Using our CTI SATAYO platform, we identified an artifact belonging to AMMEGA’s data breach. AMMEGA is a multinational manufacturing company based in the Netherlands with revenues of $1.2 billion. It was the victim of an attack carried out by the Cactus ransomware gang in early March. The ransomware operators exfiltrated 3 TB of data and…
Read MoreOn March 25, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The catalog is updated regularly and contains those vulnerabilities most likely to be used in attacks. Organizations should monitor and review it periodically, and prioritize their patching efforts based on it. I’ll provide a…
Read MoreMuch has already been said about Initial Access Brokers (IABs) so I will limit myself to a brief description and then delve into the main theme of this article. The theme of Initial Access Brokers was summarized fantastically in the Initial Access Broker Landscape project by Curated Intelligence, reported in this link, which I recommend…
Read MoreOn March 4, 2024, JetBrains released TeamCity version 2023.11.4, which patches two authentication bypass vulnerabilities in the web component of TeamCity. These vulnerabilities were discovered in February by Rapid7’s vulnerability research team and allow a remote unauthenticated attacker to perform a complete compromise of a vulnerable TeamCity installation, including unauthenticated RCE (remote code execution). CVE…
Read MoreOn 19 February, through an operation coordinated by the National Crime Agency (NCA), a large part of the infrastructure of the Lockbit ransomware gang was seized. The ransomware gang, active since 2019, is undoubtedly best known within the field of double extortion ransomware attacks, having published claims relating to 2,591 attacked organizations over the years….
Read MoreOn February 8, 2024, Fortinet disclosed 2 critical vulnerabilities which could allow remote code or command execution. The vulnerabilities are as follows: FortiOS – Format String Bug in fgfmd, with CVSS severity 9.8 The versions prone to this vulnerability are: Version Affected Solution FortiOS 7.4 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above FortiOS 7.2…
Read MoreStarting February 1st, rumors regarding a possible compromise of AnyDesk began to circulate online. These rumors became more insistent as the contents of the January 29 Release Notes were noted. What initially appeared to be just normal maintenance activity on Anydesk’s infrastructure was later revealed to actually be a compromise. AnyDesk has in fact made…
Read MoreKasseika Threat Actor has joined the club of Threat Actors that currently use Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus/EDR software before carrying out malicious activities, such as encrypting files. Kasseika abuses the Martini driver, part of the TG Soft’s VirIT Agent System. By using BYOVD attacks, the malware gains privileges it…
Read MoreSEC Consult researchers showed that some software allows a bad actor to inject a specially crafted email message concealing a second message hidden inside the body of the original message. This passes into the inbound SMTP server, which interprets the text as a separate second message. The attack relies on incorrect handling of the <CR><LF>.<CR><LF> sequence of…
Read More