A recent advisory from Google and Mandiant has uncovered a significant data breach involving Salesforce, where the threat actor UNC6395 deployed stolen OAuth tokens to bypass Multi-Factor Authentication (MFA). Organizations are urged to take steps to protect non-human identities to…
Navigating New Cyber Threats: The Shift from Third-Party Vendors to U.S. Tariffs in Supply Chain Security
Apr 16, 2025
Artificial Intelligence / Software Security
Introduction
Cyber threats aimed at supply chains are becoming increasingly concerning for businesses across various sectors. As companies deepen their reliance on third-party vendors, cloud services, and global logistics, cybercriminals are seizing opportunities to exploit vulnerabilities in these interconnected systems. By first targeting a third-party vendor with unnoticed security flaws, attackers can establish a foothold, using these weaknesses to penetrate the networks of primary business partners. This allows them to move laterally through vital systems, ultimately accessing sensitive data, financial assets, intellectual property, or even operational controls. Recent high-profile incidents, such as the 2024 ransomware attack on Change Healthcare—one of the largest health payment processing firms—illustrate how attackers can disrupt supply chain operations and compromise millions of patients’ protected health information (PHI), stealing up to 6TB of data.
New Cyber Threats Emerging in Supply Chains: From Third-Party Vendors to U.S. Tariffs April 16, 2025 Artificial Intelligence / Software Security As businesses increasingly rely on third-party vendors and cloud services, cyber threats targeting supply chains have surged to the…
Sytech Issues Warning on Rising Data Breach Threats Sytech has recently issued a significant alert regarding the increasing frequency and severity of data breaches that could soon impact organizations domestically. This warning underscores the shifting landscape of cybersecurity risks where…
May 22, 2025
Vulnerability / Software Security
Cybersecurity researchers have identified several severe vulnerabilities within the Versa Concerto network security and SD-WAN orchestration platform. Exploitation of these flaws could potentially grant attackers control over vulnerable instances. Despite responsible disclosure on February 13, 2025, these issues remain unpatched, leading to a public announcement after the 90-day window expired. According to ProjectDiscovery researchers Harsh Jaiswal, Rahul Maini, and Parth Malhotra, “When combined, these vulnerabilities could enable an attacker to fully compromise both the application and the host system.” The vulnerabilities include:
Critical Security Vulnerabilities in Versa Concerto Expose Hosts to Exploitation May 22, 2025 Vulnerability / Software Security Recent investigations by cybersecurity experts have illuminated serious security weaknesses within the Versa Concerto network security and SD-WAN orchestration platform. These critical vulnerabilities…
The North Korean cyber threat group known as Lazarus has been observed changing its strategies and rapidly enhancing its tools within its ongoing DeathNote campaign. While historically focused on the cryptocurrency sector, recent attacks have also expanded to include the automotive, academic, and defense sectors in Eastern Europe and beyond. This shift is seen as a major change in approach. Kaspersky researcher Seongsu Park noted that the group has switched its decoy documents to job descriptions for defense contractors and diplomatic services, marking a strategic pivot that began in April 2020. This campaign is also identified by other names such as Operation Dream Job or NukeSped, with Google-owned Mandiant linking certain activities to this evolving threat.
Lazarus Hacker Group Adapts Strategies in Ongoing DeathNote Campaign April 13, 2023 Cyber Attack / Cyber Threat The Lazarus Group, a North Korean cyber threat actor, has been observed refining its strategies and expanding its targets in an ongoing campaign…
Governance & Risk Management, Identity & Access Management, Multi-factor & Risk-based Authentication Just-in-Time, Database, Kubernetes Access Fuel Privileged Access Startup M&A Michael Novinson (MichaelNovinson) • August 26, 2025 Arnab Bose, Chief Product Officer, Okta (Image: Okta) Okta has announced its…
Date: April 17, 2025
Category: Vulnerability / Network Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has categorized a significant security flaw affecting SonicWall Secure Mobile Access (SMA) 100 Series gateways as a Known Exploited Vulnerability (KEV) due to ongoing active exploitation. This high-severity vulnerability, identified as CVE-2021-20035 (CVSS score: 7.2), involves an operating system command injection that may allow for unauthorized code execution.
According to SonicWall’s advisory from September 2021, “improper neutralization of special elements in the SMA100 management interface permits a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user, potentially leading to code execution.”
The vulnerability impacts the following models: SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) running specific versions—10.2.1.0-17sv and earlier (patched in 10.2.1.1-19sv and higher), 10.2.0.7-34sv and earlier (patched in 10.2.0.8-37sv and higher), and 9.0…
CISA Identifies Actively Exploited Vulnerability in SonicWall SMA Devices On April 17, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) took significant action by adding a critical security vulnerability affecting SonicWall Secure Mobile Access (SMA) 100 Series gateways to…
A significant data breach involving corporate Salesforce instances has emerged, with hackers exploiting compromised OAuth tokens associated with the Salesloft Drift application. This sophisticated exfiltration campaign has led to the exposure of sensitive data from numerous organizations. The threat group,…
May 22, 2025
Cybersecurity / Vulnerability
A critical privilege escalation flaw has been identified in Windows Server 2025, allowing attackers to compromise any user within Active Directory (AD). According to Akamai security researcher Yuval Gordon, the vulnerability exploits the Delegated Managed Service Account (dMSA) feature introduced in Windows Server 2025. This attack can be executed easily with the default configuration, posing a significant threat to organizations relying on AD. “In 91% of the environments we examined, users outside of the domain admin group possessed the necessary permissions to carry out this attack,” Gordon noted in a report shared with The Hacker News. The vulnerability takes advantage of the dMSA feature designed to facilitate migration from legacy service accounts and intended to mitigate Kerberoasting attacks. The attack technique has been dubbed “BadSuccessor” by the researchers.
Critical Vulnerability in Windows Server 2025 Poses Risk to Active Directory Security May 22, 2025 In a significant cybersecurity development, researchers have identified a privilege escalation vulnerability in Windows Server 2025 that threatens the integrity of Active Directory (AD). This…
RTM Locker: A Rising Cybercrime Collective Targeting Enterprises with Ransomware
April 13, 2023
Ransomware / Cyber Attack
Cybersecurity experts have revealed insights into the tactics of a burgeoning cybercriminal organization known as “Read The Manual” (RTM) Locker. This group operates as a private ransomware-as-a-service (RaaS) provider, executing opportunistic attacks to illicitly generate profits. According to a report from cybersecurity firm Trellix shared with The Hacker News, “The RTM Locker gang employs affiliates to extort victims, all of whom must adhere to the gang’s stringent rules.” The structured nature of the group, where affiliates are expected to remain active or inform the gang of their departure, highlights its organizational maturity, akin to that seen in other sophisticated groups like Conti. Originally documented by ESET in February 2017, RTM began in 2015 as a banking malware targeting businesses in Russia through methods such as drive-by downloads, spam, and phishing emails. The group’s attack strategies have since evolved to include ransomware deployment.
RTM Locker: A Rising Cybercriminal Threat Targeting Businesses with Ransomware April 13, 2023 Recent insights from cybersecurity researchers have illuminated the operations of an emerging cybercrime group known as “Read The Manual” (RTM) Locker. This gang functions as a ransomware-as-a-service…
