company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

LSC

PP

loading..
loading..
loading..

Massive Data Breach at Lab Services Cooperative Puts Millions at Risk

Planned Parenthood Data Breach: Lab Co-op’s HIPAA Violation Exposes Dark Web Leaks. Learn Identity Theft Risks & Legal Action

12-Apr-2025
3 min read

No content available.

Related Articles

loading..

VPN

SSL

Fortinet alert: Patch FortiGate SSL-VPN exploits. Hackers used symlinks to retai...

A newly disclosed Fortinet advisory reveals that hackers have maintained stealthy, persistent access to compromised FortiGate devices even after organizations patched the initial vulnerabilities used in the attacks.** The campaign, active since early 2023, underscores growing concerns over advanced post-exploitation techniques targeting network infrastructure. ### **How the Attack Works** Threat actors exploited known flaws, including critical CVEs like CVE-2022-42475 (a remote code execution bug) and CVE-2023-27997 (a heap overflow vulnerability), to create a **symbolic link (symlink)** between FortiGate’s user file system and root file system. This symlink, hidden in folders hosting SSL-VPN language files, granted attackers read-only access to sensitive configurations and system data. Fortinet confirmed that the symlink persisted even after initial vulnerabilities were patched, enabling continued surveillance. Devices with SSL-VPN functionality enabled are exclusively at risk. ### **Fortinet’s Mitigation Measures** The company rolled out urgent FortiOS updates to eliminate the threat: - **Versions 7.6.2, 7.4.7, 7.2.11, 7.0.17, 6.4.16**: Remove malicious symlinks and block future SSL-VPN-based exploits. - **Antivirus enhancements**: Older FortiOS versions (7.4, 7.2, 7.0, 6.4) now detect and auto-delete the symlink. Fortinet advises all users to: 1. Immediately upgrade to the latest firmware. 2. Audit device configurations for tampering. 3. Assume credentials are compromised and reset them. ### **Global Cybersecurity Alerts** The **U.S. CISA** and France’s **CERT-FR** issued parallel advisories, urging organizations to: - Disable SSL-VPN until patches are applied. - Monitor for unauthorized access dating back to early 2023. ### **Expert Insights: “Attackers Are Outpacing Defenders”** Benjamin Harris, CEO of cybersecurity firm watchTowr, warned *The Hacker News* that adversaries are exploiting vulnerabilities faster than companies can patch. “Attackers deploy backdoors designed to survive patches, upgrades, and even factory resets,” Harris said, noting impacts on **critical infrastructure sectors**. ### **What’s Next?** Fortinet has notified affected customers directly, though the campaign’s global, non-targeted nature complicates attribution. Organizations must prioritize: - **Patch compliance**: Apply updates to break attacker persistence. - **SSL-VPN scrutiny**: Disable if unused or until secured. - **Configuration audits**: Treat all settings as potentially compromised.

loading..   12-Apr-2025
loading..   2 min read
loading..

Data Theft

Encryption

Ransomware attack plunges Sensata Technologies into chaos. Operations paralyzed,...

A weekend cyberattack has thrown industrial tech giant Sensata Technologies into chaos, crippling critical operations and exposing the company to an unknown extent of data theft. While the $4 billion company scrambles to recover, crucial questions remain unanswered, casting a long shadow over its immediate future. ### Operations Paralyzed, Recovery Uncertain Striking swiftly last Sunday, the attack wasn’t a minor glitch but a calculated blow, instantly encrypting vital parts of Sensata’s network. The consequences were immediate and severe: Manufacturing Halted: Production lines fell silent. Logistics Frozen: Shipping and receiving ground to a halt. Support Functions Disrupted: Key internal systems were knocked offline. In its mandatory 8-K filing with the SEC – an admission forced by the severity of the incident – Sensata confessed the attack “temporarily impacted” operations. However, this bland corporate-speak barely hints at the true scale of disruption crippling a company built on precision and timeliness. Worryingly, Sensata admits it cannot provide a timeline for restoring these crucial functions, leaving customers, suppliers, and investors in limbo. How long can a global supplier afford such paralysis? ### Extortion Gambit Beyond operational disruption looms a potentially more damaging threat: data exfiltration. Sensata confirmed that the attackers didn’t just lock down systems; they stole data before deploying the ransomware. This is a classic, ruthless tactic: Maximize Leverage: Stolen data becomes a powerful bargaining chip for ransom demands. Intensified Pressure: The threat of leaking sensitive information adds immense pressure. Create Legal Nightmares: Data breaches trigger regulatory scrutiny and potential lawsuits. Sensata is now scrambling against the clock to determine precisely what treasure trove of critical data – potentially sensitive customer designs, confidential financial records, or private employee information – has fallen into criminal hands. The company states it will notify affected parties “as needed,” but the true scope of the breach remains a dangerous unknown. ### Downplaying the Damage? Financial Outlook Questioned Despite the operational standstill and the confirmed data theft, Sensata publicly stated it “does not expect any material impact” on its financial results for the current quarter. This optimistic projection clashes starkly with the reality of disrupted manufacturing and shipping, coupled with the unquantified costs of recovery, potential ransom payments (though unconfirmed), and regulatory fines. Crucially, the company did hedge this statement, admitting the assessment could change once the “full scope and impact” are understood. This raises a critical question: Is this merely wishful thinking or deliberate spin designed to placate markets, or does Sensata genuinely fail to grasp the catastrophic potential of this breach? ### Ominous Silence from the Attackers No specific ransomware group has publicly claimed responsibility as of now. This silence can be more unnerving than a boastful claim. Are the attackers negotiating privately? Are they preparing to leak the stolen data? The lack of attribution only adds another layer of uncertainty to an already precarious situation for the $4 billion industrial player. Sensata Technologies, a supplier critical to the automotive, aerospace, and industrial sectors, now finds itself navigating a crisis with no clear end in sight. The full fallout—operational, financial, and reputational—is far from over and threatens to spiral.

