1589 matches found
SparklingGoblin Revamps SideWalk Backdoor for Linux Variant
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SparklingGoblin aka Earth Baku State-backed Chinese hackers has integrated a Linux variant of the SideWalk backdoor. SparklingGoblin Threat actors typically target East and Southeast Asian countries, wit...
Unknown Iranian attackers leverage vulnerabilities to conduct ransom operations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Iranian government-sponsored actors carry out malicious cyber activities against a wide range of people and entities in the United States, Australia, Canada, and the United Kingdom by using known...
Multiple Iranian actors have launched attacks against the Albanian government
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Threat actors acting on behalf of the Iranian government launched a devastating attack that knocked the Albanian governments websites and public services down. Each stage of the attack was carried out by...
Monti ransomware infiltrates networks via the well-known Log4Shell
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Monti ransomware infiltrated the clients internet-facing VMware Horizon virtualization system by exploiting the well-known "Log4Shell" vulnerability, a.k.a. CVE-2021-44228. Furthermore, the threat...
Microsoft busts an actively exploited zero-day and several critical flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft addressed a zero-day vulnerability identified as CVE-2022-37969, an Elevation of Privilege vulnerability, in addition to a broad array of other significant flaws that might lead to Remot...
Zero-day Vulnerability in the WordPress BackupBuddy Plugin
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in the BackupBuddy WordPress plugin is being actively exploited. There are an estimated 140,000 active installations of the plugin, and the arbitrary file download/read...
Two Zero-day vulnerabilities in macOS BigSur
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple addresses ten vulnerabilities, two of which are actively exploited. The vulnerabilities have been assigned CVE-2022-32917 and CVE-2022-32894 and could allow an attacker to execute arbitrary...
Vulnerabilities & Threats that Matter 05 – 11 September
...
Dangerous Savanna campaign attacked African financial institutions
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary For the past two years, a malicious campaign known as DangerousSavanna has been targeting various financial service firms in Africa. The attackers use spear-phishing to infiltrate financial institution...
How Continuous Threat Exposure Management helps the Telecom sector defend against cyber threats
...
Is APT 42 a significant threat in the future?
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT42 is an Iranian state-sponsored cyber espionage group. The gang, which has been operating since at least 2015, is distinguished by its highly targeted spear phishing and surveillance operations...
Lazarus deploys new attack tool, MagicRAT to target organizations worldwide
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Lazarus, a North Korean threat actor, compromises vulnerable VMware Horizon servers and deploys MagicRAT, a new remote access tool developed by the attackers. MagicRAT creates scheduled tasks on...
Worok cyber-espionage gang preys on high-profile Asian businesses and governments
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Worok, a newly uncovered cyber-espionage gang, has been targeting governments and high-profile companies in Asia since at least 2020 using a combination of unique and existing harmful tools. This group of...
Hive Pro bolsters its leadership team, charting a course for global growth.
...
Vice Society actors target K-12 institutions in US
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Vice Society is an extortion hacking group that emerged in the summer of 2021. The Vice Society does not use a specific ransomware variant. Instead, they used variants of Hello Kitty, Five Hands, and...
Novel remote access trojan CodeRAT uncovered
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CodeRAT is a remote access trojan RAT. The malicious operation, which appears to have originated in Iran, employed a Word document with a Microsoft Dynamic Data Exchange DDE exploit to target...
Google Chrome browser suffers from another zero-day vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary There is a vulnerability in the Chrome browser, identified as CVE-2022-3075, that is actively exploited in the wild...
Vulnerabilities & Threats that Matter 29 August – 04 September
...
Chile government’s Windows and Linux servers hit by RedAlert ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Chilean Ministry of Interior asserted that RedAlert ransomware aka N13V attack had disrupted the operations and online services of a government agency in the country. In classic double-extortion...
Multiple vulnerabilities addressed by Google with Chrome 105
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chrome addresses multiple vulnerabilities in its latest stable channel update for Windows, Mac, and Linux...
APT40 deployed ScanBox malware to target the Australian government
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT 40 is a Chinese cyber espionage group, using phishing campaigns to target Australian government institutions and wind turbine operators in the South China Sea by directing selected individuals to a...
