Tag: FIREWALL

Technical Advisory: Mass Exploitation of CVE-2024-4577
In June 2024, Bitdefender Labs highlighted a critical security vulnerability (CVE-2024-4577) in PHP affecting Windows systems in CGI mode, allowing remote code execution through manipulated character encoding. This vulnerability has seen an increase in exploitation attempts, especially in Taiwan and Hong Kong, with attackers also modifying firewall settings to block known malicious IPs.…
Read More
Cloudflare now blocks all unencrypted traffic to its API endpoints
Summary: Cloudflare has ceased all HTTP connections for its API, now requiring secure HTTPS connections only. This change aims to eliminate the risks of sensitive data exposure through unencrypted requests, particularly on public networks. Consequently, any existing HTTP-based integrations will cease to function immediately, with Cloudflare recommending users transition to HTTPS.…
Read More
New Ransomware Operator Exploits Fortinet Vulnerability Duo
Forescout Research has identified a new ransomware strain, dubbed SuperBlack, linked to the threat actor “Mora_001”, exploiting vulnerabilities in Fortinet devices. This threat actor is connected to the LockBit ransomware ecosystem and demonstrates sophisticated tactics including rapid ransomware deployment, user account creation across victim networks, and the use of modified LockBit tools.…
Read More
In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw
Summary: This week’s cybersecurity news roundup highlights key developments, including significant legal rulings, vulnerability disclosures, and actions against malicious activities. Notably, a former Uber security chief’s conviction was upheld, and critical security vulnerabilities were identified in popular software. The roundup aims to provide a broader understanding of the evolving cybersecurity landscape.…
Read More
10 Critical Network Pentest Findings IT Teams Overlook
Summary: After conducting over 10,000 automated internal network penetration tests, vPenTest identifies critical security gaps due to common misconfigurations, unpatched systems, and weak passwords. The analysis reveals that these vulnerabilities present significant risks that attackers can exploit easily, often resulting from simple oversights. The article outlines the ten most pressing internal network security risks and provides recommendations to mitigate them effectively.…
Read More
Silk Typhoon Targeting IT Supply Chain
Microsoft Threat Intelligence has revealed that the Chinese espionage group Silk Typhoon is shifting tactics to exploit IT solutions and cloud applications for gaining access to organizations. Despite not directly targeting Microsoft services, they utilize unpatched applications for malicious activities once inside a victim’s network. The article emphasizes the need for awareness and suggests mitigation strategies to defend against this growing threat.…
Read More
Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation
This report discusses the ongoing exploitation of older VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684, highlighting how attackers, including cybercriminal and state-sponsored groups, continue to target these flaws for credential theft and administrative control. The research indicates substantial growth in discussions around Fortinet VPN vulnerabilities on cybercriminal forums, illustrating their significance in the current threat landscape.…
Read More
TryHackMe Ignite Room Walkthrough: Exploiting Fuel CMS 1.4.1 RCE
This article provides a detailed walkthrough of exploiting a Remote Code Execution vulnerability found in Fuel CMS 1.4.1 (CVE-2018–16763) through TryHackMe’s Ignite room. It covers the steps from enumeration to post-exploitation, emphasizing the importance of input validation and system patching for defense. Affected: Fuel CMS, web applications

Keypoints :

Exploit Remote Code Execution vulnerability in Fuel CMS 1.4.1.…
Read More
New XCSSET Malware Adds New Obfuscation and Persistence Techniques to Infect Xcode Projects | Microsoft Security Blog
A new variant of XCSSET malware has been discovered, which is specifically designed to infect macOS Xcode projects. This sophisticated malware utilizes advanced obfuscation, updated persistence techniques, and novel infection strategies to exfiltrate sensitive information, including digital wallet data. It operates in a stealthy manner, often remaining fileless, which complicates detection and removal efforts.…
Read More
‘Mora_001’ ransomware gang exploiting Fortinet bug spotlighted by CISA in January
Summary: A new ransomware operation named Mora_001 is exploiting two vulnerabilities in Fortinet products linked to the LockBit group. The operation has led to the deployment of a ransomware strain called SuperBlack, which takes advantage of security weaknesses in Fortigate firewall appliances. Researchers warn that threat actors are targeting organizations that have not applied necessary patches to these vulnerabilities.…
Read More
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…
Read More
Ransomware gang creates tool to automate VPN brute-force attacks
Summary: The Black Basta ransomware operation has developed an automated brute-forcing tool named ‘BRUTED’ that targets edge networking devices such as firewalls and VPNs. This framework enhances their ransomware attacks by providing streamlined access to vulnerable endpoints, with reports of increased credential-stuffing attacks throughout 2024. The tool has been designed to evade detection while significantly increasing attack efficiency on various remote-access products.…
Read More
Why Most Microsegmentation Projects Fail—And How Andelyn Biosciences Got It Right
Summary: Microsegmentation can be a crucial strategy for achieving Zero Trust security, but traditional approaches often fail due to complexity and operational disruptions. Andelyn Biosciences successfully implemented Elisity’s identity-based microsegmentation approach, allowing them to rapidly secure their networks without significant downtime or resource allocation. This case highlights the importance of visibility and policy simulation in modern segmentation efforts.…
Read More
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware
Trend Research’s analysis of SocGholish’s MaaS framework highlights its critical role in delivering RansomHub ransomware via compromised websites. Utilizing highly obfuscated JavaScript loaders, SocGholish evades detection and successfully executes malicious tasks. Notably, the framework propels initial access for ransomware attacks, mainly affecting government entities in the United States.…
Read More
Response to CISA Advisory (AA25-071A): #StopRansomware: Medusa Ransomware
This article discusses a cybersecurity advisory released on March 12, 2025, by the FBI, CISA, and MS-ISAC regarding the Medusa ransomware, detailing its methods, impacts, and tactics used. Medusa is a Ransomware-as-a-Service operation that targets Windows environments and has affected over 300 victims. The advisory provides insights into its tactics, techniques, and procedures (TTPs) to help organizations bolster their security measures.…
Read More
New SuperBlack ransomware exploits Fortinet auth bypass flaws
Summary: A new ransomware group named ‘Mora_001’ is leveraging Fortinet vulnerabilities CVE-2024-55591 and CVE-2025-24472 to compromise firewall appliances and deploy their ransomware variant known as SuperBlack. This group utilizes a structured attack strategy, gaining high-level privileges and executing double extortion tactics. There are indications that SuperBlack is connected to LockBit operations through several shared methods and tools.…
Read More