company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Cyberespionage

NSO

UK

loading..
loading..
loading..

UK officials demand inquiry after govt suppressed Liz Truss phone hack

Liz Truss's phone hack goes off the radar, UK government officials call for investigation…

01-Nov-2022
3 min read

Related Articles

loading..

data breach

Omni Hotels faces a data breach nightmare. Ransomware gang claims to have stolen...

The Omni Hotels & Resorts chain has suffered a significant [cyberattack](https://www.secureblink.com/cyber-security-news/omni-hotels-hacked-guest-data-at-risk) as discussed in the last [Threatfeed](https://www.secureblink.com/cyber-security-news) is now attributed to the notorious Daixin ransomware group. This attack disrupted IT systems nationwide, impacting reservations, key card access, and payment systems. Daixin claims to have stolen sensitive data and threatens to release it unless a ransom demand is met. This attack follows a US government warning about Daixin Team's focus on healthcare organizations, indicating the broadening reach of the group. Omni Hotels is scrambling to restore systems while concerns about a potential data breach rise. #### **Daixin Ransomware Gang Claims Responsibility** The first sign of trouble emerged when Bleeping Computer, a cybersecurity news website, reported on the Daixin ransomware gang's claim of responsibility for an attack on Omni Hotels. The article, stated that the gang had stolen data from the hotel chain and threatened to release it if a ransom was not paid. This news was particularly concerning as Omni Hotels had already been a victim of a data breach in the past. ![Omni_Hotels_Daixin_Team_leak.jpg](https://sb-cms.s3.ap-south-1.amazonaws.com/Omni_Hotels_Daixin_Team_leak_5e63f43302.jpg) #### **US Govt. Warns of Daixin Team Targeting Healthcare** Adding to the gravity of the situation highlighting a warning issued by the Cybersecurity and Infrastructure Security Agency (CISA) regarding the Daixin Team's targeting of healthcare organizations. The article detailed the gang's tactics, which included encrypting systems, stealing data, and exploiting vulnerabilities in VPN servers to gain access to networks. Once inside, the gang would use RDP and SSH to move laterally within the network and escalate privileges to gain more control. Notably, the article also mentioned that ransomware groups like Daixin often steal data and threaten to leak it, mirroring the current situation with Omni Hotels. #### **Omni Hotels Confirms Cyberattack Behind Ongoing IT Outage** More details confirmed that Omni Hotels had indeed been hit by a cyberattack and had been working to restore its systems since the attack began on Friday, March 29th. The attack had a widespread impact, affecting critical hotel systems such as reservations, credit card payments, and even hotel room door locks. The article highlighted the ongoing efforts by Omni Hotels to restore normalcy to its operations. #### **Nationwide IT Outage at Omni Hotels - Cause Yet Unknown** As earlier reported on the initial nationwide IT outage at Omni Hotels that began on Friday. The impact of the outage on various hotel systems, including reservations, credit card payments, and door locks. Interestingly, the cause of the outage was not entirely clear at that point. While some employees suspected a cyberattack, Omni Hotels had not yet confirmed it. #### **Omni Hotels Struggles to Recover Amidst Data Breach Concerns** While the exact nature of the attack and the extent of data theft remain unclear, the series of events paint a concerning picture for Omni Hotels. The hotel chain is grappling with restoring its IT systems while facing the potential consequences of a data breach. The attack also serves as a stark reminder of the growing threat posed by ransomware gangs like Daixin, who target not only healthcare organizations but also hospitality chains like Omni Hotels. ***This is a developing story, and further information may emerge in the coming days. Stay tuned for updates on how Omni Hotels navigates this challenging situation***

loading..   16-Apr-2024
loading..   3 min read
loading..

Zero Day

RCE

PanOS

Zero-Day Attack Hits Palo Alto Firewalls! Palo Alto Networks PAN-OS Vulnerabilit...

Recently, Palo Alto Networks encountered a severe security breach in PAN-OS firewalls, marked by a zero-day vulnerability labeled [CVE-2024-3400](https://nvd.nist.gov/vuln/detail/CVE-2024-3400). The breach, observed since March 26th, targeted PAN-OS 10.2, 11.0, and 11.1 firewalls with active device telemetry and GlobalProtect features. #### Vulnerability Overview This critical vulnerability permits unauthenticated remote code execution, posing a significant threat as [warned](https://security.paloaltonetworks.com/CVE-2024-3400) by the company earlier. Attackers exploit this flaw through command injection, bypassing user interaction requirements in attacks of low complexity. [Palo Alto Networks](https://www.secureblink.com/cyber-security-news/palo-alto-networks-firewall-vulnerability-exploited-in-the-wild-cisa) issued warnings of active exploitation, highlighting the severity of the threat. ![Volexity-Blog-CVE-20214-3400-timeline-2.png](https://sb-cms.s3.ap-south-1.amazonaws.com/Volexity_Blog_CVE_20214_3400_timeline_2_7c881e9ad3.png) ***TIMELINE (Volexity)*** #### Patch Deployment Acknowledging the gravity of the situation, Palo Alto Networks swiftly responded with hotfix releases for affected PAN-OS versions, including PAN-OS 10.2.9-h1, 11.0.4-h1, and 11.1.2-h3. Additional hotfixes are anticipated for subsequent versions. #### Mitigation Strategies While awaiting patch deployment, administrators are advised to disable device telemetry on vulnerable devices. Furthermore, subscribers to the 'Threat Prevention' service can mitigate risks by activating 'Threat ID 95187' to block ongoing attacks. #### Exploitation and Impact Security firm Volexity [confirmed](https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/) active exploitation of the vulnerability, attributing the attacks to threat actor UTA0218. These attacks involved backdooring PAN-OS devices using the Upstyle malware, resulting in network breaches and data exfiltration. The sophisticated nature of the attacks suggests possible state-sponsored involvement. #### Scale of Vulnerability Alarming reports reveal over 82,000 PAN-OS devices exposed online, with approximately 40% located in the United States. This widespread exposure underscores the urgency for immediate action to mitigate risks. #### Government Response The severity of the CVE-2024-3400 vulnerability prompted the Cybersecurity and Infrastructure Security Agency (CISA) to include it in its Known Exploited Vulnerabilities catalog. Federal agencies are mandated to implement mitigation measures or disable telemetry functions by April 19th to safeguard their systems.

