» Threat Intelligence Blog

Summary The threat actor known as Intel Broker has allegedly claimed responsibility for a major data breach at technology firm Cisco, stealing sensitive information, including source codes, credentials, and confidential documents. The breach allegedly occurred on October 6 or June 10, 2024, depending on date format, with Intel Broker announcing the theft on Breach Forums on October…

Researchers from BitSight Technologies’ TRACE team have uncovered several critical zero-day vulnerabilities in six Automatic Tank Gauge (ATG) systems from five different vendors. If these vulnerabilities are weaponized, malicious actors could exploit industrial control systems (ICS) used in critical infrastructure sectors, including retail and hospitality, potentially causing harm, including physical destruction, environmental risks, and financial losses….

Summary On 27 August 2024, Cybersecurity researchers from Netskope released a new report calling attention to a new QR code phishing, also known as quishing, campaign that leverages Microsoft Sway infrastructure to host fake pages, highlighting the abuse of legitimate cloud offerings for malicious purposes. In July 2024, Netskope Threat Labs tracked a 2,000-fold increase in traffic to…

Summary Team Cymru, Silent Push, and Stark Industries Solutions have released a report detailing a collaborative investigation between all three entities targeting the financial threat group, FIN7. Despite past disruptions, FIN7 remains active, employing a range of tactics to evade detection. Silent Push’s research identified a significant number of domains linked to FIN7, a portion of…

Summary Several security vulnerabilities in the industrial remote access solution Ewon Cosy+ can be abused to gain root privileges to the devices and stage follow-on attacks, according to new data unveiled at DEF CON 32. The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even get…