1589 matches found
Dirty Pipe: A privilege escalation vulnerability in Linux Kernel
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A vulnerability in the Linux kernel existed since version 5.8 and allows overwriting data in arbitrary read-only files. Because unprivileged processes can inject code into root processes, this results in privilege escalation. ...
ProxyShell and PetitPotam exploits weaponized by LockFile Ransomware Group
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. LockFile, a new ransomware gang, has been active since last week. LockFile began by using a publicly disclosed PetitPotam exploit CVE-2021-36942 to compromise Windows Domain Controllers earlier this week. Using ProxyShell...
Russian state-sponsored cyber actors targeting U.S. critical infrastructure
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here In a joint cybersecurity advisory, the Federal Bureau of Investigation FBI, the National Security Agency NSA, the Cybersecurity and Infrastructure Security Agency CISA revealed that Russian state-sponsored threat actors target...
LockBit 2.0 Ransomware affiliates targeting Renowned Organizations
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Since September 2021, LockBit 2.0 has targeted 500+ organizations in vital areas globally. The most recent attack targeted well-known tire producer Bridgestone, software behemoth Accenture, and the French Ministry of Justice...
Magic Hound Exploiting Old Microsoft Exchange ProxyShell Vulnerabilities
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here APT35 aka Magic Hound, an Iranian-backed threat group, has begun using Microsoft Exchange ProxyShell vulnerabilities as an initial attack vector and to execute code through multiple web shells. The group has primarily targeted...
BlackByte ransomware exploits Microsoft Servers ProxyShell Vulnerabilities
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. BlackByte ransomware is targeting organizations with unpatched ProxyShell vulnerabilities. Proxy Shell was addressed by hive pro threat researcher in the previous advisory released on August 24. ProxyShell is a combination of...
Weekly Threat Digest: 18 – 24 April 2022
For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 430 5 2 Worldwide 17 46 The fourth week of April 2022 witnessed the discovery of 430 vulnerabilities out of which ...
Cerber targeting organizations with publicly available exploits
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Cerber, ransomware that mysteriously vanished in 2019, has reappeared with a new encryption. The new cerber includes fresh source code and makes use of the new library Crypto+++, whereas the previous form made use of Windows...
Follina: A zero-day vulnerability in Microsoft Office
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Microsoft has issued a patch after almost 15 days for a zero-day vulnerability identified as CVE-2022-30190 after various proof-of-concept POCs indicating that it is actively exploited became public. Security...
Apache released a patch to address the critical zero-day vulnerability in log4j
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. A zero-day remote code execution vulnerability, CVE-2021-44228 was discovered in Apache log4j affecting versions 2.0 to 2.14.1. Apache log4j is a java logging package used by millions of applications. Cloud services such as...
RCE Spring Framework Zero-Day vulnerability “Spring4Shell”
THREAT LEVEL: Red For a detailed advisory, download the pdf file here A zero-day vulnerability has been discovered in the Spring framework, a Java framework that provides infrastructure support for web application development. This vulnerability came to light after a Chinese researcher made a...
Prophet Spider exploits Log4j and Citrix vulnerabilities to deploy webshells
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Prophet Spider is a well-known Initial Access Broker IAB group. Prophet Spiders tradecraft continues to grow while exploiting known web-server vulnerabilities such as Citrix and Log4j. A remote code execution RCE...
Hive Ransomware targets organizations with ProxyShell exploit
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Hive Ransomware has been active since its discovery in June 2021, and it is constantly deploying different backdoors, including the Cobalt Strike beacon, on Microsoft Exchange servers that are vulnerable to ProxyShell...
Several Zoho ManageEngine products have been exploited
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Multiple vulnerabilities have been discovered in Zoho ManageEngine products. The affected products include Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine SupportCenter Plus, Zoho ManageEngine Desktop Central, Zoho...
Leaky Vessels in Cloud Environments Shake Docker and Beyond
Summary: Four vulnerabilities, collectively termed Leaky Vessels, have been uncovered within container engine components, specifically affecting the runC command line tool. In the most severe instances, illicit entry into the underlying host operating system could result in the compromise of vita...
