Global enterprises are facing a serious security crisis as misconfigured Access Management Systems (AMS) expose sensitive employee data and grant potential access to restricted facilities. The vulnerabilities found across healthcare, education, manufacturing, and government industries put organizations at heightened risk of data breaches, financial losses, and compliance violations.
In some cases, attackers could manipulate credentials to bypass security systems entirely, raising urgent concerns over both digital and physical security, according to a report by cybersecurity firm Modat.
The findings suggest that hundreds of thousands of sensitive employee records have been exposed, including biometric information, identification details, photographs, and work schedules. In some cases, these vulnerabilities could allow unauthorized individuals to bypass physical security measures and gain entry into restricted facilities.
Access Management Systems are crucial in modern security and yet they can often present significant vulnerabilities,” the report said. “Some systems offer comprehensive access control features, but their network-connected nature can create potential attack vectors.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
The ransomware-as-a-service (RaaS) cybercrime group intends to leak the stolen information in just two days, it claims; but oddly, it doesn’t seek a ransom payment from its victim.
Qilin, a Russian-speaking cybercrime group, has claimed responsibility for the cyberattack that impacted Lee Enterprises’ operations in early February.
Lee Enterprises is one of the largest newspaper groups in the US, with publications in 72 markets, including The Buffalo News, Omaha World-Herald, and the Richmond Times-Dispatch. It filed a report last month with the SEC detailing the cyberattack, which caused an outage that crippled its operations.
At the time of the filing, Lee Enterprises said it was still investigating the data breach, noting that the process could take some time to complete. Now, Qilin, which typically operates a ransomware-as-a-service (RaaS) model, is claiming the theft of 350GB of data from the company on its Tor leak site. The data includes financial records, payments to journalists, and insider news tactics, it claims. The group also provided what it said is proof of the attack, publishing ID scans, corporate documents, and spreadsheets.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.darkreading.com/cyberattacks-data-breaches/qilin-cyber-gang-credit-lee-newspaper-breach
Businesses that install and own solar distributed energy resources increase their attack surface and that of the electric grid.
High energy costs and concerns over the stability and capacity of electric grids are leading businesses to evaluate and implement their own onsite energy generation systems. These onsite systems, referred to as distributed energy resources (DERs), are most commonly solar panel arrays, often paired with batteries to store energy for later use.
DERs are usually connected to the grid so that business can sell electricity they don’t use to the utilities. They might also connect with an organization’s internal systems and third parties that monitor and manage the DER.
This connectivity creates new points of vulnerability that organizations must take into account when assessing risk. Potential risks range from disrupting a single DER to compromising the electrical grid itself.
A key component of solar DERs is the smart inverter, which connects to the electrical grid but is not owned by the utility. Inverters manage the flow of energy to and from the DER and the electrical grid. They sense grid conditions and communicate with the electric utility, so they play a key role in power availability, safety and grid stability.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Analyzing leaked internal communication logs, security researchers are piecing together how one of the most notorious ransomware groups infiltrates its victims. Black Basta, one of the most successful ransomware groups over the past several years, had a major leak of its internal communications recently. The logs provide a glimpse into the playbook of a high-profile ransomware group and its preferred methods for gaining initial access to networks, as analysis from security researchers shows.
“Key attack vectors used by Black Basta include scanning for exposed RDP [remote desktop protocol] and VPN services — often relying on default VPN credentials or brute-forcing stolen credentials to gain initial access — and exploiting publicly known CVEs when systems remain unpatched,” researchers from patch management firm Qualys wrote in an analysis of the leaked logs.
Meanwhile, cyber threat intelligence firm KELA has observed correlations between the 3,000 unique credentials present in the leaked logs and previous data dumps from infostealing malware, suggesting relationships with other threat groups who are collecting and then selling such data.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
The federal government views the defendant as a flight risk and danger to the community due to his ability to access sensitive and private information.
The US Army soldier arrested for unlawful transfer of confidential phone records told a federal judge he intends to plead guilty to the charges.
Cameron John Wagenius, who went by the online alias “Kiberphant0m,” was involved in the Snowflake hacking campaign alongside Connor Riley Moucka, known as “Judische,” who was arrested in October 2024.
Wagenius was arrested after infiltrating 15 telecommunications providers while on active military duty. He then reportedly published the stolen AT&T call logs of high-ranking officials like President Donald Trump and former Vice President Kamala Harris on Dark Web forums.
Now, Wagenius has admitted to his crimes in court and is showing a willingness to enter a guilty plea, though the prosecution argues that Wagenius is a flight risk and a danger to the community due to his ability to access sensitive data.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.darkreading.com/cyber-risk/us-soldier-admits-hacking-15-telecom-carriers
Adversaries like the group being tracked as Storm-2139 are already finding ways to bend and break guardrails around generative artificial intelligence (GenAI) services, and Microsoft is pushing back with a name-and-shame campaign intended to break up their little cybercrime party.
Microsoft’s digital crimes unit named four men — Iranian Arian Yadegarnia, Alan Krysiak from the UK, Hong Kong’s Ricky Yuen, and Phát Phùng Tấn from Vietnam — who were selling unauthorized access to Azure AI services along with step-by-step instructions for generating titillating images of celebrities and others.
