China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's high operational tempo and...

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

In this article 1. Storm-1175’s rapid attack chain: From initial access to impact 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Indicators of compromise The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as Storm-1175 operates...

Uncovering Qilin attack methods exposed through multiple cases

In the second half of 2025, the ransomware group Qilin has continued to publish victim information on its leak site at a pace of more than 40 cases per month, making it one of the most impactful ransomware groups worldwide. The manufacturing sector has been the most affected, followed by...

60% of small businesses are concerned about cybersecurity threats

According to a recent poll by the US Chamber of Commerce, 60% of small businesses are concerned about cybersecurity threats, and 58% are concerned about a supply chain breakdown. Not surprisingly, small businesses in the professional services sector feel significantly more concerned about...

[SECURITY] Fedora 38 Update: rear-2.7-8.fc38

Relax-and-Recover is the leading Open Source disaster recovery and system migration solution. It comprises of a modular frame-work and ready-to-go workflows for many common situations to produce a bootable image and restore from backup using this image. As a benefit, it allows to restore to...

Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms

Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 CVSS score: 9.4, the vulnerability impacts the following supported versions - NetScaler ADC and...

A Royal Analysis of Royal Ransom

A Royal Analysis of Royal Ransom By Alexandre Mundo, and Max Kersten · April 3, 2023 We would like to thank Advanced Cyber Services team within Trellix Professional Services for the incident response-related data. Emerging in early 2022 as a private group which used multiple strains of ransomware...

Zero-day vulnerability leveraged to deploy Cuba Ransomware

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The threat actors behind the Cuba ransomware have stepped up their game by using a new Remote Access Trojan called ROMCOM and weaponizing a local privilege escalation vulnerabilityCVE-2022-24521. A wide range o...

Command Execution Vulnerability in Netnifty Vulnerability Scanning System

Beijing Netnifty Information Technology Co., Ltd. covers network border security protection, application and data security protection, network security risk management, professional security solutions and professional security services. A command execution vulnerability exists in the Netnifty...

Beijing Netnifty Security Gateway has a weak password vulnerability

Beijing Netnifty Information Technology Company is a leading enterprise in the domestic information security industry, specializing in the research and development, production and sales of information security products, and providing hierarchical overall security solutions and security profession...

Netnifty Internet Behavior Management System Has Arbitrary File Download Vulnerability

Beijing Nethub Information Technology Co., Ltd. was renamed from Lenovo Nethub Technology Beijing Co., Ltd. and its business covers network border security protection, application and data security protection, network-wide security risk management, professional security solutions and professional...

RMM software: What is it and do you need it?

As cybersecurity products evolve to better protect against new forms of malware, trickier evasion techniques, and more organized cybercrime campaigns, the practice of cybersecurity evolves, too, providing simple, streamlined methods to manage hundreds of endpoints through one tool: RMM software...

Shining a Light on DARKSIDE Ransomware Operations

Update May 14: Mandiant has observed multiple actors cite a May 13 announcement that appeared to be shared with DARKSIDE RaaS affiliates by the operators of the service. This announcement stated that they lost access to their infrastructure, including their blog, payment, and CDN servers, and wou...

Payroll Provider Gives Extortionists a Payday

Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company's customers for nearly three days. Faced with the threat of an extended outage, Apex chose to pay the ransom demand and begin the...

CB Customer Spotlight: Q&A with Ritter Insurance Marketing’s Dan McLellan

Dan McLellan is a Network Support Specialist at Ritter Insurance Marketing, and uses the Carbon Black community to increase his security knowledge and share information with his colleagues. Having access to insights from other security professionals has not only shortened the time he spends tryin...

Experts that support your digital transformation

If your business is like many, your customer's experience is a top priority. In an age of fast paced digital transformation, meeting the needs of a unique global user base while securely delivering quality web based experiences, continues to grow in complexity. While many already think of Akamai ...

Akamai Is Named A Leader In Gartner's Magic Quadrant For Web Application Firewalls

"Don't work for recognition, but do work worthy of recognition" - H. Jackson Brown. A friend sent this quote to me after I explained to her my ambivalence about being recognized by Gartner as a "Leader" in their Web Application Firewall Magic Quadrant. I had mixed feelings because I wanted to...

Robert Flores Named Vice President of IT

Coalfire welcomes Robert Flores as the newest addition to the cybersecurity risk management and compliance service leaders leadership team as its Vice President of Information Technology. Flores has a proven track record of driving strategy for high-growth IT companies while managing billion-doll...

Netscape Professional Services FTP Server (LDAP Aware) 1.3.6 FTP Server Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1411/info Certain versions of the LDAP-aware Netscape Professional Services FTP Server distributed with Enterprise Web Server have a serious vulnerability which may lead to a remote or local root compromise. The...

CVE-2013-6838

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro VIP2000 9.0.3 rel903, when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges b...