January 2024 – TheCyberThrone

Ivanti Vulnerabilities exploited to deliver KrustyLoader

Researchers from Synacktiv published a technical analysis of a rust malware named KrustyLoader that was delivered by threat actors exploiting the recently published Ivanti vulnerabilities The first vulnerability is CVE-2023-46805,…

PravinKarthik January 31, 2024

Cactus Ransomware claims responsibility on Schneider attack

Schneider Electric has revealed that it has fallen victim to a ransomware attack, leading to data from its sustainability business division being accessed. The Cactus ransomware group has reportedly claimed…

PravinKarthik January 31, 2024

Juniper released out-of-band updates to patch high severity flaws

Juniper has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The…

PravinKarthik January 30, 2024

Mercedes-Benz exposes sensitive data

Researchers from RedHunt labs discovered that Mercedes-Benz unintentionally left a private key accessible online, thereby exposing internal data, including the company’s source code. It’s unclear if the data leak exposed…

PravinKarthik January 30, 2024

POC for Jenkins CVE-2024-23897 made public

Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897, have been made public. A critical flaw, tracked as CVE-2024-23897, could lead to remote code…

PravinKarthik January 29, 2024

Medusa ransomware adds Kansas KCATA to its victims list

The Kansas City Area Transportation Authority (KCATA) has suffered a ransomware attack on January 23. 2024. The Kansas City Area Transportation Authority (KCATA) is a public transit agency in metropolitan…

PravinKarthik January 28, 2024

FAUST Ransomware Dissection

Researchers from FortiGuard Labs have discovered a new ransomware strain the FAUST ransomware, a variant of the notorious Phobos family. This malicious software, designed to encrypt files on a victim’s…

PravinKarthik January 27, 2024