligent devices in industrial settings. Modbus is a messaging structure that facilitates master-slave and client-server communication, enabling the seamless exchange of critical data
Stay Ahead: Get the Latest Cybersecurity Insights Delivered to Your Inbox