1589 matches found
Buffer Overflow vulnerability in FreeBSD
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in FreeBSD ping has been discovered that could allow remote code execution. A remote host can trigger the memory safety bug, causing the ping program to crash. Ping runs inside a...
Attackers target Telecommunications sector to gain network access
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary To gain initial access, the adversary used social engineering to impersonate IT, staff, using phone calls, SMS, and/or Telegram. When the adversary gains access to the target environment, it performs...
Recent Lazarus campaign leveraged Crypto App to spread AppleJeus malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus Group threat actor was noticed employing fake cryptocurrency apps as a ruse to transmit a previously unidentified version of the AppleJeus malware masquerading as malicious Microsoft Office...
Why Organizations Need Continuous Threat Exposure Management
...
Actors, Threats and Vulnerabilities 28 November – 4 December 2022
...
Google Chrome’s ninth zero-day in 2022
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary CVE-2022-4262 is the fourth actively exploited type confusion bug in Chrome addressed by Google and the ninth zero-day flaw exploited in the wild in 2022. The bug exists as a result of a type...
Multiple Ransomware groups targets open RDP Ports
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Many ransomware attacks are being launched against exposed Remote Desktop services by Threat Actors. At present, five ransomware families are attacking open RDP ports...
Do you know about an emerging new infostealer malware named DockLogs
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DuckLogs is a new info-stealing malware variant, which is sold as Malware-as-a-Service MaaS product. It captures and exfiltrates data from infected PCs such as credentials, cookies, crypto wallets, brows...
Summary of Vulnerabilities & Threats: November 2022
...
Google addressed an array of bugs with Chrome 108
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chromes latest stable channel update for Windows, Mac, and Linux fixes several vulnerabilities. There are eight high-severity security flaws and 14 medium-severity flaws. The most significa...
Chinese cyber espionage hackers target Southeast Asian firms
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary UNC4191, a threat actor with a suspected China affiliation, has been linked to a series of espionage assaults primarily in Southeast Asia that use USB sticks as an initial infection vector. A variety of...
How ScarCruft APT group enhances its toolkit with a powerful Dolphin backdoor
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ScarCurft aka Reaper, APT 37, Ricochet Chollima is North Korean espionage group, active since 2012. ScarCruft has targeted South Korea Newspaper with a watering hole attack in the last year. In this...
Adversaries strike critical Windows IKE flaw in the “Bleed You” campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An active "Bleed You" campaign is leveraging a critical RCE CVE-2022-34721 vulnerability in Windows Internet Key Exchange IKE Protocol Extensions to assist subsequent malware and ransomware assaults and...
A new strain of Punisher ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the Punisher ransomware is spreading via phishing website that delivers ransomware disguised as a COVID tracking application. Punisher Encryptor is a .NET binary that runs on Windows...
Actively Exploited Zero-Day Bug in Chrome
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary CVE-2022-4135 is a high-severity heap buffer overflow issue that affects the GPU component. The fault is caused by a boundary error in the GPU while processing untrusted HTML input. An attacker wh...
Actors, Threats and Vulnerabilities 21 – 27 November 2022
...
A new RansomExx ransomware strain revised in Rust
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary RansomExx is a ransomware variant that operates on a ransomware-as-a-service RaaS model and has been active since it first appeared in 2018 as Defray777. The latest version, dubbed RansomExx2 by threat...
Black Basta Ransomware Invades US Firms with Qakbot Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In this latest spear-phishing campaign, the Black Basta ransomware gang employed QakBot malware, aka QBot or Pinkslipbot, to acquire an initial point of entry and migrate laterally through an organizatio...
Rise in new Royal Ransomware attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Royal Ransomware is a new form of ransomware used as a service in early 2022, with the objective of gaining access to a victims environment, encrypting all their files, and extorting a ransom in orde...
Arab countries are being targeted by multiple malware families
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Malicious actors have already begun World Cup-themed phishing attacks targeting specific organizations partnered with the tournament are more vulnerable victims in Arab countries. The goal of such assaul...
Aurora Botnet evolves into a Stealer
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Aurora was first discovered in Russian-speaking underground forums and was capable of stealing, downloading, and gaining remote access. A threat actor by the name of Cheshire is selling this...
Atlassian Addresses Issues in Crowd and Bitbucket Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Atlassian has two security holes that can be abused to allow arbitrary code execution. CVE-2022-43782 allows an intruder connecting from an IP address on the allow list to authenticate as the crow...
Chinese APT Earth Preta runs spearphishing campaigns
Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary Earth Preta, an APT gang, staged a large-scale cyber espionage campaign in which the malware was transmitted via spear-phishing emails. The actors use various strategies to avoid detection and analysis,...
How Continuous Threat Exposure Management can Secure the Finance Sector
...
Vulnerabilities & Threats that Matter 14 – 20 November 2022
...
RapperBot Campaign Launches DDoS Attacks on Game Servers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The new RapperBot malware version creates a botnet capable of launching Distributed Denial of Service DDoS attacks. The latest version can launch Telnet brute-force strikes, DoS attacks using the Generic...
