Bypassing EDR to dump LSA secrets – Orange Cyberdefense

How does LSA secrets dumping work LSA secrets is a specific place in Windows in which secrets are stored. Originally it was used to store cached domain records but was expanded to store all kinds of secrets like, for example, passwords of services running via an Active Directory account (yeah I’m thinking of you MSSQL): […]

Bypassing EDR to dump LSA secrets – Orange Cyberdefense Read More »

Cyberattacks on sporting event ticketing systems

If major sporting events are used to bringing together crowds of enthusiasts and supporters around the field, another part is played at the ticket office or at the cash register. With 2.5 million spectators for the 2023 Rugby World Cup, 500,000 for the 2024 Roland-Garros tournament, sporting event tickets sold from a few dozen to

Cyberattacks on sporting event ticketing systems Read More »

Emmenhtal: A little-known loader distributing commodity infostealers worldwide

Special thanks to Simon Vernin, Roland Roure, Florian Simonet, and Rebecca Attali TL;DR Note: The analysis cut-off date for this report was August 07, 2024. Introduction In May and June 2024, our Managed Threat Detection (CyberSOC) team encountered a malicious campaign impacting two of our clients in France. The infection chain used by the threat actors typically leveraged fake videos –

Emmenhtal: A little-known loader distributing commodity infostealers worldwide Read More »

How MDR can help streamline compliance with NIS2 & DORA

What is MDR? Managed Detection and Response (MDR) is a cybersecurity service that combines advanced technology and expert human intervention to continuously monitor, detect, and respond to cyber threats in real time. MDR services offer proactive threat detection, incident response, and detailed reporting, all managed by a team of dedicated security professionals. This means you

How MDR can help streamline compliance with NIS2 & DORA Read More »

A long term cybersecurity success for businesses

The new standard for corporate health As companies navigate the complexities of the modern economy, investors are demanding greater transparency regarding extra-financial performance. This includes not only environmental and social governance (ESG) factors but also cybersecurity metrics. For companies listed on the Paris Stock Exchange, demonstrating robust cybersecurity practices is becoming integral to showcasing resilience

A long term cybersecurity success for businesses Read More »

FortiManager critical 0-day vulnerability

Update 3, 11-15-2024 – FortiManager flaw CVE-2024-47575 bypassed by WatchTowr, details/PoCs are now public Executive Summary Since our last update, vulnerability researchers at WatchTowr published the details and exploit for the vulnerability in FortiManager known as “fortijump” (CVE-2024-47575). These technical details reveal that this vulnerability relies on command injection due to insufficient validation in the som/export function, allowing attackers to exploit the

FortiManager critical 0-day vulnerability Read More »

The hidden network: How China unites state, corporate, and academic assets for cyber offensive campaigns

Explore directly our interactive map here and read the associated report here. Between 2023 and 2024, our World Watch Cyber Threat Intelligence team issued over 35 advisories and updates concerning zero-day vulnerabilities exploited by Chinese threat actors. These account for 41% of all advisories with a high or very high threat level (above 4/5 based on our scoring scheme),

The hidden network: How China unites state, corporate, and academic assets for cyber offensive campaigns Read More »

New 0-day revealed by Ivanti in Connect/Policy Secure and Neurons for ZTA

Summary Two vulnerabilities were disclosed by Ivanti in their Connect Secure (ICS/ISA) VPN, Policy Secure and Neurons for ZTA solutions. One of them (CVE-2025-0282, link for our Vulnerability Intelligence feed i.e. “MVI-watch” clients) is believed to have been exploited in the wild in limited cases and Connect Secure solution only, thus as a 0-day. Mandiant researchers observed that the CVE-2025-0282 vulnerability

New 0-day revealed by Ivanti in Connect/Policy Secure and Neurons for ZTA Read More »

Threat actors exploit a 0-day in exposed management consoles of Fortinet FortiGate firewalls

Summary The vulnerability is tracked as FG-IR-535 or CVE-2024-55591 and impacts exposed Fortinet firewall management consoles. Impacted versions are: No public Proof of Concept (PoC) is available at the time of publication. Arctic Wolf described a campaign targeting FortiGate firewalls with exposed management interfaces. Attackers exploited a 0-day vulnerability to create new admin accounts and configure SSL VPN connections, gaining super-admin access. Link for

Threat actors exploit a 0-day in exposed management consoles of Fortinet FortiGate firewalls Read More »