All articles tagged with #threat intelligence
Hackers linked to Cl0p exploited a zero-day flaw in Oracle's E-Business Suite to breach dozens of organizations, using sophisticated malware and extortion tactics, with ongoing assessments of the full scope of the attack.
Oracle released an emergency patch for a critical vulnerability (CVE-2025-61882) in its E-Business Suite, which has been exploited by the Cl0p ransomware group in recent data theft attacks. The flaw allows remote code execution without authentication, and indicators suggest involvement of the LAPSUS$ group. Organizations are advised to check for compromises, as exploitation has already occurred.
Microsoft has linked recent exploits of SharePoint Server vulnerabilities to three Chinese hacker groups—Linen Typhoon, Violet Typhoon, and Storm-2603—who are leveraging these flaws to gain unauthorized access and deploy web shells, with ongoing risks for unpatched on-premises SharePoint systems. The company urges immediate security updates and mitigations to prevent further attacks.
Microsoft warns that APT29, a Russian state-sponsored threat actor, has been targeting global organizations, primarily in the U.S. and Europe, using tactics such as compromised accounts and OAuth applications to gather sensitive information. The scale of the campaign may be larger than previously thought, with the threat actor using diverse initial access methods and residential proxies to obfuscate connections. Organizations are advised to defend against rogue OAuth applications and password spraying.
CISA has issued an emergency directive to Federal agencies to address actively exploited zero-day flaws in Ivanti Connect Secure and Ivanti Policy Secure products, allowing threat actors to execute arbitrary commands and compromise information systems. Ivanti is expected to release an update next week, but has provided a temporary workaround. Organizations are urged to apply mitigations, run integrity checks, and take additional security measures. Cybersecurity firms have observed attacks exploiting the flaws, with as many as 2,100 devices compromised globally. The initial attack wave has been attributed to a Chinese nation-state group, with indications of opportunistic exploitation for financial gain by other threat actors.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified six known exploited vulnerabilities, including high-severity flaws affecting Apple, Apache, Adobe, D-Link, and Joomla, with evidence of active exploitation. These vulnerabilities pose risks such as remote code execution and improper access control. CISA has urged federal agencies to apply patches to secure their networks against these active threats by January 29, 2024.
Android phone users are being warned to watch out for malicious apps that can cause chaos in their digital and real life. Cybersecurity expert Kristina Balaam has highlighted three warning signs that an Android app may be unsafe: unusual requests for permissions, strange behavior after downloading, and seemingly innocent requests for Accessibility Services that can be abused by threat actors to monitor everything a user does on their device. Users are advised to keep a close eye on any apps they install, even from the Google Play Store, to avoid being spied on, defrauded, stolen from, blackmailed, and more.
Microsoft has launched Security Copilot, an AI-powered cybersecurity tool that combines the company's threat intelligence with industry expertise to help security professionals detect and respond to threats. The tool will simplify complexity and amplify the capabilities of security teams by summarizing and making sense of threat intelligence, helping defenders see through the noise of web traffic and identify malicious activity. Security Copilot is currently available through private preview.