Blog Entries

31. 07. 2024 Mirko Ioris SEC4U, SOCnews

July 19 – The Day Cyber Security Almost Caused a Global IT Blackout

On Friday morning, July 19th, a major computer outage caused problems in Microsoft computers all over the world. There were delays and flight cancellations at several airports, and malfunctions in the computer systems of banks, shops, hospitals and the media. The IT blackout was caused by a faulty update released for Falcon Sensor, the EDR…

Read More
30. 06. 2024 Mirko Ioris SOCnews

SOC News | June 30 – TeamViewer Victim of a Security Breach

TeamViewer, the popular remote access software developed by the company of the same name, discovered an irregularity in its internal IT environment on 26 June. They disclosed the potential breach in a statement the following day, stating that they had immediately begun an investigation to implement remediation measures. In an update on Friday 28th, TeamViewer…

Read More
24. 05. 2024 Mirko Ioris SOCnews

SOC News | May 24 – Patch This Veeam Critical Vulnerability Now

On May 21, Veeam published details about four different vulnerabilities detected in their product Veeam Backup Enterprise Manager (VBEM). One of them is critical and allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. CVE Number CVSS Score EPSS Score CVE-2024-29849 9.8 (Critical) 0.04% (Low) CVE-2024-29850…

Read More
16. 05. 2024 Mirko Ioris SOCnews

SOC News | May 16 – Data stolen from SYNLAB published on the Dark Web

SYNLAB, European leader in medical diagnostic services, was the victim of a cyber attack last April. The compromised infrastructure is the one that runs Italians clinics only, other countries were not affected. In early May, ransomware group BlackBasta claimed responsibility for the attack, saying it had stolen 1.5TB of sensitive medical data from Italian citizens….

Read More
30. 04. 2024 Mirko Ioris SOCnews

SOC News | Apr 30 – New Cyber Attacker Groups Detected

During the last week of April, our Attacker Centric SOC detected multiple new cyber attacker group websites in the Dark Web. Called Dedicated Leak Sites (DLS), they are widely used by ransomware gangs to publish stolen confidential data when the victim refuses to pay the ransom. Usually, after an attack is claimed, a small amount of…

Read More
26. 04. 2024 Mirko Ioris SOCnews

SOC News | Apr 26 – ArcaneDoor: A New Espionage Campaign

Cisco Talos identified a previously unknown state-sponsored actor behind ArcaneDoor, a sophisticated cyber espionage campaign targeting the perimeter network devices of several vendors. This actor is now tracked as UAT4356 by Talos and STORM-1849 by the Microsoft Threat Intelligence Center. The initial attack vector is still unknown, but the attacker exploited two previously unknown vulnerabilities. An…

Read More
24. 04. 2024 Mirko Ioris SOCnews

SOC News | Apr 24 – Full AMMEGA Data Breach Published

Using our CTI SATAYO platform, we identified an artifact belonging to AMMEGA’s data breach. AMMEGA is a multinational manufacturing company based in the Netherlands with revenues of $1.2 billion. It was the victim of an attack carried out by the Cactus ransomware gang in early March. The ransomware operators exfiltrated 3 TB of data and…

Read More
28. 03. 2024 Mirko Ioris SOCnews

SOC News | Mar 28 – New Vulnerabilities Added to the KEV Catalog

On March 25, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The catalog is updated regularly and contains those vulnerabilities most likely to be used in attacks. Organizations should monitor and review it periodically, and prioritize their patching efforts based on it. I’ll provide a…

Read More
11. 03. 2024 Mirko Ioris SOCnews

SOC News | Mar 11 – JetBrains TeamCity Authentication Bypass Vulnerabilities

On March 4, 2024, JetBrains released TeamCity version 2023.11.4, which patches two authentication bypass vulnerabilities in the web component of TeamCity. These vulnerabilities were discovered in February by Rapid7’s vulnerability research team and allow a remote unauthenticated attacker to perform a complete compromise of a vulnerable TeamCity installation, including unauthenticated RCE (remote code execution). CVE…

Read More
04. 01. 2024 Mirko Ioris Blue Team, SEC4U

Hacker Group Activities and Cyber Security Concerns | Second Semester 2023

A Security Operation Center (SOC) is a service where the customer is an active participant. Establishing a good relationship with the customer is an important requirement for handling security incidents more efficiently. Our SOC analysts produce and deliver several reports, most of them on a monthly basis. They are usually presented to clients during a…

Read More
30. 10. 2023 Mirko Ioris Blue Team, Red Team, SEC4U

Adding SOAR Features to the SOC – Part 1: Vulnerability Management

Security Orchestration, Automation and Response (SOAR) is a set of functionalities used by the SOC team to automate security activites, improve workflow management and share threat intelligence data. Security Operation Centres (SOCs) can leverage SOAR to gain in-depth knowledge of the threats they face, trigger automatic responses to security issues and achieve better efficiency. In this…

Read More
28. 08. 2023 Mirko Ioris Blue Team, SEC4U

Hacker Group Activities and Cyber Security Concerns | First Semester 2023

A Security Operation Center (SOC) is a service where the customer is an active participant. Establishing a good relationship with the customer is an important requirement for handling security incidents more efficiently. Our SOC analysts produce and deliver several reports, most of them on a monthly basis. They are usually presented to clients during a…

Read More
13. 06. 2023 Mirko Ioris Blue Team, Red Team, SEC4U

The New .zip Domains do More Harm Than Good

In this article we’ll discuss the security concerns caused by Google’s introduction of .zip domains. First things first, let’s understand what a domain is and how it’s structured. What is a domain? A domain is a text string that allows a user to access the specified web site once typed into a browser. This string…

Read More
21. 12. 2022 Mirko Ioris Blue Team, SEC4U

Meet the SOC Weekly Reports, a New Way to Inform Customers

One of the most comprehensive services offered by Wuerth-Phoenix’s Cyber Security team is the Security Operation Center (SOC). An SOC is capable of monitoring an IT environment, scanning all messages sent within the internal network, and all operations performed on corporate devices. Through the use of detection rules, the SOC is able to identify anomalies…

Read More
18. 10. 2022 Mirko Ioris ctf-writeups, SEC4U

Description of a Forensics Challenge – HTB Business CTF 2022

For those who don’t know, several of us at Wuerth-Phoenix often participate in Capture The Flag (CTF) events. CTFs are programming challenges where a message (the flag) is hidden somewhere inside code, an application or a website. Usually they are divided into different categories, and within this article we’ll focus on a forensics challenge. I…

Read More

Archive