report Archivi - Red Hot Cyber

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.

Tag: report

Critical Vulnerabilities Discovered in Hundreds of Brother and Other Printers

Redazione RHC 27/06/2025

Hundreds of printer models from Brother and other manufacturers (Fujifilm, Toshiba, Ricoh and Konica Minolta) have been found to be vulnerable to serious vulnerabilities discovered by researchers at Rapid7. For example, the printers come with a default administrator password that can be generated by remote attackers. In total, experts have identified eight different issues in Brother printers: CVE Description What does it affect? CVSS CVE-2024-51977 An unauthenticated attacker can cause the leak of sensitive information. HTTP (port 80), HTTPS (port 443), IPP (port 631) 5.3 points CVE-2024-51978 An unauthenticated attacker can generate a default password for the administrator. HTTP (port 80), HTTPS

RHC GhostSec interview: hacktivism in the shadows of terrorism and cyber conflict

RHC Dark Lab 12/06/2025

Ghost Security, also known as GhostSec, is a hacktivist group which emerged in the context of the cyber war against Islamic extremism. The first actions of the group date back to the aftermath of the attack on the Charlie Hebdo newsroom, January 2015. It is considered an offshoot of the Anonymous collective, from which it later partially broke away. GhostSec became known for its digital offensives against websites, social accounts and online infrastructure used by ISIS to spread propaganda and coordinate terrorist activities. The group claimed to have shut down hundreds of ISIS-affiliated accounts and helped thwart potential terrorist attacks by actively

Potential Compromise of a U.S. Military Database

Pietro Melillo 06/11/2024

A high-ranking user of BreachForums, known as “GOD,” is reportedly selling an alleged database belonging to the U.S. Military, which purportedly contains data on over 385,000 personnel and contractors. This database would have been acquired in November 2024 and is said to include critical personal and service-related information. Details of the Potential Breach If authentic, the database would contain various fields of sensitive data, which may be categorized under the following headers: At this time, we cannot confirm the veracity of this information, as the organization has not released an official press statement on its website regarding the incident. Therefore, this article

RHC interviews Qilin Ransomware! “Let’s play fair and wait for a worthy opponent on the field”

RHC Dark Lab 19/09/2024

Qilin (from Chinese :麒麟) is a legendary creature that appears in Chinese mythology and is said to appear with the imminent arrival or demise of a sage or illustrious ruler. The Qilin ransomware is a prime example of the growing complexity of cyber threats. Discovered in 2022, Qilin immediately attracted attention for its ability to target critical sectors such as healthcare and education, particularly in the regions of Africa and Asia. Written in Rust and C, Qilin offers an unprecedented level of customisation that sets it apart from most other ransomware. The operators behind this threat can change the extension of encrypted

A Threat Actors Posts Update on Luxottica’s 2021 Data Breach

Redazione RHC 25/07/2024

Recently, a threat actor in a clandestine forum posted an update on the 2021 data breach concerning the giant Luxottica, one of the world’s largest eyewear companies. According to the post, the breach allegedly exposed extensive personal information of millions of individuals. This article explores the details of the alleged breach based on information provided by the threat actor. At this time, we cannot confirm the veracity of the news, as the organization has not yet issued any official press release on its website regarding the incident. Therefore, this article should be considered an ‘intelligence source.’ Details of the Alleged Breach According

Data Breach: Personal Information of 6K NATO Employees for Sale

Pietro Melillo 18/07/2024

On July 17, 2024, user Vadimblyaa posted on a well-known cybercriminal forum, claiming to possess personal information of 6,000 NATO employees, acquired through a data breach that occurred on July 13, 2024. Vadimblyaa has put this information up for sale and invites interested parties to make offers for its purchase. Breach Details Vadimblyaa provided specific details regarding the format and content of the compromised data, which includes: According to the report, the file contains over 6,000 lines of data. Veracity and Implications At this time, we cannot precisely confirm the authenticity of the breach, as the NATO organization has not yet released

Hospitals tremble! Ransomcortex arrives. ransomware gang targeting healthcare facilities

RHC Dark Lab 12/07/2024

Recently, the landscape of cyber threats has been enriched by the emergence of a new ransomware group named “Ransomcortex”. This group is distinguished by its specialization in attacking healthcare facilities, having already collected four victims within a few days of its first appearance. Among these, three are Brazilian healthcare facilities and one is Canadian. The preference for attacks on the healthcare sector is not new, but Ransomcortex represents a significant evolution of this trend. Historical Context The interest of cybercriminals in healthcare organizations dates back several years, but recently there has been a significant increase in these attacks. One of the first

Threat Actor “DragonForce” Seeks New Partners

RHC Dark Lab 27/06/2024

A recent post on a dark web forum reveals that a cybercriminal group known as “DragonForce” is actively seeking new partners to join their Ransomware-as-a-Service (RaaS) operation. This recruitment drive is aimed at expanding their capabilities by incorporating specialists from various fields, particularly access specialists and pentesters, or teams of pentesters. Recruitment Details According to the post, DragonForce is offering an attractive partnership deal to entice skilled individuals and teams: Operational Capabilities The post highlights several key features of DragonForce’s operation that are designed to support their partners: Organizational Structure DragonForce operates with a defined organizational structure, maintaining a hierarchical system to

Cyber catastrophe in sight? The new Bug on MOVEit has an Online PoC Exploit

RHC Dark Lab 27/06/2024

In the realm of cybersecurity, vulnerabilities constantly represent a significant risk for businesses and institutions. Many system administrators may recall CVE-2023-34362 from last year, a catastrophic vulnerability in Progress MOVEit Transfer that shook the industry, affecting high-profile victims like the BBC and the FBI. Sensitive data was leaked and destroyed as the cl0p ransomware gang exploited zero-day vulnerabilities to steal data, leaving a trail of chaos. Today, a new threat emerges on the horizon: the CVE-2024-5806 vulnerability. The Past: CVE-2023-34362 CVE-2023-34362 (https://nvd.nist.gov/vuln/detail/CVE-2023-34362) represents one of the most critical vulnerabilities that hit Progress MOVEit Transfer, a widely used software for secure file transfer.

Loki, starting IOC discovering

Andrea Cavallini 02/05/2024

Today is always more important and significant to be efficient in controlling our own infrastructures; actions to put in place for this verification process shall require both proactive and post-action approach: the last aspect is fundamental when an attack or in general any malicious behavior is conducted on a targeted system and we have to know all about this action, from its start to its finalization. The paradigm “it’s happened and I have to know all about it” is checked as well by Loki. Loki is an open source tool, developed in Python by Florian Roth (aka Neo23x0) and it is a

Tag: report

Category