Tag: ACTIVE DIRECTORY

New Ransomware Operator Exploits Fortinet Vulnerability Duo
Forescout Research has identified a new ransomware strain, dubbed SuperBlack, linked to the threat actor “Mora_001”, exploiting vulnerabilities in Fortinet devices. This threat actor is connected to the LockBit ransomware ecosystem and demonstrates sophisticated tactics including rapid ransomware deployment, user account creation across victim networks, and the use of modified LockBit tools.…
Read More
Silk Typhoon Targeting IT Supply Chain
Microsoft Threat Intelligence has revealed that the Chinese espionage group Silk Typhoon is shifting tactics to exploit IT solutions and cloud applications for gaining access to organizations. Despite not directly targeting Microsoft services, they utilize unpatched applications for malicious activities once inside a victim’s network. The article emphasizes the need for awareness and suggests mitigation strategies to defend against this growing threat.…
Read More
Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor
In August 2024, ESET researchers uncovered cyberespionage activities by the MirrorFace APT group targeting a Central European diplomatic institute related to Expo 2025 in Osaka, Japan. This marks the first instance of MirrorFace infiltrating a European entity, showcasing new tactics and tools, including the backdoor ANEL and a customized variant of AsyncRAT.…
Read More
BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle Technique
The article discusses the increasing threat of Browser in the Middle (BitM) attacks which allow adversaries to compromise user sessions across various web applications swiftly. While multi-factor authentication (MFA) is critical for security, sophisticated social engineering tactics can successfully bypass it by targeting session tokens. To combat these threats, organizations are urged to implement robust defenses such as hardware-based MFA, client certificates, and FIDO2.…
Read More
Major Cyber Attacks in Review: February 2025
In February 2025, multiple significant cyber incidents revealed ongoing risks across various industries worldwide. Notable attacks included the Qilin ransomware incident at Lee Enterprises, which disrupted media distribution, and a .5 billion cryptocurrency theft attributed to North Korea’s Lazarus Group. Breaches at DISA Global Solutions, Orange, and LANIT highlighted severe vulnerabilities in finance, telecom, healthcare, media, and government sectors.…
Read More
[Law] Former software dev faces up to 10 years behind bars for sabotaging employer’s systems
Summary: Davis Lu, a former software developer at Eaton Corporation, was found guilty of intentionally sabotaging the company’s computer systems after being demoted in 2018. He deployed custom malware and a “kill switch” that locked out thousands of employees, causing significant operational disruptions. Lu now faces a potential prison sentence of up to 10 years for his actions.…
Read More
Why Most Microsegmentation Projects Fail—And How Andelyn Biosciences Got It Right
Summary: Microsegmentation can be a crucial strategy for achieving Zero Trust security, but traditional approaches often fail due to complexity and operational disruptions. Andelyn Biosciences successfully implemented Elisity’s identity-based microsegmentation approach, allowing them to rapidly secure their networks without significant downtime or resource allocation. This case highlights the importance of visibility and policy simulation in modern segmentation efforts.…
Read More
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware
Trend Research’s analysis of SocGholish’s MaaS framework highlights its critical role in delivering RansomHub ransomware via compromised websites. Utilizing highly obfuscated JavaScript loaders, SocGholish evades detection and successfully executes malicious tasks. Notably, the framework propels initial access for ransomware attacks, mainly affecting government entities in the United States.…
Read More
Response to CISA Advisory (AA25-071A): #StopRansomware: Medusa Ransomware
This article discusses a cybersecurity advisory released on March 12, 2025, by the FBI, CISA, and MS-ISAC regarding the Medusa ransomware, detailing its methods, impacts, and tactics used. Medusa is a Ransomware-as-a-Service operation that targets Windows environments and has affected over 300 victims. The advisory provides insights into its tactics, techniques, and procedures (TTPs) to help organizations bolster their security measures.…
Read More
Major Cyber Attacks Targeting the Finance Industry
The finance industry is facing an increasing number of cyberattacks, with significant recent incidents exposing vast amounts of sensitive data. Notable breaches have involved major financial institutions and data theft, highlighting vulnerabilities and the need for robust cybersecurity measures. The financial sector must adapt to evolving threats, including ransomware attacks and Dark Web exploitation, to safeguard personal and financial information.…
Read More
Redelegate – VulnLab | ForceChangePassword, GenericAll, and Constrained Delegation
In this article, the author, known as Maverick, provides a detailed walkthrough of exploiting an Active Directory machine, showcasing various techniques such as DACL abuse and constrained delegation. Maverick employs tools like Nmap to identify vulnerabilities and FTP to download sensitive files, ultimately leading to privilege escalation through clever password management and attack vectors.…
Read More
Large Ransomware Models: Hijacking LRMs With Chain-of-Thought Reasoning
This article explores the methods of exploiting large reasoning models (LRMs) to produce malicious code, specifically focusing on ransomware development. Utilizing the research from Duke’s Center for Computational Evolutionary Intelligence, the author reflects on the challenges of bypassing the ethical safeguards of LRMs while aiming to further understand and counteract ransomware threats.…
Read More
Quantum leap: Passwords in the new era of computing security
Summary: The National Institute of Standards and Technology (NIST) has released its first finalized post-quantum encryption standards to protect against potential threats posed by quantum computers. These new standards are essential as traditional cryptographic methods may become vulnerable to quantum attacks. Organizations need to adapt their security measures, particularly in password protection, to mitigate the risks associated with advancing quantum technologies.…
Read More
Developer Convicted for Hacking Former Employer’s Systems
Summary: A Texas software developer, Davis Lu, was convicted for deploying malware to sabotage his employer’s computer systems, resulting in significant financial losses. After being restricted in access due to corporate changes, Lu executed malicious code that caused system crashes and deleted critical employee files. His actions, which included creating a ‘kill switch’ linked to his credentials, culminated in his conviction for intentional computer damage, with a potential maximum sentence of 10 years in prison.…
Read More
Make your own Pentest Lab, — Part 3 (The War)
This article provides a detailed account of a hands-on ethical hacking exercise focusing on attacking vulnerable systems and showcasing the exploits used. The first step involved scanning for vulnerabilities, followed by executing various attacks on different machines. Notable vulnerabilities exploited include EternalBlue, ZeroLogon, Apache HTTP Server Path Traversal, and Maltrail RCE.…
Read More
Qilin Ransomware Gang Claims the Hack of the Ministry of Foreign Affairs of Ukraine
Summary: The Qilin Ransomware group has claimed responsibility for an attack on Ukraine’s Ministry of Foreign Affairs, allegedly stealing sensitive data and selling some of it. They provided evidence of the stolen documents, but the ministry has not yet confirmed the breach. This incident marks an escalation in hybrid warfare tactics between Russia and Ukraine, with cybercrime groups playing a significant role.…
Read More