Exploitation of Follina leads to takeover of domain controller

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The recent incident is related to TA570, wherein the attackers exploited the Follina vulnerability CVE-2022-30190 to compromise the Domain Controller and eventually gain access to confidential files...

APT10 distributes LODEINFO malware to deploy infection chains

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The APT 10 cyber espionage gang has been spotted adopting a new stealthy infection chain to deploy the LODEINFO backdoor shellcode to exfiltrate sensitive information to Command and Control C2...

Patch available for pre-announced Critical Vulnerability in OpenSSL

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary OpenSSL has released the Patch for the pre-announced critical vulnerability. In the announcement the severity of the vulnerability was Critical based on the fact that it can lead to RCE but after...

Privilege Escalation in VMware spring-security

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in VMwares Spring Security affects the mapping of permitted scope in spring-security-oauth2-client, allowing privilege escalation...

Vulnerabilities & Threats that Matter 24-30 October 2022

...

Google Chrome’s seventh zero-day of 2022

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability has been discovered in Google Chrome versions prior to 107.0.5304.87. A type of confusion vulnerability tracked as CVE-2022-3723 is the seventh zero day of 2022 and is sai...

LV Ransomware Exploited ProxyShell to target Jordan

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LV ransomware as a service has been active since late 2020 The most recent infiltration entailed the compromise of the corporate environment of a Jordan based entity, leveraging the double extortion...

WHAT YOU SHOULD KNOW: Patch OpenSSL 3.x

...

What can you do about the critical vulnerability in OpenSSL 3.0

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary OpenSSL has a critical vulnerability that affects all the versions from 3.0 to 3.0.6. Due to the criticality of the vulnerability, OpenSSL has pre-announced the security update for security teams ...

Threat Actors launch a campaign to exploit vulnerability in Fortinet

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Tailgate campaign is currently being carried out by the threat actors Hafnium and OilRig. The goal of this campaign is to exploit vulnerabilities in Fortinet. Recently discovered vulnerability...

VMware Cloud Foundation has a significant RCE flaw

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A Remote Code Execution RCE vulnerability through the XStream open-source library tagged as CVE-2021-39144 in the VMware Cloud Foundation, which is a hybrid cloud platform for hosting enterprise...

Stranger Strings: A 22-year-old vulnerability in SQLite

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in the SQLite library API has been assigned CVE-2022-35737, which could allow an attacker to crash or control programs...

Lazarus neutralizes antivirus software using BYOVD technique

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Lazarus group exploits known vulnerabilities within Dream Securitys MagicLine4NX and INITECH INISAFE CrossWEB EX V3 by utilizing Bring Your Own Vulnerable Driver BYOVD technique to neutralize an...

SideWinder APT group’s new arsenal named WarHawk

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The SideWinder APT gang operates espionage campaigns against government, military, and business sectors throughout Asia, primarily Pakistan, by employing the WarHawk backdoor to exfiltrate vulnerable syst...

Vulnerabilities & Threats that Matter 17-23 October 2022

...

US healthcare organizations targeted by Daixin Team ransomware

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Daixin Team ransomware, and data extortion group has been gaining initial access to victims through virtual private networks VPN servers since June 2022, either by exploiting an unpatched vulnerability in...

LDR4 is a new Ursnif variant

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In June 2022, a new aspect of the URSNIF malware was identified. Unlike prior URSNIF iterations, this new variation, code named LDR4, is a backdoor designed to facilitate operations such as ransomware an...

The Spyder Loader malware targets organizations in Hong Kong

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Spyder Loader malware was first publicly documented in March 2021. The recent Spyder Loader malware campaign appears to have had the ultimate goal of information theft, and the threat actor behind th...

Text2Shell: Vulnerability like Log4Shell in Apache Common Texts

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new vulnerability in Apache Commons Text has been named text2shell. The vulnerability allows unauthenticated attackers to remotely execute code on servers running affected applications. Due to t...

Threat exposure management: the answer to 21st century cyber-security challenges

...

How Continuous Threat Exposure Management (CTEM) can secure the Healthcare Sector

...

Vulnerabilities & Threats that Matter 10-16 October 2022

...

Summary of Vulnerabilities & Threats: September 2022

...

Prestige Ransomware impacts transportation industry in Ukraine and Poland

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Prestige Ransomware is using already-gained ADMIN access to target organizations in Ukraine and Poland by deploying its payload. The activity has been associated with DEV-0960...

WIP19 targets IT service providers and telcos with custom malware

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary WIP19, a Chinese APT group is using legitimate and stolen certificates to sign malware, such as SQLMaggie, ScreenCap, and a credential dumper which it then used to target telecommunications and IT service...

Budworm Attackers Return with New Espionage Strikes Against the United States

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Budworm espionage group exploited Log4j vulnerabilities to jeopardize the Apache Tomcat service by integrating several custom and publicly available tools to exfiltrate sensitive information...

