admin

admin

  • Joined: September 10, 2024
  • Articles: 4618

Lazarus Hacker Group Adapts Tactics, Tools, and Targets in DeathNote Campaign

The North Korean cyber threat group known as Lazarus has been observed changing its strategies and rapidly enhancing its tools within its ongoing DeathNote campaign. While historically focused on the cryptocurrency sector, recent attacks have also expanded to include the automotive, academic, and defense sectors in Eastern Europe and beyond. This shift is seen as a major change in approach. Kaspersky researcher Seongsu Park noted that the group has switched its decoy documents to job descriptions for defense contractors and diplomatic services, marking a strategic pivot that began in April 2020. This campaign is also identified by other names such as Operation Dream Job or NukeSped, with Google-owned Mandiant linking certain activities to this evolving threat.

Lazarus Hacker Group Adapts Strategies in Ongoing DeathNote Campaign April 13, 2023 Cyber Attack / Cyber Threat The Lazarus Group, a North Korean cyber threat actor, has been observed refining its strategies and expanding its targets in an ongoing campaign…

CISA Warns of Actively Exploited Vulnerability in SonicWall SMA Devices

Date: April 17, 2025
Category: Vulnerability / Network Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has categorized a significant security flaw affecting SonicWall Secure Mobile Access (SMA) 100 Series gateways as a Known Exploited Vulnerability (KEV) due to ongoing active exploitation. This high-severity vulnerability, identified as CVE-2021-20035 (CVSS score: 7.2), involves an operating system command injection that may allow for unauthorized code execution.

According to SonicWall’s advisory from September 2021, “improper neutralization of special elements in the SMA100 management interface permits a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user, potentially leading to code execution.”

The vulnerability impacts the following models: SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) running specific versions—10.2.1.0-17sv and earlier (patched in 10.2.1.1-19sv and higher), 10.2.0.7-34sv and earlier (patched in 10.2.0.8-37sv and higher), and 9.0…

CISA Identifies Actively Exploited Vulnerability in SonicWall SMA Devices On April 17, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) took significant action by adding a critical security vulnerability affecting SonicWall Secure Mobile Access (SMA) 100 Series gateways to…

Urgent Vulnerability in Windows Server 2025 dMSA Poses Risk of Active Directory Breach

May 22, 2025
Cybersecurity / Vulnerability

A critical privilege escalation flaw has been identified in Windows Server 2025, allowing attackers to compromise any user within Active Directory (AD). According to Akamai security researcher Yuval Gordon, the vulnerability exploits the Delegated Managed Service Account (dMSA) feature introduced in Windows Server 2025. This attack can be executed easily with the default configuration, posing a significant threat to organizations relying on AD. “In 91% of the environments we examined, users outside of the domain admin group possessed the necessary permissions to carry out this attack,” Gordon noted in a report shared with The Hacker News. The vulnerability takes advantage of the dMSA feature designed to facilitate migration from legacy service accounts and intended to mitigate Kerberoasting attacks. The attack technique has been dubbed “BadSuccessor” by the researchers.

Critical Vulnerability in Windows Server 2025 Poses Risk to Active Directory Security May 22, 2025 In a significant cybersecurity development, researchers have identified a privilege escalation vulnerability in Windows Server 2025 that threatens the integrity of Active Directory (AD). This…

RTM Locker: A Rising Cybercrime Collective Targeting Enterprises with Ransomware

April 13, 2023
Ransomware / Cyber Attack

Cybersecurity experts have revealed insights into the tactics of a burgeoning cybercriminal organization known as “Read The Manual” (RTM) Locker. This group operates as a private ransomware-as-a-service (RaaS) provider, executing opportunistic attacks to illicitly generate profits. According to a report from cybersecurity firm Trellix shared with The Hacker News, “The RTM Locker gang employs affiliates to extort victims, all of whom must adhere to the gang’s stringent rules.” The structured nature of the group, where affiliates are expected to remain active or inform the gang of their departure, highlights its organizational maturity, akin to that seen in other sophisticated groups like Conti. Originally documented by ESET in February 2017, RTM began in 2015 as a banking malware targeting businesses in Russia through methods such as drive-by downloads, spam, and phishing emails. The group’s attack strategies have since evolved to include ransomware deployment.

RTM Locker: A Rising Cybercriminal Threat Targeting Businesses with Ransomware April 13, 2023 Recent insights from cybersecurity researchers have illuminated the operations of an emerging cybercrime group known as “Read The Manual” (RTM) Locker. This gang functions as a ransomware-as-a-service…

DOGE Creates Live Replica of Social Security Data

Government, Industry Specific Department of Government Efficiency Staffers Established Unauthorized ‘Live Replica’ of SSA Data Chris Riotta • August 26, 2025 Image: Matt Gush/Shutterstock A report published Tuesday by a whistleblower reveals that staffers from the Trump administration’s Department of…

Blockchain Enhances Security—But Remember the Importance of Strong Passwords

April 17, 2025 | Password Security / Blockchain

Blockchain technology, widely recognized for its role in cryptocurrencies like Bitcoin, is increasingly being leveraged for online authentication. As various industries adopt blockchain-based security solutions, could this technology eventually render passwords obsolete?

Understanding Blockchain

At its core, blockchain is a secure method for maintaining, encrypting, and exchanging digital transaction records. Its security advantages lie in its decentralized structure: the distributed ledger can be accessed by participants across multiple nodes, and it remains immutable. Control is collective, meaning no single entity can alter the ledger’s contents.

Potential Security Benefits

One notable benefit is the creation of a ‘self-sovereign identity’ that revolutionizes online identification. This approach allows users to manage their identity independently of centralized institutions, enabling them to log in to websites or services using a personal, private ID they fully control…

Blockchain Provides Enhanced Security: Don’t Overlook Password Protection April 17, 2025 As the digital landscape evolves, blockchain technology is garnering attention beyond its cryptocurrency roots, particularly for its potential applications in online security and authentication. With businesses across multiple sectors…

Chinese Hackers Leverage Trimble Cityworks Vulnerability to Access U.S. Government Networks

May 22, 2025
Vulnerability / Threat Intelligence

A Chinese-speaking threat actor, identified as UAT-6382, has exploited a recently patched remote-code-execution vulnerability in Trimble Cityworks to deploy Cobalt Strike and VShell. According to an analysis by Cisco Talos researchers Asheer Malhotra and Brandon White, “UAT-6382 effectively targeted CVE-2025-0944, conducted reconnaissance, and quickly implemented various web shells and custom malware for sustained access.” Following their infiltration, UAT-6382 showed significant interest in systems related to utility management. Cisco Talos observed these attacks beginning in January 2025, specifically aimed at the enterprise networks of local government entities in the U.S. CVE-2025-0944, with a CVSS score of 8.6, pertains to a vulnerability in the GIS-focused asset management software that could allow for remote code execution. The flaw has been patched.

Chinese Hackers Exploit Trimble Cityworks Vulnerability to Gain Access to U.S. Government Networks May 22, 2025 In a concerning cybersecurity development, a group of Chinese-speaking hackers identified as UAT-6382 has been implicated in exploiting a recently patched vulnerability in Trimble…