January 13, 2025 Cyber Threat Intelligence Briefing

January 13, 2025 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Jan 13, 2025
Kroll

January 13, 2025 Cyber Threat Intelligence Briefing

This week’s briefing covers:

00:00 - Intro and Situational Awareness

MORPHEUS Ransomware
emerged around the beginning of 2025 with the discovery of its data leak site and initial victim postings. According to researchers, it is possible that the binaries of MORPEHUS could resemble HELLCAT.

CL0P Update
Between January 3-6, 2025, CL0P has published two new victim organizations, one possibly pertaining to the Cleo Zero-Day Exploitation.

2:01 – Ivanti Discloses Active Exploitation of Critical Vulnerability
Ivanti has disclosed vulnerabilities affecting Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS) and Ivanti Neurons for Zero Trust Access (ZTA) gateways. According to Ivanti, CVE-2025-0282 has been exploited on a limited number of ICS appliances.

4:15 – Malicious Browser Extension Supply Chain Attack: Part 2
Key Takeaways

  • Kroll continues to analyze and research the ongoing browser extension campaign, and the Kroll Security Operations Center (SOC) continues to contact any impacted customers.
  • The campaign appears to begin weeks earlier than first identified.
  • The Kroll SOC will continue to contact any impacted customers with guidance and support.

7:03 – LDAPNightmare Proof of Concept: CVE-2024-49113
A proof of concept (POC) for an LDAP vulnerability Microsoft patched in December’s patch Tuesday has been released by SafeBreach. The POC is for the vulnerability Microsoft describes as a denial-of-service vulnerability (CVE-2024-49113) which has a CVSS score of 7.5.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q2 2024 Threat Landscape Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/q2-2024-threat-landscape-report-threat-actors-ransomware-cloud-risks-accelerate

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings

Kroll Cyber Blog: https://www.kroll.com/en/insights/publications/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber-risk/managed-security/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber-risk/managed-security/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2024 OpsMatters™. All rights reserved.