A toolset associated with China-linked espionage intrusions was employed in a ransomware attack, likely by a single individual.
The post Chinese Cyberspy Possibly Launching Ransomware Attacks as Side Job appeared first on SecurityWeek.
SecurityWeek – Read More
Identity security company CyberArk has acquired identity governance and administration (IGA) platform Zilla Security in a deal worth up to $175 million. The transaction consists of a $165 million cash portion and an additional $10 million “earn-out” which is payable upon meeting certain milestones — it can be seen as an incentive for the founders […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
The layoffs come soon after Sophos completed its $859 million acquisition of Secureworks.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Super-admin access vulnerability discovered in FortiOS Security Fabric. Exploitation could lead to widespread network breaches. Update now. Fortinet has…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
An analysis conducted by SecurityWeek shows that 405 cybersecurity-related mergers and acquisitions were announced in 2024.
The post SecurityWeek Analysis: Over 400 Cybersecurity M&A Deals Announced in 2024 appeared first on SecurityWeek.
SecurityWeek – Read More
Threat actors are increasingly exploiting two old vulnerabilities in ThinkPHP and OwnCloud in their attacks.
The post Exploitation of Old ThinkPHP, OwnCloud Vulnerabilities Surges appeared first on SecurityWeek.
SecurityWeek – Read More
Variston, a Barcelona-based spyware vendor, is reportedly being liquidated. Intelligence Online, a trade publication that covers the surveillance and intelligence industry, reported that a legal notice published in Barcelona’s registry on February 10 confirmed that Variston has gone into liquidation. This comes almost exactly a year after TechCrunch reported that Variston was in the process […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Palo Alto Networks has published 10 new security advisories, including one for a high-severity firewall authentication bypass vulnerability.
The post Palo Alto Networks Patches Potentially Serious Firewall Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Cyble’s weekly industrial control system (ICS) vulnerability report to clients warned about internet-facing medical imaging and critical infrastructure asset management systems that could be vulnerable to cyberattacks.
The report examined six ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities in total, but it focused on two in particular after Cyble detected web-exposed instances of the systems.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued advisories alerting users to vulnerabilities in medical imaging and asset management products.
Orthanc is an open-source DICOM server used in healthcare environments for medical imaging storage and retrieval, while Trimble Cityworks is a GIS-centric asset management system used to manage all infrastructure assets for airports, utilities, municipalities, and counties.
In a February 6 ICS medical advisory, CISA said the Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled, which could result in unauthorized access by a malicious actor. The Missing Authentication for Critical Function vulnerability, CVE-2025-0896, has been assigned a CVSS v3.1 base score of 9.8, just below the maximum score of 10.0.
Orthanc recommends that users update to the latest version or enable HTTP authentication by setting the configuration “AuthenticationEnabled”: true in the configuration file.
Cyble provided a publicly accessible search query for its ODIN vulnerability search tool, which users can use to find potentially vulnerable instances.
“This flaw requires urgent attention, as Cyble researchers have identified multiple internet-facing Orthanc instances, increasing the risk of exploitation,” the Cyble report said. “The exposure of vulnerable instances could allow unauthorized access to sensitive medical data, manipulation of imaging records, or even unauthorized control over the server. Given the high stakes in healthcare cybersecurity, immediate patching to version 1.5.8 or later, along with restricting external access, is strongly recommended to mitigate potential threats.”
CVE-2025-0994 is an 8.6-rated Deserialization of Untrusted Data in Trimble Cityworks that was reported to CISA by Trimble, which quickly patched the vulnerability and issued mitigation guidance. CISA issued an advisory on the vulnerability, which affects Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10, and also added the vulnerability to CISA’s Known Exploited Vulnerabilities catalog.
Cyble provided an ODIN search query for users to check for exposed Cityworks instances and a hash query for ODIN subscribers.
