In the past two weeks, three new vulnerabilities in the the MOVEit file transfer software have been discovered, including one over the weekend. The MOVEit file transfer software is used by around 1700 organizations worldwide. As in most cases when supply chain modules are being compromised, the impact is lethal as big companies such as the BBC and Zellis have been targeted.

As threat intelligence evolves, mature organizations view it as a complex, multi-layer process. The standard Threat Intelligence cycle famously includes five stages: Planning, Collection, Analysis, Production (AKA reporting), and Dissemination. But this cycle can be viewed and conducted with different approaches in mind. As we understand the difference between strategic, tactical, technical, and operational Threat Intelligence, we’ll see what that means.

Once upon a time, organizations saw cybersecurity as a technical challenge that affected just technical stakeholders. Those days are over. Security has become a business problem. Aware of the danger that cyberattacks pose to business revenue and reputation, executives and boards are focusing more extensively on ensuring that their IT organizations are handling security risks, which means CISOs face more pressure than ever.

Cyberint discovered in the ‘wild’ what could possibly be associated with the ‘Cardpool’ gift card breach, a file named ‘cardpool leak’. It was collected by our platform, Argos. ‘Cardpool’ was an online business where customers exchanged or sold their unwanted or partially used gift cards. It was shut down in early 2021, but it’s been discovered that in late April 2021, a Russian Threat Actor allegedly sold $38 million worth of gift cards there.

The theft of users’ credentials is a growing industry. The market for compromised credentials is vast and has huge potential due to: These factors have created a lucrative market for cybercriminals who are able to steal credentials and sell them on the black market. The stolen credentials can then be used to access personal and financial information, commit identity theft, or launch other cyberattacks.

As the new underground forum, ExposedVC, is trying to establish credibility among threat actors and the cybersecurity community in general, its admins are working hard to give some valuable leaks to attract more people. A few hours ago, the admins leaked what they claim to be the entire RaidForums DB that was taken down in 2022 by the FBI, along with the arrest of its admin Omnipotent.

During 2022 and the first quarter of 2023 Cyberint noticed an increased trend in Threat Actors engaging in malvertising, AKA abusing the ad space to distribute their phishing & malware campaigns. Malvertising increases their reach and potential victims due to advertisement prioritization in search engine results. This trend is a lesser-known risk among the general public, and therefore poses a higher threat.

Over the past two months, the Cyberint research team has witnessed an extensive campaign in which threat actors are actively exploiting the recently discovered vulnerability in the PaperCut print management platform. The Cyberint research team has identified a significant trend in relation to these recent attacks and associated incidents linked to this vulnerability.

Ever since Pompompurin’s arrest and the shutdown of BreachedForums, threat actors have been looking for a new home to migrate and continue their cybercrime activities, especially the data leakage groups. Although Telegram has become one of the most popular platforms for the cybersecurity community, data leakage groups and other cybercrime sellers still need an underground forum to advertise their services and findings.

Supply Chain Intelligence is an improved method for continuously discovering, monitoring, assessing and mitigating risk introduced to your organization through 3rd party technologies, vendors, and suppliers.