Known Indicators of Compromise Associated with Androxgh0st Malware

Actions to take today to mitigate malicious cyber activity: 1. Prioritize patching known exploited vulnerabilities in internet-facing systems. 2. Review and ensure only necessary servers and services are exposed to the internet. 3. Review platforms or services that have credentials listed in .env...

CVE-2022-3181

An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network LAN-only and internet facing systems are affected...

Input validation

An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network LAN-only and internet facing systems are affected...

CVE-2022-3181

Trihedral VTScada is affected by CVE-2022-3181 (CVE assignment tied to VTScada 12.0.38 and earlier). The vulnerability stems from improper input validation, where a specially malformed HTTP request could cause the VTScada server to crash, impacting both LAN-only and internet-facing deployments. T...

CISA Alert: Top 15 Routinely Exploited Vulnerabilities

The U.S. Cybersecurity & Infrastructure Security Agency has published its report on the top exploited vulnerabilities of 2021. This blog summarizes the report’s findings and how you can use Qualys VMDR to automatically detect and remediate these risks in your enterprise environment. The...

Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise

The continuous improvement of security solutions has forced attackers to explore alternative ways to compromise systems. The rising number of firmware attacks and ransomware attacks via VPN devices and other internet-facing systems are examples of attacks initiated outside and below the operating...

ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You Need To Know

On June 29, 2021, security researcher Michael Stepankin @artsploit posted details of CVE-2021-35464, a pre-auth remote code execution RCE vulnerability in ForgeRock Access Manager identity and access management software. ForgeRock front-ends web applications and remote access solutions in many...

Many Factors Conspire in ICS/SCADA Attacks

Critical infrastructure operators can’t be blamed for a perpetual case of whiplash. They are mired between hackers targeting internet-facing and air-gapped systems with equal precision, and vendors and management unwilling to properly tackle security for fear of downtime and incompatibility. “The...

RPC Portmapper Service Detection (TCP)

TCP based detection of a RPC portmapper service. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RPC Portmapper Service Detection (UDP)

UDP based detection of a RPC portmapper service. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...