Comprehensive CTI Report: Insights from the LockBit Ransomware Group Data Dump
Executive Summary This report analyzes a leaked database dump from the LockBit ransomware group, providing actionable insights into their operations, tactics, and infrastructure. Key findings include the identification of Bitcoin addresses used for ransom payments, operator activity patterns, negotiation tactics, and targeted industries. These insights can help security professionals detect, mitigate, and respond to LockBit…
Read MoreSituational Awareness: Unsecured Pastebin-Style Site
Summary: A publicly accessible PasteBin-style site has been identified, potentially operating without logging capabilities, posing risks for data exposure and malicious use. The site lacks an SSL certificate, increasing the risk of data interception. Details: URL: http://206.189.219.64:8080/ Application: Spectre (a paste service engine) IP Address: 206.189.219.64 (registered to DigitalOcean) Security Note: No SSL certificate detected,…
Read MoreComprehensive CTI Report: Scattered Spider Threat Actor Group
Purpose: To provide an exhaustive analysis of the Scattered Spider threat actor group, detailing their profile, payloads, tactics, techniques, and procedures (TTPs), MITRE ATT&CK framework mappings, methods for proactively tracking their networks using tools like Shodan, and their affiliations with other threat actor groups, incorporating recent insights from the Google Mandiant report. Executive Summary Scattered…
Read MoreNavigating the CVE Transition: Insights on GCVE, CVE Foundation, and Beyond
The Common Vulnerabilities and Exposures (CVE) program, managed by MITRE since 1999, has been a cornerstone of global cybersecurity, providing standardized identifiers for vulnerabilities (e.g., CVE-2024-43573). However, the program faced a critical challenge when its funding from the U.S. Department of Homeland Security (DHS) was set to expire on April 16, 2025. A last-minute 30-day…
Read MoreCritical CVEs and Associated Threats
This report was prepared by Barricade Cyber Solutions and aims to inform our clients and prospects about critical Common Vulnerabilities and Exposures (CVEs) identified in the CrowdStrike 2025 Global Threat Report. These known critical vulnerabilities pose significant risks; understanding these risks can help protect your systems from emerging cyber threats. Critical CVEs and Associated Threats…
Read MoreSPOTREP: Exploitation of Windows CLFS Zero-Day Vulnerability (CVE-2025-29824)
Vulnerability Details: Zero-day elevation of privilege vulnerability in Windows Common Log File System (CLFS) Tracked as CVE-2025-29824 Allows escalation from standard user to SYSTEM privileges Exploitation Details: Post-compromise exploitation observed against a small number of targets Exploit delivered via PipeMagic malware Used to deploy ransomware payloads Affected Systems/Targets: Known targets include: IT and real estate…
Read MoreSituational Awareness Report: CVE-2025-24813 Apache Tomcat RCE
Overview CVE-2025-24813 is a critical Remote Code Execution (RCE) vulnerability affecting Apache Tomcat, a widely used open-source web server and servlet container. This vulnerability enables attackers to upload a malicious serialized payload to a vulnerable server, leading to arbitrary code execution through a deserialization flaw under specific conditions. The recent release of a Proof of…
Read MoreSPOTREP: SuperBlack Ransomware Campaign
Executive Summary: SuperBlack Ransomware Campaign The SuperBlack ransomware campaign, active since late January 2025, presents a serious threat to organizations utilizing Fortinet firewall appliances. Orchestrated by the threat actor Mora_001, this campaign exploits two critical authentication bypass vulnerabilities—CVE-2025-24472 and an unspecified flaw—to gain super-admin privileges. Attackers employ WebSocket-based attacks or crafted HTTPS requests to infiltrate…
Read MoreExecutive Summary: Continued Attacks on USA Law Firms
Executive Summary A cybercriminal operating under the alias CeFarir0ne has put up for sale unauthorized Remote Desktop Protocol (RDP) access to an unidentified law firm based in the United States. According to the forum listing, the law firm generates approximately $5 million in annual revenue. The access being sold includes: A user-level domain account One domain controller One domain trust…
Read MoreExecutive Summary: ShadowSyndicate Threat Group
Executive Summary In late 2024, Darktrace identified multiple instances of RansomHub ransomware attacks linked to the ShadowSyndicate threat group. ShadowSyndicate, active since 2022, has been associated with several ransomware families and sophisticated tools, including Cobalt Strike and Sliver. Their latest collaboration with RansomHub, a rising Ransomware-as-a-Service (RaaS) operator, underscores an evolving threat landscape. This report…
Read More