Mario Arauzo’s Post

🚨 FBI Seeks Public Assistance in Identifying Cyber Threat Actors 🚨 In a critical move to safeguard national and global cybersecurity, the FBI is calling on the public to help identify hackers behind extensive cyber intrusions linked to Chinese state-sponsored groups. These cyber actors have allegedly deployed sophisticated malware, targeting organizations globally, and compromising edge devices critical to infrastructure. This highlights the importance of collaboration in the cybersecurity community to combat advanced persistent threats and protect our networks. Learn more about this investigation and how you can help. #Cybersecurity #FBI #CyberThreats #Collaboration

🚨 FBI Issues Warning on Cyber Threats from China! 🇺🇸🇨🇳 The FBI has issued an alert about increased cyber activities from hackers associated with China following the exploitation of Sophos cyber security software. These threat actors are reportedly seeking sensitive information from organizations across various sectors. 🛡️💻 It's a crucial reminder for all businesses to bolster their cybersecurity measures and stay vigilant against potential threats. Let's work together to protect our digital landscape! 💪✨ #CyberSecurity #FBIAlert #CyberThreats #InfoSec #StaySafe #DataProtection #Sophos https://lnkd.in/efHDUaTN

When a new exploit is exposed, most of us have security systems that get regular updates and will start to alert about the flood of automated attempts to take advantage of the exploit. This is very satisfying. There was a new threat. We know our tools are working because they identify attempts to exploit the new threat. We can sleep easy tonight. But do your processes inspect your systems retroactively? Top tier cyber crime groups and nation state threat actors are focused on value more than volume. They quietly infiltrate a system, slowly expand their foothold, and look for the most valuable information -- careful not to trigger any alarms. Over time all vulnerabilities are eventually identified. Either the attackers make a mistake, trigger a security alarm and expose the vulnerability, or other teams identify the same vulnerability and report it through legitimate channels. Those channels create patches, updated monitoring tools, publish alerts. From that point forward you are protected, but what if you were compromised a year ago? Would you even know? It is important to look at your historical security logs too. New indicators of compromise (IoCs) are new to you, but they have been in use for a while by someone. https://lnkd.in/gJ6W-K9C hashtag#cybersecurity hashtag#espionage hashtag#apt hashtag#itsabouttrust

⛓️💥 Defenseless Defense Chinese hackers have compromised over 20,000 FortiGate systems worldwide, exploiting a critical vulnerability in FortiOS/FortiProxy (CVE-2022-42475). This sophisticated attack used a remote access trojan (RAT), "Coathanger," to maintain persistent access, which could survive after system reboots and firmware upgrades. Targets included governments, international organizations, and defense industries. CVE-2022-42475 was also exploited as a zero-day to target government organizations and related entities, as disclosed by Fortinet in January 2023. ⛑️ Fortinet advised customers to immediately upgrade to a patched version of FortiOS to block attack attempts and reach out to Fortinet support if they find indicators of compromise. ❗️This incident shows that even security solutions can be hacked, and the only way to resist sophisticated attacks is to use a comprehensive approach while securing digital assets. A layered security strategy includes: ✅ Risk assessment ✅ Robust access controls ✅ Vulnerability management ✅ Network segmentation ✅ Continuous monitoring with incident response ✅ User education #infosec #cybersecurity #cybertex #cybertexsecurity #0day #ZeroDay #cyberattack #fortinet https://lnkd.in/diamk6N5

🚨 The NSA and FBI are sounding the alarm on Russian hackers targeting Ubiquiti EdgeRouters for cyber attacks! 🛑 The joint cybersecurity advisory reveals that the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, also known as APT28 or Fancy Bear, has been using compromised routers to fuel their cyber operations. 🔍 They're harvesting credentials, collecting network traffic, and even hosting spear-phishing landing pages and custom tools through these compromised routers! With Ubiquiti EdgeRouters being so popular among consumers, they've become prime targets for these cyber criminals. 😱 Staying up to date with patches and keeping your security settings tight is key! Don't let these cyber crooks catch you off guard! Stay vigilant and stay protected! 💪💻 #CyberSecurity #NSA #FBI #UbiquitiEdgeRouters #StaySafe

UNC1860 Hackers Use Specialized Tools & Backdoors To Penetrate Victims’ Networks: Mandiant exposed the activities of UNC1860, a sophisticated Iranian state-sponsored cyber group. This group, believed to be affiliated with Iran’s Ministry of Intelligence and Security (MOIS), has been actively infiltrating high-priority networks across the Middle East, including government and telecommunications sectors. UNC1860 is known for its extensive use of specialized tools and passive backdoors, which […] The post UNC1860 Hackers Use Specialized Tools & Backdoors To Penetrate Victims’ Networks appeared first on Cyber Security News. #CyberSecurity #InfoSec

Iranian Hackers Using Multi-Stage Malware To Attack Govt And Defense Sectors Via LinkedIn: Microsoft has identified a new Iranian state-sponsored threat actor, Peach Sandstorm, deploying a custom multi-stage backdoor named Tickler.  This backdoor has been used to target various sectors, including satellite, communications equipment, oil and gas, and government, in the United States and the United Arab Emirates. Peach Sandstorm has also engaged in password spray attacks and […] The post Iranian Hackers Using Multi-Stage Malware To Attack Govt And Defense Sectors Via LinkedIn appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to target networks. Google-owned Mandiant is tracking the activity cluster under the moniker UNC1860, which it said shares similarities with intrusion sets tracked by Microsoft, Cisco Talos, and Check Point as Storm-0861 (formerly DEV-0861), ShroudedSnooper, and Scarred Manticore, respectively. "A key feature of UNC1860 is its collection of specialized tooling and passive backdoors that [...] supports several objectives, including its role as a probable initial access provider and its ability to gain persistent access to high-priority networks, such as those in the government and telecommunications space throughout the Middle East," the company said. Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations 

🚨U.S. & UK Issue Russian Cyber Threat Warning — Tracking 12 of the 25 CVEs in the Advisory, GreyNoise Observes Attacker Activity on 9 CVEs 🚨 Attackers are scanning widely used platforms, but here’s the NEW data: GreyNoise has detected real-time probing on 9 vulnerabilities related to Russian intelligence campaigns. This means your systems could be at risk if unpatched. ⚡️ Stay ahead with immediate insights and act fast! 🔗 Get the full breakdown here: #Cybersecurity #APT29 #VulnerabilityManagement #ThreatIntel #RealTimeData #GreyNoise

Google has released a new report detailing Iran's cyber operations targeting critical infrastructure in Israel and the US. This report highlights the concerning extent of Iran's cyber capabilities and the potential threats they pose. The report also reveals a rise in Hamas-linked cyber activity before the October 7th attack. Don't miss out on these critical insights - read the full report now and stay ahead of the evolving cyber threat landscape. Click here to access the report: https://lnkd.in/g5-bEv_P #cybersecurity #criticalinfrastructure #Iran #cyberwarfare #Hamas #Google #security #infosec #threatintelligence #industrialcyber #icssecurity #ics