Mar 06, 2025Ravie LakshmananData Security / Software Security Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been … [Read more...] about Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Security
Attackers distributing Trojans disguised as DeepSeek or Grok clients for Windows
In early 2025, the Chinese chatbot, DeepSeek, burst onto the AI scene. It provoked much comment and controversy across the globe: we could hardly fail to spot the similarity of its logo to our own, comparisons with ChatGPT were abundant, and in Italy, South Korea, Australia, and other countries, DeepSeek was blocked altogether. The hype was — and remains — intense, including … [Read more...] about Attackers distributing Trojans disguised as DeepSeek or Grok clients for Windows
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Mar 05, 2025Ravie LakshmananNetwork Security / Data Breach The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks. That's according to new findings from the Microsoft … [Read more...] about China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
Mar 04, 2025Ravie LakshmananCybercrime / Threat Intelligence Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. "Once infiltrated, it grants … [Read more...] about Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
Cross-Domain Attack Defense with Intel-Led Threat Hunting
1. Initial Entry and Exploitation In the first stage of this attack, the adversary set up a command-and-control (C2-1 in Figure 1) infrastructure to launch their attack. They targeted a Linux Tomcat server, exploiting a known vulnerability to gain root access. Once inside, they conducted reconnaissance using standard tools like LDAP search to enumerate network shares and … [Read more...] about Cross-Domain Attack Defense with Intel-Led Threat Hunting
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
Mar 03, 2025Ravie LakshmananCloud Security / Email Security Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), … [Read more...] about Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language
Mar 01, 2025Ravie LakshmananPrivacy / Data Protection Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to all information uploaded by users. The revised Terms of Use now states - You give Mozilla the rights necessary to operate Firefox. This includes … [Read more...] about Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language
Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone
Feb 28, 2025Ravie LakshmananMobile Security / Zero-Day A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. "The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploit chain targeting Android … [Read more...] about Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone
a Double-Edged Sword for IT Teams – Essential Yet Exploitable
Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It's like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work from home or anywhere, making RDP a true game-changer in today's work … [Read more...] about a Double-Edged Sword for IT Teams – Essential Yet Exploitable
CrowdStrike 2025 Global Threat Report: Beware the Enterprising Adversary
Today’s adversaries have long been accelerating and evolving their operations. Now they are developing a business-like structure, refining and scaling their successful strategies, and exploring new technologies to cultivate a more efficient approach to cyberattacks. 2024 was the year of the enterprising adversary. The CrowdStrike Global Threat Report delivers critical … [Read more...] about CrowdStrike 2025 Global Threat Report: Beware the Enterprising Adversary