loading..   11-Apr-2025
loading..   3 min read
loading..

Defacement

Dark Web

Everest ransomware gang's leak site hacked, defaced with 'Crime is bad' taunt. C...

Over the weekend, the notorious Everest ransomware gang faced an unexpected humiliation when their dark web leak site was hacked and replaced with a sarcastic message: _“Don’t do crime CRIME IS BAD xoxo from Prague.”_ The site, critical to Everest’s double-extortion campaigns, now displays an _“Onion site not found”_ error, leaving cybersecurity experts and threat actors alike questioning how a criminal group fell victim to the very tactics it employs. ### **A Mocking Blow to Cybercriminals** The defacement of Everest’s leak site marks a rare instance of cybercriminals being targeted by an unknown adversary. The mocking message, signed _“from Prague,” has been widely interpreted as a deliberate attempt to undermine Everest’s credibility. Security researchers, including Flare Senior Threat Intelligence Analyst Tammy Harper, noted the irony: “For a group that prides itself on breaching organizations, this is a significant blow to their reputation.” The attack disrupted Everest’s operations, temporarily halting their ability to pressure victims by threatening data leaks—a cornerstone of their double-extortion strategy. While the gang quickly took the site offline, the incident has sparked debates about vulnerabilities even within criminal ecosystems. ### **WordPress Vulnerability Suspected** Experts speculate that the breach may have stemmed from a WordPress vulnerability. Everest’s leak site reportedly used a WordPress template, which Harper highlighted as a potential weak point: “WordPress is a common target. If they failed to patch plugins or themes, it would’ve been an easy entry for attackers.” WordPress, powering over 40% of websites globally, is frequently exploited due to outdated plugins or weak configurations. The incident underscores a paradoxical truth: even cybercriminals neglect basic cybersecurity hygiene. “This is a reminder that no one is immune to poor security practices,” Harper added. ### **From Data Theft to Ransomware Kingpin** Since emerging in 2020, Everest has evolved from a data theft-focused group to a full-fledged ransomware operation. Their tactics now include encrypting victims’ systems and selling network access to other cybercriminals, positioning them as both ransomware deployers and initial access brokers. **Key Milestones:** - **2020:** Launched as a data extortion group. - **2023:** Shifted to ransomware deployment, expanding their profit streams. - **2024:** Claimed over 230 victims, including high-profile targets like STIIIZY, a California-based cannabis brand, and U.S. healthcare organizations. In November 2024, Everest allegedly breached STIIIZY’s point-of-sale vendor, stealing customer data, including government IDs. The company confirmed the breach in January 2025, linking it to a third-party vendor compromise. ### **Healthcare Sector Under Fire** The U.S. Department of Health and Human Services (HHS) issued a warning in August 2024 about Everest’s escalating attacks on healthcare providers. These organizations, already vulnerable due to sensitive data and critical services, face heightened risks of operational disruption and financial losses from ransom demands. ### **A Temporary Setback?** While the leak site takedown disrupts Everest’s operations, experts believe the group will likely regroup. “Ransomware gangs are resilient. They’ll migrate to new infrastructure, but this incident might make victims think twice about paying ransoms,” said Harper. However, the breach could embolden vigilantes or rival groups to target other cybercriminal platforms, complicating the dark web’s already volatile landscape. ### **Who Hacked Everest? Theories Abound** The attacker’s identity remains shrouded in mystery. Possible scenarios include: 1. **Hacktivists:** Motivated by ideology, possibly targeting Everest’s healthcare attacks. 2. **Rival Groups:** Competing gangs seeking to destabilize Everest’s dominance. 3. **Law Enforcement:** Unlikely, as agencies typically seize infrastructure rather than deface it. The “Prague” reference could be a red herring, but it has fueled speculation about Eastern European cybercrime rivalries.

loading..   09-Apr-2025
loading..   3 min read
Company Logo
logo

Secure Blink automates the web application and API security for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

LinkedIn Logo
Twitter Logo
Discord Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

contact@secureblink.com

@ Copyright 2025 Secure Blink. All rights reserved.

16192, Coastal Highway, Lewes, Delaware, US-19958