loading..   15-Apr-2024
loading..   2 min read
loading..

Heritage Foundation

Cyberattack

Heritage Foundation, a conservative think tank, hit by a cyberattack. Details ar...

A recent cyberattack on the Heritage Foundation, a prominent conservative think tank in Washington D.C., serves as a stark reminder that no organization is immune to cyber threats. While the details of the attack are still emerging, it highlights the ever-evolving landscape of cybersecurity and the importance of robust defenses for organizations of all sizes and sectors. #### Understanding the Threat Landscape Think tanks, by their very nature, are attractive targets for cyberattacks. They often house sensitive data, intellectual property, and confidential communications. Additionally, their influence on policy and public discourse makes them prime targets for those seeking to disrupt or manipulate the political process. #### What We Know About the Attack Details about the attack are scarce at this point. The Heritage Foundation has not commented on the incident, and it is not yet known what data, if any, was stolen. However, some key facts can be gleaned from the available information: - The attack occurred earlier this week, prompting the Heritage Foundation to shut down its network to prevent further malicious activity. - While there is no concrete evidence, a Heritage official is quoted as saying that the attack likely originated from nation-state hackers. - Think tanks are attractive targets for cyberattacks due to their influence on policy making and connections to government officials. In 2015, The Heritage Foundation was hit by a previous cyberattack that resulted in the theft of internal emails and donor information. #### Why Think Tanks Are Vulnerable Think tanks are prime targets for cyberattacks for several reasons: - **Access to Sensitive Information:** Think tanks often house sensitive data such as policy research, internal communications, and donor information. - **Influence on Policy:** Their work can shape government policy and legislation, making them valuable targets for those seeking to influence political agendas. - **Potential for Disruption:** A successful cyberattack could disrupt a think tank's operations and hinder its ability to conduct research or communicate its findings. #### Possible Reasons for this CYBERATTACK - **Previous Compromise:** According to a few reports, it mentions a 2015 attack where "hackers stole internal emails and the personal information of its donors." A history of successful breaches hints at potential lingering weaknesses within Heritage's defenses. - **Evolving Attack Techniques:** Hackers continuously refine their methods. Security strategies that protected against the 2015 attack may not be enough to counter today's sophisticated threats. This suggests that cyberattack methodologies are constantly evolving, requiring continuous adaptation. - **Insufficient Response or Updates:** While it's impossible to speculate with certainty, the Heritage Foundation may have failed to implement the necessary security upgrades or comprehensive changes after the 2015 breach. This lack of action could leave them susceptible to similar or more advanced attack techniques. - **Unknown Vulnerabilities:** The current attack could be exploiting an entirely new vulnerability. Software, hardware, and even human behavior can have undetected weaknesses that attackers can leverage. #### Potential Causes of Vulnerability There could be a number of reasons why the Heritage Foundation might have been vulnerable to a cyberattack: - Many organizations, including think tanks, rely on legacy IT systems that may not have the latest security patches or configurations. These outdated systems can be exploited by attackers. - Social engineering attacks, which trick employees into clicking on malicious links or divulging sensitive information, are a common tactic used by cybercriminals. Even a single employee mistake can provide attackers with a foothold in a network. - Cybercriminals are constantly developing new and sophisticated attack methods. Organizations need to stay up-to-date on the latest threats and implement appropriate defenses. #### Takeaway While we can't pinpoint the exact reason for Heritage's vulnerability with certainty, this incident reinforces these cybersecurity truths: - **No one is immune:** Even organizations with resources and a focus on security face risks. - **Adaptability is key:** Cybersecurity is an ongoing battle, not a one-time solution. - **Past Attacks are Warnings:** Vulnerabilities exposed in the past demand diligent patching and continuous security reexamination.

loading..   13-Apr-2024
loading..   4 min read
Company Logo
logo

Secure Blink automates the application and API security testing for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

Facebook Logo
Twitter Logo
LinkedIn Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303