Microsoft tackles DogWalk zero-day vulnerability and multiple privilege escalation vulnerabilities
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Microsoft Patch Tuesday addresses CVE-2022-34713, also known as DogWalk, as well as numerous issues affecting Microsoft Exchange Server, Microsoft Windows Support Diagnostic Tool MSDT, Windows Print...
SnatchCrypto campaign carried out by North Korean APT 38 subsidiary BlueNoroff
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. BlueNoroff, an advanced persistent threat APT group thats part of the larger Lazarus Group associated with North Korea, is behind a series of attacks against small and medium-sized companies that have led to serious...
Weekly Threat Digest: 11 – 17 April 2022
For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 765 14 1 2 6 25 The third week of April 2022 witnessed a huge spike on the discovery of 765 vulnerabilities out of...
Russian threat actor UAC-0056 targets European countries
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The Governmental Computer Emergency Response Team of Ukraine CERT-UA has released an alert about a Russian threat actor UAC-0056 SaintBear, UNC2589, TA471 delivering malwares using email attachments. UNC2589 is a cyber...
Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon
THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in the...
Weekly Threat Digest: 7 – 13 March 2022
For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 538 16 3 42 19 89 The second week of March 2022 witnessed the discovery of 538 vulnerabilities out of which 16...
North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...
Microsoft busts an actively exploited zero-day and several critical flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft addressed a zero-day vulnerability identified as CVE-2022-37969, an Elevation of Privilege vulnerability, in addition to a broad array of other significant flaws that might lead to Remot...
New Threat Actor Exotic Lily acting as Initial Access Broker for Conti and Diavol ransomware group
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Exotic Lily was first discovered exploiting a zero-day vulnerability in Microsoft MSHTML CVE-2021-40444, which piqued the curiosity of researchers as a potentially sophisticated threat actor. Following additional analysis, it...
MuddyWater is taking advantage of old vulnerabilities
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, the Australian Cyber Security Centre ACSC, and the United Kingdoms National Cyber Security Centre NCSC have issued a joint...
HelloKitty is launching a DDoS attack by exploiting known vulnerabilities
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The FBI has issued a warning to private businesses about a new feature of the HelloKitty ransomware group aka FiveHands. The Hello Kitty/FiveHands actor UNC2447 employs the double extortion strategy to place undue pressure on...
Southeast Asian APT Group Saaiwc Targets Military and Financial Departments with PowerDism Backdoor
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Saaiwc Group APT-LY-1005 is a newly identified APT group that is thought to operate in Southeast Asia. The groups main tactic is to use an ISO file as a malicious payload, which when executed, injects a...
Vulnerability in Fortinet allows authentication bypass
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary FortiOS and FortiProxy has an authentication bypass vulnerability, CVE-2022-40684, that could allow remote attackers access to the administrative interface...
Microsoft could not patch this vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Microsoft released patches for 44 vulnerabilities on November 9th. CVE-2021-41379 was among them. However, installing this patch does not completely eliminate the vulnerability. An exploit for a new Windows zero-day local...
Have you patched the vulnerabilities in Microsoft Exchange Server?
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Microsoft Exchange Server vulnerabilities have been officially patched for five months now. These vulnerabilities are actively exploited by multiple threat actors named DeadRinger. DeadRinger has been affecting the...
The ESXiArgs ransomware attack is targeting VMware ESXi servers globally
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A global ransomware attack, known as ESXiArgs, is affecting servers using VMware ESXi hypervisors version 6.x prior to 6.7 due to a vulnerability CVE-2021-21974 caused by a heap overflow issue in the Ope...
Critical Vulnerabilities in Multiple Atlassian Products being exploited-in-wild
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Atlassian has released patches to address a critical security flaw, being tracked as CVE-2022-26138 involving the usage of hard-coded credentials in the Questions For Confluence app for Confluence Server...
Three zero-days addressed in Microsoft’s May 2022 Patch Tuesday
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 74 vulnerabilities in their May 2022 Patch Tuesday Security Update. Three of them are zero-days, and one is being exploited in the wild. The LSA Spoofing vulnerability CVE-2022-26925 is actively exploited i...
