Thursday , February 20 2025
Ghost ransomware

CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries

The FBI and CISA reported on Wednesday that the ransomware group Ghost has been exploiting software and firmware vulnerabilities as recently as January.

The group targets internet services with old, unpatched vulnerabilities that users could have addressed years ago. Cybersecurity researchers began alerting the public about the group in 2021.

AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets

A free tool is now available to scan public GitHub repositories for exposed AWS credentials. Security engineer Anmol Singh Yadav created...
Read More
AWS Key Hunter  Test this free automated tool to hunt for exposed AWS secrets

Check Point Flaw Used to Deploy ShadowPad and Ransomware

An unknown threat cluster has targeted European healthcare organizations, deploying PlugX and ShadowPad. In some cases, these intrusions resulted in...
Read More
Check Point Flaw Used to Deploy ShadowPad and Ransomware

CVE-2024-12284
Citrix Issues Security Update for NetScaler Console

Citrix has issued security updates for a serious vulnerability in the NetScaler Console and NetScaler Agent that could allow privilege...
Read More
CVE-2024-12284  Citrix Issues Security Update for NetScaler Console

CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries

The FBI and CISA reported on Wednesday that the ransomware group Ghost has been exploiting software and firmware vulnerabilities as...
Read More
CISA and FBI ALERT  Ghost ransomware to breach organizations in 70 countries

Hacker chains multiple vulns to attack Palo Alto Firewall

Palo Alto Networks has issued urgent warnings about threat actors to exploit vulnerabilities in PAN-OS, the operating system powering its...
Read More
Hacker chains multiple vulns to attack Palo Alto Firewall

150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

Indian government and educational websites, along with reputable financial brands, have experienced SEO poisoning, causing user traffic to be redirected...
Read More
150 Gov.t Portal affected  Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

The Cyber Threat Intelligence Unit of BGD e-GOV CIRT has found 600 vulnerable PRTG instances in Bangladesh, affected by the...
Read More
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru

Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages to the tune of Rs...
Read More
Builder claims Rs 150 cr for data loss;  AWS faces FIR In Bengaluru

CISA Warns Active Exploitation of Apple iOS Security Flaw

CISA has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, known as CVE-2025-24200, which...
Read More
CISA Warns Active Exploitation of Apple iOS Security Flaw

Massive IoT Data Breach Exposes 2.7 Billion Records

A major IoT data breach has exposed 2.7 billion records, including Wi-Fi network names, passwords, IP addresses, and device IDs....
Read More
Massive IoT Data Breach Exposes 2.7 Billion Records

“This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China,” says the alert, released with the Multi-State Information Sharing and Analysis Center (MS-ISAC).

Vulnerabilities include unpatched bugs in Fortinet security appliances, servers using Adobe ColdFusion, and Microsoft Exchange servers vulnerable to the ProxyShell attack.

Since 2021, various sectors, including critical infrastructure, schools, healthcare, government networks, religious institutions, tech companies, and many small to medium businesses, have been targeted. The main aim is financial gain, with ransom demands often exceeding hundreds of thousands of dollars.

“Persistence is not a major focus for Ghost actors, as they typically only spend a few days on victim networks,” the agencies say. “In multiple instances, they have been observed proceeding from initial compromise to the deployment of ransomware within the same day.”

The group uses well-known hacking tools like Cobalt Strike and Mimikatz, and the malware they deploy often has names like Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe, according to the alert.

“The impact of Ghost ransomware activity varies widely on a victim-to-victim basis,” the agencies say. “Ghost actors tend to move to other targets when confronted with hardened systems, such as those where proper network segmentation prevents lateral moment to other devices.”

Hacker chains multiple vulns to attack Palo Alto Firewall

Check Also

PRTG Instances

CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

The Cyber Threat Intelligence Unit of BGD e-GOV CIRT has found 600 vulnerable PRTG instances …

Leave a Reply

Your email address will not be published. Required fields are marked *