Security flaws in multiple Adobe products

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Adobe has issued security upgrades to address a number of vulnerabilities in its products. An attacker can use some of these flaws to gain control of a vulnerable system...

Google releases Chrome 106 to address Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chrome addresses multiple vulnerabilities with its latest stable channel update for Windows, Mac, and Linux...

VMware could not fix a vulnerability that has been disclosed for eleven months

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware disclosed a vulnerability in November 2021 that has not been fixed as of October 2022. VMware initially patched this vulnerability, but later discovered that it did not fix it. The...

Earth Aughisky uses a new set of malware

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Earth Aughisky, a well-known cyber espionage group is exploiting legitimate accounts, software, applications, and other weaknesses by conducting a spearphishing campaign to disrupt everyday activities of...

Did Patch Tuesday address the zero-day flaw in Microsoft Exchange

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft addresses two new zero-day vulnerabilities tracked under CVE-2022-41033, an Elevation of Privilege vulnerability exploited in the wild. CVE-2022-41043 is an Information Disclosure...

The surge of cryptojacking campaigns

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Recent cryptojacking campaigns disclosed that intruders exploited DLL Side-Loading issues in Microsoft OneDrive by writing a fake secur32.dll file to establish persistence and operate undetected on...

POLONIUM employs backdoors to target Israel

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary POLONIUM is a cyber espionage gang that leverages OneDrive and Dropbox cloud services for command and control C&C by employing a custom toolkit that includes seven backdoors and various spying modules to...

Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The active exploitation of an unpatched CVE-2022-41352 remote code execution RCE vulnerability found in the Zimbra Collaboration Suite ZCS. It empowers attackers to upload arbitrary files and...

Vulnerability in Fortinet allows authentication bypass

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary FortiOS and FortiProxy has an authentication bypass vulnerability, CVE-2022-40684, that could allow remote attackers access to the administrative interface...

Eternity Threat group is actively evolving its malware arsenal

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Eternity threat group also known as Eternity Team or Eternity Project, a Russian "Jester Group"-affiliated threat group, has been active since at least January 2022. Eternity uses a...

BlackByte uses a new attack technique to target vulnerable Windows drivers

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary BlackByte Ransomware is leveraging a security flaw in a legitimate Windows driver to conduct a new bring your own vulnerable driver BYOVD attack...

Unpatched zero-day vulnerabilities of Microsoft Exchange Server

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft Exchange Server has two unpatched zero-day vulnerabilities. One of them is a Server-Side Request Forgery SSRF vulnerabilityCVE-2022-41040, while the second is a remote code execution RCE...

Sophos Zero-day vulnerability becomes target for attackers

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in the User Portal and WebAdmin of Sophos Firewall has been tracked as CVE-2022-3236. This vulnerability is been used by some unknown attackers to target organizations in...

Vulnerabilities & Threats that Matter 19 – 25 September

...

Vulnerable Atlassian Confluence Servers utilized to drop Crypto Miners

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Atlassian Confluence Servers CVE-2022-26134, an unauthenticated remote code execution RCE vulnerability that was recently patched, is being used by adversaries to deploy cryptocurrency mining malware...

Zero-day vulnerability in Windows terminal management tool gets a hotfix

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft Endpoint Configuration Manager MECM has a spoofing vulnerability that allows remote attackers to access sensitive data. The zero-day vulnerability has been identified as CVE-2022-37972...

Zero-day vulnerability in Windows terminal management tool gets a hotfix Date

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft Endpoint Configuration Manager MECM has a spoofing vulnerability that allows remote attackers to access sensitive data. The zero-day vulnerability has been identified as CVE-2022-37972...

Zero-Day vulnerability in WPGateway Plugin compromises WordPress sites

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The recently uncovered CVE-2022-3180 zero-day vulnerability allows an unauthenticated attacker to add an administrator account to WPGateway-powered websites. WPGateway is a commercial plugin that...

Kinsing malware continues to exploit these two-year-old vulnerabilities

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Malicious actors are exploiting these two-year-old remote code execution vulnerabilities in Oracle WebLogic Server to deploy Kinsing malware...

UNC4034 slips in a backdoor with trojanized PuTTY

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary UNC4034, a North Korean threat actor, uses a fake job posting to trick victims into downloading a trojanized version of PuTTY. When the malicious PuTTY binary is executed on the host, a backdoor named...

Summary of Vulnerabilities & Threats: August 2022

...

Summary of Vulnerabilities & Threats: July 2022

...

Vulnerabilities & Threats that Matter 12 – 18 September

...

Zero-day vulnerability uncovered in Trend Micro Apex One

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability, along with several other issues, has been addressed by Trend Micro. It has been identified as CVE-2022- 40139 and could allow attackers to execute remote code...