company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Lazarus

DLL

Web Server

loading..
loading..
loading..

Lazarus Hacking Group Exploiting Vulnerable Windows IIS Web Servers

Learn about the Lazarus hacking group and their exploits on vulnerable Windows IIS web servers. Discover their techniques, known attack vectors

29-May-2023
6 min read

Related Articles

loading..

Expose

Hackers expose sensitive data from Andrew Tate's online course, raising question...

In a high-profile breach, hackers infiltrated the online course platform "The Real World," founded by controversial influencer Andrew Tate. The data leak exposed sensitive information of nearly 800,000 users, including private chat logs and 325,000 email addresses. The breach coincides with Tate’s ongoing legal battles, including charges of human trafficking and rape in Romania. ### A Symbolic Hack: Bold Messages in Digital Chaos The hackers, identified as hacktivists, orchestrated the breach with a blend of symbolism and disruption. During Tate’s live-streamed _“Emergency Meeting”_ show on Rumble, they uploaded custom emojis to the platform's chatroom, including a transgender flag, a feminist fist, and AI-generated images of Tate draped in a rainbow flag. One particularly provocative emoji exaggerated Tate’s physique, showcasing the hackers’ intent to undermine his persona. The Daily Dot, which first reported the incident, received the hacked data and subsequently shared it with the breach notification site Have I Been Pwned and nonprofit transparency collective DDoSecrets. ### A Vulnerability Exploited Hackers claimed they exploited a critical vulnerability within _"The Real World"_ platform, allowing them to not only extract user data but also wreak havoc. In a statement, they detailed actions including banning users, deleting attachments, and crashing clients temporarily. Cybersecurity analysts described the platform’s defenses as _"woefully inadequate."_ Despite the breach, The Real World continues to boast 113,000 active users, generating an estimated monthly revenue exceeding $5.6 million. The platform markets itself as a hub for _"advanced mentoring"_ in topics like e-commerce, fitness, and financial investments. ### Leaked Logs: A Window into the User Base The leaked chat logs reveal a blend of motivational exchanges and controversial rhetoric. Some users voiced concerns over societal changes, including a post referencing "the LGBTQ agenda" alongside fears for the "future of the USA." Such revelations highlight the divisive community that Tate has cultivated through his brand. ### Andrew Tate's Spiraling Legal Challenges The breach amplifies the spotlight on Andrew Tate, already embroiled in legal troubles. Currently under house arrest in Romania, Tate faces charges including human trafficking, rape, and involvement in an organized crime group. Prosecutors allege he and his brother Tristan groomed vulnerable individuals, compelling them to create explicit content for profit. Romanian authorities estimate the accused generated $2.8 million through these activities. ### New Allegations Surface In addition to ongoing investigations, Romanian authorities announced fresh allegations. These include accusations of underage sexual exploitation and using criminal proceeds to purchase luxury items registered under third-party names. Prosecutors impounded 16 luxury cars, cash, and electronics during recent raids. Andrew Tate continues to deny all charges, calling them a “set-up” and a desperate attempt to tarnish his reputation. His remarks echo his long-standing claims of being targeted by a global conspiracy to silence him. ### A Polarizing Online Figure Andrew Tate’s rise to fame began with his kickboxing career but took a controversial turn with his online persona. Known for misogynistic remarks, Tate has been banned from multiple platforms for promoting hate speech. Despite this, his influence endures, with billions of views on TikTok under the hashtag #AndrewTate. Critics argue his rhetoric radicalizes young men, promoting toxic masculinity and misogyny. UK authorities have flagged his influence as a risk factor for radicalization, linking it to a surge in violence against women and girls. This breach underscores the vulnerabilities in influencer-led platforms. Experts warn that such platforms, often built rapidly to capitalize on fame, prioritize profitability over robust security measures. The hack serves as a cautionary tale for digital entrepreneurs. ### Public Interest vs. Privacy As the stolen data circulates online, debates around ethical boundaries emerge. While the breach exposes potential lapses in security and accountability, it also compromises the privacy of thousands of users. Advocacy groups emphasize the need for better regulation and stronger cybersecurity frameworks. --- #### Key Takeaways: - Data on 800,000 users, including 325,000 email addresses, was leaked. - Hackers exploited vulnerabilities to disrupt operations and expose sensitive data. - Fresh allegations compound his existing charges of human trafficking and organized crime. - The hack highlights the complex interplay of cybersecurity, ethics, and online radicalization.

loading..   23-Nov-2024
loading..   4 min read
loading..