Russian threat actors leveraging misconfigured multifactor authentication to exploit PrintNightmare vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have issued an alert for enterprises that Russian state-sponsored cyber attackers have obtained network access by exploiting...
Unveiling The TunnelCrack VPN Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The Tunnelcrack vulnerabilities are a set of four vulnerabilities that affect most VPN products. The vulnerabilities affect the way that VPNs handle certain ciphers, which are algorithms used to...
Weekly Threat Digest: 21 – 27 March 2022
For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 340 10 5 53 24 84 The fourth week of March 2022 witnessed the discovery of 340 vulnerabilities out of which 10...
APT Earth Kitsune delivers new WhiskerSpy malware via watering hole attack
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Earth Kitsune, an advanced persistent threat APT actor known for targeting individuals interested in North Korea, also China, Brazil, and Japan and has been found to be using a new backdoor called...
Weekly Threat Digest: 4 – 10 April 2022
For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 438 3 3 53 16 54 The second week of April 2022 witnessed the discovery of 438 vulnerabilities out of which 3 gaine...
VMware products impacted by an authentication bypass vulnerability and other flaws
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary VMware has addressed multiple vulnerabilities, including an authentication bypass CVE-2022-31656, remote code execution CVE-2022-31658, CVE-2022-31659, and CVE-2022-31665, and many more flaws...
Unpatched zero-day vulnerabilities of Microsoft Exchange Server
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft Exchange Server has two unpatched zero-day vulnerabilities. One of them is a Server-Side Request Forgery SSRF vulnerabilityCVE-2022-41040, while the second is a remote code execution RCE...
Are you a victim of the Conti Ransomware?
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Conti Ransomware targets enterprises who have not patched their systems by exploiting old vulnerabilities. Conti Ransomware steals sensitive information from businesses and demands a ransom in exchange. CISA has issued a...
Text2Shell: Vulnerability like Log4Shell in Apache Common Texts
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new vulnerability in Apache Commons Text has been named text2shell. The vulnerability allows unauthenticated attackers to remotely execute code on servers running affected applications. Due to t...
Microsoft released patch for actively exploited spoofing vulnerability
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Microsoft AppX has a spoofing vulnerability that has been assigned CVE-2021-43890. Attackers are taking advantage of this critical vulnerability by deploying well-known malwares such as Emotet, Trickbot, and Bazaloader. Thi...
Muhstik botnet adds another vulnerability exploit to its arsenal
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Muhstik malware has begun attacking Redis Servers by exploiting a recently reported vulnerability, CVE-2022-0543. This flaw can be found in several Redis Debian packages. The attack began on March 11, 2022, and was carried out...
Grafana releases an emergency patch for a Zero-Day vulnerability
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A vulnerability in Chrome and Microsoft Edge Chromium-based exists as a result of a use-after-free Grafana, a database analyzing, and monitoring tool used by major companies has been affected by a high severe zero-day...
Microsoft’s Patch Tuesday Security Updates for November
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. For the month of November, Microsoft has reported a total of 55 vulnerabilities, 6CVE-2021-38666, CVE-2021-26443, CVE-2021-42279, CVE-2021-42298, CVE-2021-42316, CVE-2021-3711 of which have been rated critical. Four...
Vulnerabilities & Threats that Matter 08 – 14th Aug
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 563 14 3 69 08 71 For a detailed threat digest, download the pdf file here Summary The second week of August 2022 witnessed the discovery of 563 vulnerabilities out of whi...
Two actively exploited vulnerabilities affect multiple VMware products
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Multiple vulnerabilities have been discovered in VMware products. Two of these have been exploited in the wild. The first zero-day vulnerability, CVE-2022-22954, is a server-side template injection flaw. An attacker could...
Weekly Threat Digest: 28 March – 3 April 2022
For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 500 7 3 27 16 46 The fourth week of March 2022 witnessed the discovery of 500 vulnerabilities out of which 7 gaine...
AvosLocker Ransomware group has targeted 50+ Organizations Worldwide
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency released threat advisories on AvosLocker Ransomware. It is a Ransomware as a Service RaaS affiliate-based group that has targeted 50+...