This activity is prohibited under the terms of use for our generative AI services and required deliberate efforts to bypass our safeguards,” said Steven Masada, assistant general counsel of Microsoft’s digital crimes unit, in a statement. “We are not naming specific celebrities to keep their identities private and have excluded synthetic imagery and prompts from our filings to prevent the further circulation of harmful content.
Microsoft filed a lawsuit against the group members last month and was able to seize a website behind the operation, he explains. Subsequently, Microsoft attorneys were “doxed,” having personal information posted publicly in retaliation.
Microsoft is responding with an amended complaint along with the public naming of those they believe are behind the cyberattack, known as LLMjacking.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Attackers are shifting tactics, targeting mid-size companies and critical infrastructure sectors, while generative AI risks threaten to overshadow a focus on cyber hygiene.
Ransomware attacks continue to be one of the most significant cybersecurity threats organizations and cybersecurity leaders face. Attacks lead to wide-scale disruptions, large data breaches, huge payouts and millions of dollars in costs to businesses.
In response, large, coordinated law enforcement operations have targeted major ransomware groups and disrupted operations, dismantled data leak sites and seen the release of decryption keys.
However, the volume of attacks has risen, the number of reported victims continues to grow and like a hydra that sprouts new heads, the ransomware ecosystem has been reformed and continues operating, although some of the tactics are changing.
Here are five key insights CISOs need to know in 2025.
1. Too much focus on generative AI risks underestimating known threats
Generative AI tools such as ChatGPT continue to cause a stir in organizations and raise a host of security concerns. However, some incident data and threat analysis suggest security leaders need to remain vigilant about the evolution of traditional ransomware tactics.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.csoonline.com/article/3825545/5-things-to-know-about-ransomware-threats-in-2025.html
CrowdStrike (Nasdaq: CRWD) today announced the findings of the 2025 CrowdStrike Global Threat Report, revealing a dramatic shift in cyber adversary tactics, with attackers leveraging stolen identity credentials, AI-generated social engineering, and hands-on keyboard intrusions to bypass traditional security measures. The report details a surge in identity-based attacks, the growing exploitation of cloud environments and an increase in nation-state cyber activity, particularly from China, which has intensified its targeting of critical industries such as finance, media and manufacturing. Now in its 11th annual edition, CrowdStrike’s definitive threat intelligence report provides an in-depth look at cybercriminal and nation-state adversary behavior.
Key Findings in the 2025 Report
The global cyber threat landscape has evolved rapidly, with adversaries becoming faster, stealthier and more sophisticated. A surge in Chinese cyber activity, the rise of hands-on keyboard attacks, and the widespread use of generative AI to enhance phishing and social engineering tactics have forced security teams to rethink their defense strategies.
According to CrowdStrike’s latest threat report, China’s cyber operations escalated significantly, with a 150% increase in attacks across all sectors in 2024 compared to the previous year. Certain industries, including financial services, media and manufacturing, saw spikes of 200-300%, marking a shift in China’s cyber strategy. CrowdStrike also identified seven new China-nexus adversaries, further contributing to the surge in espionage and cyber operations.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Cloud authentication provides so many advantages in business. It can allow your users to seamlessly authenticate between applications, it’s cost-efficient, and it’s scalable, and it offers great security options. But as with anything that is good in this line of work, it has the potential to be abused.
One example of this is Open Authorization (OAuth) technology, an open-standard protocol designed to allow third-party applications to access user information without sharing the user’s credentials, such as passwords. It enables users to grant limited access to resources from one site to another without exposing login information.
When used for good, it allows users to make persistent connections. When used for evil, it can allow malicious actors to gain a foothold on a network, even an on-premises location.
- Set the filter to permission level “high severity” and community use to “not common”. Using this filter, you can focus on apps that are potentially very risky, where users may have underestimated the risk.
- Under Permissions select all the options that are particularly risky in a specific context. For example, you can select all the filters that provide permission to email access, such as Full access to all mailboxes and then review the list of apps to make sure that they all really need mail-related access. This can help you investigate within a specific context, and find apps that seem legitimate but contain unnecessary permissions. These apps are more likely to be risky.
- Select the saved query Apps authorized by external users. Using this filter, you can find apps that might not be aligned with your company’s security standards.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
A critical vulnerability in Microsoft s Partner Center platform is under attack, enabling unauthenticated attackers to escalate privileges, potentially leading to data breaches, malware deployment, and lateral movement across enterprise networks.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw, tracked as CVE-2024-49035, to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in real-world environments.
A high-impact vulnerability in Microsoft’s partner ecosystem
CVE-2024-49035 is a privilege escalation flaw stemming from improper access control within Microsoft Partner Center, a platform used by enterprises and managed service providers to handle cloud services, licenses, and customer accounts.
Microsoft first disclosed the issue in November 2024, assigning it a CVSS score of 8.7. However, the National Vulnerability Database (NVD) later upgraded its severity rating to 9.8 out of 10, citing its low attack complexity and high impact on confidentiality and integrity. The flaw enables threat actors to exploit the Microsoft Power Apps-based backend of Partner Center, gaining unauthorized access without requiring authentication.
This raises concerns about potential supply chain risks, as attackers could use compromised partner accounts to pivot into customer environments.
Discovery and response timeline
Security researchers Gautam Peri, Apoorv Wadhwa, and an anonymous contributor identified the vulnerability and reported it to Microsoft through the coordinated vulnerability disclosure process.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