Heimdal addresses multiple vulnerabilities in v7.7.1
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Heimdal has addressed bugs in Heimdal KDC. A remote intruder can use unwrap des3 to induce a buffer overflow in Heimdal GSSAPI, leading to a denial of service or remote code execution on the host...
RCE flaw in F5 BIG-IP and BIG-IQ
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two security flaws in F5 BIG-IP and BIG-IQ can be exploited to enable remote code execution. An adversary could get persistent root access to the devices management interface by successfully...
New Venus Ransomware Targets Healthcare industry
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Venus ransomware, also called Goodgame, has been a source of concern since August 2022. Venus ransomware is an example of the legacy ransomware model: a standalone package sold on underground markets...
Iranian hackers leveraged Log4Shell to penetrate US federal agency
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Iranian APT activity was detected on the networks of federal agencies. The intruders utilized an exploit targeting Log4Shell CVE-2021-44228 to install XMRig crypto mining software on an unpatched VMware...
Typhon Stealer back with new variant named Typhon Reborn
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Typhon Stealer, a malware who became widely known for its capabilities to steal crypto wallets, monitor keystrokes, and evade antivirus programs, became widely known in early August 2022. Soon after, the...
The DTrack Backdoor campaigns aimed European organizations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DTrack, a malware developed by the Lazarus group is a flexible backdoor that unloads malware in stages. It is dispersed with filenames that are routinely used in legitimate executables. The backdoor is...
Billbug returns after two years to conduct an espionage campaign
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary After being widely active in the year 2018-2019, Billbug, a Chinese state-sponsored group, is back after almost two years. They have been attacking multiple government agencies in an Asian country since...
BumbleBee leverages Zerologon to get Domain Controller Access
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Since May 2022, threat actors are leveraging BumbleBee as an initial vector from a Contact Forms campaign. The intrusion started with the delivery of an ISO file that contained an LNK and a DLL. Using...
BATLOADER- Evasive Malware leverages SEO poisoning
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary "BatLoader" dropper is used to dispense a range of malware tools on victim devices, including a banking Trojan, an information stealer, and the Cobalt Strike post-exploit toolkit. BatLoader malware actor...
KmsdBot Cryptominer Targets the Gaming Industry
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary KmsdBot is Golang-based malware that leverages the Secure Shell SSH cryptographic protocol to obtain access to targeted systems to mine cryptocurrencies and carry out distributed denial-of-service DDoS...
FRwL destroys data with Somnia to disrupt operations in Ukraine
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary FRwLFrom Russia with Love group, tracked as UAC-0118 uses a fake website to trick Ukrainian organization employees into downloading the Advanced IP Scanner software. Upon installation, the system is...
Vulnerabilities & Threats that Matter 07 – 13 November 2022
...
Citrix Addresses Auth bypass Flaws Affecting ADC and Gateway Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Citrix has addressed bugs in Citrix ADC and Citrix Gateway. A remote intruder could exploit either of these flaws to obtain control of a susceptible system. To successfully exploit the vulnerabili...
Google addressed several flaws with Chrome 107
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chrome addresses multiple vulnerabilities in its latest stable channel update for Windows, Mac, and Linux.The Use-After-Free UAF issue is responsible for four of the six Chrome...
Earth Longzhi: New subgroup of APT41
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Earth Longzhi is running a spearphishing campaign to infect organizations with a payload such as Cobalt Strike loader, Symatic loader, CroxLoader, BigpipeLoader, OutLoader, and other custom hacking tools...
Apple addresses the macOS code execution flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary MacOS Ventura contains two security flaws that can be exploited to cause an integer overflow and execute arbitrary code. The CVE-2022-40303 vulnerability exists as a result of an integer overflow ...
Authentication Bypass Vulnerabilities in VMware Workspace ONE Assist
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Several security vulnerabilities exist in VMwares Workspace ONE Assist solution, some of which can be exploited for authentication bypassing to gain admin-level access. A vulnerability in VMware...
Microsoft addressed ProxyNotShell with November Patch Tuesday
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft addressed six zero-day vulnerabilities in this patch Tuesday, along with other significant vulnerabilities that could lead to Remote Code Execution, Information Disclosure, and Denial of...
New Azov Ransomware can wipe 666 bytes data at a stretch
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The new Azov Ransomware can wipe 666 bytes of data at a time. The Azov wiper destroys victims data on purpose and infects other applications by dropping a fake pirated software...
Vulnerabilities & Threats that Matter 31 October- 06 November 2022
...
Ransomware Black Basta uses tools related to FIN7
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Black Basta is deploying a ransomware payload by exploiting Microsoft flaws and using an Endpoint Detection and ResponseEDR defense evasion tool created by FIN7. Black Basta is a relatively new ransomwar...
Summary of Vulnerabilities & Threats: October 2022
...
Indian Government targeted by APT-36
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT 36, also known as Transparent Tribe, is an information theft and espionage gang that was last active in mid-July 2022. Recently, invasive advertising and the data exfiltration tool LimePad were used t...
Threat actors buy new BlueFox Stealer to exfiltrate data
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Russian-speaking user named distamx has been selling BlueFox Stealer as malware-as-a-service since December 2021. A subscription to the customizable malware costs $350 per month on underground forums...