NAS

QNAP

QNAP withdraws QTS 5.2.2 update after reports of connectivity failures, app cras...

QNAP has retracted its recently released firmware update, QTS 5.2.2.2950 build 20241114, after multiple reports from users indicated severe disruptions in device functionality. The update, launched on November 14, 2024, was intended to address several security vulnerabilities and resolve known issues across a wide range of QNAP network-attached storage (NAS) models. However, post-installation, it has been linked to critical connectivity failures and, in some cases, has left users unable to access their devices entirely. ### Nature of the Issues **Users who applied the update reported a variety of technical malfunctions, including:** 1. Credential Errors: Many devices began displaying the error message, _“Your login credentials are incorrect or account is no longer valid”_, even after multiple password resets and troubleshooting attempts. 2. Unauthorized Changes Detected: Some users encountered a _“Detected unauthorized changes when starting up the system”_ message during boot-up, further complicating system accessibility. 3. Application Failures: Essential built-in applications like Malware Remover, File Station, and Resource Monitor became unusable due to the absence of Python2, which the firmware erroneously failed to include or support. 4. SMB Drive Disruptions: Shared SMB drives stopped functioning entirely for some customers, even though the related software components were up to date. A frustrated user reported their experiences on the QNAP community forum: _“I can no longer connect to my files through the same network. Accessing via a browser leaves me stuck on the login page. Through myQNAPcloud, I can connect, but nothing opens. Restarting and multiple connection methods didn’t resolve the issue.”_ Another customer shared on Reddit, _“After updating to the latest QTS version, my SMB shared drives completely broke. I had to downgrade to the previous version to restore functionality.”_ ### Company’s Response As of now, QNAP has not issued an official public advisory addressing the widespread issues. However, its support team has confirmed the removal of the problematic firmware from the download pages of impacted NAS models. In response to affected users, QNAP has recommended rolling back to an earlier firmware version, QTS 5.2.1.2930 build 2024102, which is stable and reportedly resolves the identified issues. According to QNAP's support team, _“We do have a problem with this 5.2.2 update on some NAS devices related to the DOM secondary partition. The official R&D recommendation is to downgrade the firmware via Qfinder Pro to 5.2.1.”_ ### Resolution Steps for Impacted Users To mitigate the issues, QNAP suggests the following course of action: 1. Firmware Downgrade: Use Qfinder Pro to revert to firmware version 5.2.1.2930 build 2024102. 2. Verify System Integrity: After downgrading, verify that all essential applications and features—such as SMB shared drives, File Station, and Malware Remover—are functioning correctly. 3. Monitor Updates: Stay tuned to QNAP’s security advisories for announcements or patches that address these problems comprehensively. ### What are the Implications & Lessons Learned The incident highlights the critical importance of rigorous pre-release testing for firmware updates, especially when deployed across a broad user base of enterprise and personal NAS users. It underscores the need for transparent and proactive communication from vendors when software updates introduce system-breaking issues. ### For QNAP users, this serves as a reminder to: 1️⃣ Regularly back up device settings and configurations before applying updates. 2️⃣ Maintain access to older, stable firmware versions to facilitate quick rollbacks if necessary. 3️⃣ Monitor user forums and official advisories for early indications of post-update issues. ### Final Thoughts While QNAP’s quick removal of the flawed update mitigates further spread of these issues, the lack of an immediate public advisory leaves many users without clarity. Moving forward, QNAP must prioritize rebuilding user trust by addressing these challenges transparently and implementing more robust quality assurance processes.

loading..   23-Nov-2024
loading..   4 min read
loading..

Hospital

A cyberattack on a French hospital exposed 750K patient records, highlighting se...