Cyble recommends several important controls for mitigating ICS vulnerabilities and improving the overall security of ICS systems. The measures include:
These vulnerabilities show the danger that medical and critical infrastructure system vulnerabilities can pose to patients, utilities, airports, and other sensitive environments. The organizations and CISA responded rapidly in these cases, but now users must do the same and ensure that the systems are patched and properly protected.
Regardless of the sector, staying on top of ICS vulnerabilities and applying good cybersecurity hygiene and controls can limit risk. This includes limiting internet exposure and properly protecting assets that must be accessed remotely.
To access the full report on ICS vulnerabilities observed by Cyble, along with additional insights and details, click here. By adopting a comprehensive, multi-layered security approach that includes effective vulnerability management, timely patching, and ongoing employee training, organizations can reduce their exposure to cyber threats. With the right tools and intelligence, such as those offered by Cyble, critical infrastructure can be better protected, ensuring its resilience and security in an increasingly complex cyber landscape.
The post Cyble Warns of Exposed Medical Imaging, Asset Management Systems appeared first on Cyble.
Blog – Cyble – Read More
ANY.RUN proudly presents Threat Intelligence Reports: investigative reports on cyber threats and attacks focused on delivering actionable insights to security professionals and decision makers.
Manually composed by our experienced analysts, the Reports provide data for threat monitoring and detection, incident mitigation and response, R&D, education, strategic planning and compliance.
These detailed attack overviews are based on comprehensive research of cyber threats, including malware, ransomware, phishing campaigns, and other malicious activities. APTs and cybercriminal groups are under special scrutiny as one of the most critical and persistent hazards to organizations and individuals.
TI Lookup’s paid customers get access to detailed reports with comprehensive intelligence data. For a wider audience, summaries on actors and threats are available. Some reports are also fully available for free.
Reach the reports in 3 easy steps:
1. Visit TI Lookup’s main page at intelligence.any.run.
2. Navigate to TI Reports via the icon on the left.
3. Click on a report of your choice in the feed.
View sample report on APT41 Attacks
As a fresh report is added, the “New” badge will emerge on the “TI Reports” icon.
TI Reports are founded on fresh real-world data about new and ongoing threats, handpicked and processed by ANY.RUN analysts. Our Interactive Sandbox, among other sources, provides us with a constantly filling community-powered collection of malware sample analyses.
Each report lets researchers dive deeper into any indicator or artifact with pre-created TI Lookup search queries to discover more relevant data.
Each report begins with the actor or vehicle overview and continues with its basic description: aims, origins, first-seens, targeted industries and countries. The description helps to grasp the scale and context of a threat, letting you understand its relevance to specific industries.
A list of TTPs used by the attackers contains their tactics, techniques and procedures which are methods and tools that adversaries engage and combine in their campaigns. TTPs are followed by a collection of indicators — of compromise (IOCs), of behavior (IOBs) and of attack (IOAs) — associated with the threat or the group.
TTPs and indicators are essential for setting up proactive cyber defense and are listed along with links to sandbox sessions showing them in action.
Last but not least, YARA and SIGMA rules are included for tuning the detection systems.
References and links for wider research are integrated into report text, and more are added as an appendix.
For security analysts and SOC teams, Threat Intelligence Reports are to fuel the critical measures in building and supporting a robust cyber security infrastructure:
For organization stakeholders and decision makers, TI Reports are a valuable resource for fulfilling security-related business goals and objectives:
Threat Intelligence Reports, as unique pieces of research crafted by ANY.RUN’s threat analysts with proactive approach to cyber attacks in mind, can assist both security teams in their everyday routine, and management in their strategic planning.
ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, YARA Search, and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.
Request free trial of ANY.RUN’s services →
The post Threat Intelligence Reports: Get Fresh Research on the Latest Cyber Attacks and APTs appeared first on ANY.RUN’s Cybersecurity Blog.
ANY.RUN’s Cybersecurity Blog – Read More