admin

admin

  • Joined: September 10, 2024
  • Articles: 5779

Cryptocurrency Firms Targeted in Advanced 3CX Supply Chain Attack

April 4, 2023
Cryptocurrency / Cyber Attack

A sophisticated supply chain attack on 3CX has led to a second-stage implant specifically targeting a select number of cryptocurrency firms. Kaspersky, a Russian cybersecurity company, has been monitoring this adaptable backdoor, known as Gopuram, since 2020. They noted a surge in infections coinciding with the March 2023 3CX breach. Gopuram’s main purpose is to connect to a command-and-control (C2) server, enabling attackers to interact with the victim’s file system, initiate processes, and execute up to eight in-memory modules. The malware has ties to North Korea, as it has been found on victim machines alongside AppleJeus, another backdoor linked to the Korean-speaking Lazarus group, which previously targeted a cryptocurrency company in Southeast Asia in 2020. This recent focus on cryptocurrency firms underscores a troubling trend.

Cryptocurrency Firms Targeted in Advanced 3CX Supply Chain Attack On April 4, 2023, cybersecurity reports emerged detailing a sophisticated supply chain attack targeting the 3CX communication software, with a specific focus on a select group of cryptocurrency companies. The cyber…

Initial Access Brokers Adapt Strategies, Offering More for Less

April 11, 2025
Cybercrime / Security Breach

Understanding IABs: Initial Access Brokers (IABs) focus on breaching computer systems and networks and then selling that access to other criminals. This specialization allows them to dedicate their efforts to exploiting vulnerabilities, using techniques like social engineering and brute-force attacks. By selling access rather than carrying out ransomware attacks themselves, IABs significantly lower their risks. They leverage their skills in infiltrating networks, simplifying the attack process for their buyers.

This business model not only helps IABs maintain a lower profile and reduce risks but also allows them to profit from their technical expertise. Primarily operating on dark web forums and in underground markets, IABs may work independently or as part of larger operations, such as Ransomware-as-a-Service (RaaS) groups. They serve as a vital component of the cybercrime ecosystem, connecting various players in this illicit landscape.

Initial Access Brokers Adjust Strategies, Offering Increased Access at Reduced Rates April 11, 2025 — Cybercrime / Security Breach Recent developments in the cybercrime landscape reveal a shift in tactics employed by Initial Access Brokers (IABs). These individuals or groups…

Safeguard Your Business: Simplifying Ransomware Prevention

April 5, 2023
Endpoint / Network Security

Each year, hundreds of millions of malware attacks occur globally, leaving businesses to contend with the fallout from viruses, worms, keyloggers, and ransomware. Malware poses a significant threat and drives many organizations to seek cybersecurity solutions. However, simply focusing on malware protection isn’t sufficient. A comprehensive strategy is essential.

Businesses must first defend against malware infiltrating their networks. Then, they should implement systems and processes that minimize the potential damage in case a user device becomes infected. This proactive approach not only helps in thwarting and mitigating the effects of malware but also fortifies defenses against various other threats, including credential theft via phishing, insider risks, and supply chain vulnerabilities.

Element 1: Comprehensive Malware Protection and Web Filtering
The first step…

Fortify Your Organization: Simplifying Ransomware Prevention April 5, 2023 In the ever-evolving landscape of cybersecurity, organizations face an alarming increase in malware incidents yearly, with hundreds of millions of attacks reported globally. Ransomware, alongside viruses, worms, and keyloggers, has emerged…

OpenAI and Anthropic Exchange Safety Evaluations

Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Evaluations of AI Models by Industry Giants Highlight Safety Risks Rashmi Ramesh (rashmiramesh_) • August 28, 2025 Image: Shutterstock This past summer, OpenAI and Anthropic engaged in a unique exercise…

Fortinet Alerts: Attackers Maintain Read-Only Access to FortiGate Devices After Patching Using SSL-VPN Symlink Exploit

April 11, 2025
Network Security / Vulnerability

Fortinet has disclosed that cybercriminals have discovered a method to preserve read-only access to compromised FortiGate devices, even after vulnerabilities exploited for initial breaches have been patched. The attackers reportedly utilized known security weaknesses, including CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. “A threat actor exploited a known vulnerability to establish read-only access to affected FortiGate devices,” the network security firm stated in an advisory released Thursday. “This was accomplished by creating a symbolic link that connects the user file system with the root file system in a directory used for SSL-VPN language files.” Fortinet noted that these alterations occurred within the user file system and were able to evade detection, leaving the symlink intact even after the original vulnerabilities were remedied. This situation has enabled the attackers to retain access…

Fortinet Warns of Persistent Access Threats to FortiGate Devices Post-Patching On April 11, 2025, Fortinet disclosed concerning information regarding a persistent security vulnerability affecting its FortiGate devices. The network security firm reported that cybercriminals have successfully established read-only access to…