The medical records of approximately 750,000 patients at an unnamed French hospital were exposed following a threat actor’s successful intrusion into its electronic patient record (EPR) system. This breach has far-reaching implications for data privacy, healthcare cybersecurity, and patient safety, highlighting systemic vulnerabilities in handling sensitive medical information. --- ### Overview of the Incident A cybercriminal known as 'nears' (formerly 'near2tlg') claimed responsibility for the attack, boasting of access to over 1.5 million patient records across multiple healthcare facilities in France. The hacker specifically targeted MediBoard, a widely deployed EPR solution by Softway Medical Group, which serves numerous healthcare institutions across Europe. Despite initial concerns about the software's integrity, Softway Medical Group confirmed that the breach was not due to a flaw in MediBoard itself but rather stemmed from the misuse of stolen credentials tied to a privileged account within the affected hospital's infrastructure. ### Key Timeline of Events November 19, 2024: The cyberattack was detected within the hospital's MediBoard system. November 20, 2024: Softway Medical Group clarified the breach origin, distancing their software from direct responsibility. November 21, 2024: Further investigation revealed that all compromised hospitals were part of the Aléo Santé healthcare group. --- ### Nature of the Breach The stolen data, now offered for sale on dark web forums, includes highly sensitive and personally identifiable information (PII): Full Name Date of Birth Gender Home Address Phone Number Email Address Physician Details Prescriptions Health Card History Such data, if exploited, could lead to targeted phishing campaigns, identity theft, and other malicious activities, further endangering affected individuals. --- ### Exploitation Tactics The attacker's modus operandi reveals a sophisticated understanding of healthcare systems and cybersecurity: 1. Target Selection: Focus on healthcare facilities known to utilize MediBoard software, specifically those under the Aléo Santé umbrella. 2. Credential Theft: Compromise a privileged account within the hospital's infrastructure, bypassing external defenses like software vulnerabilities or misconfigurations. 3. Monetization: Offer stolen patient records for sale to interested buyers while promoting unauthorized access to MediBoard platforms across French hospitals. ### Implications of Selling MediBoard Access The hacker claimed to provide buyers with administrative access to: Patient healthcare and billing records. Appointment scheduling and modification systems. Sensitive operational data of multiple hospitals, including Centre Luxembourg, Clinique Alleray-Labrouste, Clinique Jean d'Arc, and others. --- ### Softway Medical Group's Response In an official statement to media outlets, Softway Medical Group emphasized: The breach was not due to any inherent vulnerability or misconfiguration within their MediBoard software. A privileged account within the hospital's infrastructure was exploited by the attacker. They continue to work closely with impacted healthcare institutions to mitigate the fallout. ### Softway’s email further clarified: > _"We can confirm that our software is not responsible, but rather, a privileged account within the client’s infrastructure was compromised by an individual who exploited the standard functions of the solution."_ --- ### Impact on Aléo Santé The connection to Aléo Santé underscores a systemic weakness within the group’s centralized infrastructure. With multiple hospitals using MediBoard under the same administrative framework, compromising a single privileged account granted the attacker sweeping access to all affiliated entities. This interconnected nature of healthcare IT systems, while improving operational efficiency, also creates a high-value target for cybercriminals, amplifying risks from a single point of failure. --- ### Potential Consequences For Affected Patients The exposure of such sensitive data increases risks of: Phishing Attacks: Cybercriminals can impersonate healthcare providers to extract further information or financial details. Social Engineering: Fraudsters may exploit the data to manipulate victims. Identity Theft: Misuse of PII for financial or legal fraud. ### For Healthcare Institutions Regulatory Penalties: Violations of GDPR could result in significant fines and reputational damage. Operational Disruption: Unauthorized access to appointment systems and medical records could impact day-to-day functions. Erosion of Trust: Patients may lose confidence in the institution’s ability to protect their data. --- ### Improving System Architecture Segregate Access: Minimize interconnected privileges across multiple entities under a shared framework like Aléo Santé’s. Limit Privileged Access: Employ a zero-trust model, granting users access only to necessary resources. Anomaly Detection: Deploy advanced monitoring tools to identify unusual activity within EPR systems. ### Collaborative Efforts - Establish clear protocols between software vendors and client hospitals for breach response. - Educate staff on recognizing and mitigating cyber threats, particularly social engineering tactics.

loading..   22-Nov-2024
loading..   4 min read