Moisha Ransomware spotted launching highly targeted attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Moisha ransomware based on .Net was first mentioned in mid-August, along with the PTMOISHA team, the threat actor behind it. This ransomware was developed to carry out very targeted attacks, as indicated...
RCE flaw resides in the Atlassian Bitbucket Server and Data Center
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Atlassian has patched a significant security hole in Bitbucket Server and Data Center, which could allow attackers to execute arbitrary code on susceptible systems. The vulnerability is identified...
MuddyWater targets Israeli organizations by exploiting unpatched log4j vulnerabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MuddyWater, an Iranian threat actor, exploits Log4j two vulnerabilities in SysAid applications to target Israeli organizations. As soon as the attacker gains access to the targeted organization, it...
Vulnerabilities & Threats that Matter 22 – 28th Aug
...
You’re never going to be able to fix every security vulnerability, but knowing where to start helps
Milpitas, California, August 29, 2022 -- IT security operations, risk management and infrastructure teams face a daily challenge: do more with less. And in the face of increasing threats from cybercriminals and exponentially expanding attack vectors, teams are going to have to turn to intelligent...
Kimsuky targets South Korean entities with phishing campaign
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary As of 2010, Kimsuky has targeted the governments, think tanks, media, and education entities of the United States and South Korea. Early in 2022, a new attack cluster GoldDragon was observed targeting med...
Healthcare industry tore down by Karakurt ransomware group
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Karakurt ransomware group is a recent addition to the list of cybercriminal gangs, with reports of its first appearance in late 2021. Since June 2022, the recent attacks have had an impact on the US...
DarkTortilla crypter is set to become a formidable threat
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DarkTortilla is a sophisticated and highly configurable .NET-based crypter that has been active since at least August 2015. The malware is popular for the deployment of remote access trojans RATs, target...
Iranian APT’s new data extraction tool Hyperscrape
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Charming Kitten, an Iranian government-backed threat group, has been employing a new data extraction tool, HYPERSCAPE. It has been used to retrieve data from Microsoft Outlook, Yahoo, and Gmail accounts...
Input validation flaw in GitLab’s Community and Enterprise Software
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A remote code execution vulnerability that affects GitLab Community Edition CE and Enterprise Edition EE has been identified as CVE-2022-2884. It can be exploited using the GitHub import API, However it...
Grandoreiro Banking Trojan Attacks Industries in Spanish-Speaking Countries
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Grandoreiro banking trojan is a campaign that has been active since at least 2016 and targets a variety of businesses in Mexico and Spain, including automotive, chemical production, and others. Threat actors...
Denial of service vulnerability in PAN OS exploited in the wild
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The URL filtering policy misconfiguration in PAN-OS leads to a vulnerability that could allow an unauthenticated remote attacker to conduct distributed denial-of-serviceDDoS attacks. This vulnerability h...
Multiple industries targeted by uptick of BianLian ransomware
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Attackers are gravitating to deliver BianLian, a new ransomware strain written in Go that was spotted mid-way through July 2022. Numerous well-known enterprises have been targeted, including those in...
Vulnerabilities & Threats that Matter 15 – 21th Aug
...
Iranian-linked hacker group victimized Israel’s shipping industry
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Iranian threat group UNC3890 used social engineering lures and a watering hole to jeopardize Israels shipping, government, energy, aviation, and healthcare sectors. This campaign has been running since at least...
Two zero-day vulnerabilities in macOS when chained can take over the entire system
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Two zero-day vulnerabilities have been discovered in Apple macOS. Both could allow an attacker to execute arbitrary code. These new issues bring the total number of zero-day vulnerabilities discovered in...
Chrome’s zero-day flaw allows arbitrary code execution
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A vulnerabilityCVE-2022-2856 in Google Chrome, has been exploited in the wild. Additionally, Chrome has addressed several other use-after-free vulnerabilities in multiple components, including FedCM,...
Unknown Attackers exploit several vulnerabilities in Zimbra Collaboration Suite
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The Zimbra Collaboration Suite ZCS email servers experienced multiple breaches between July and early August 2022. The exploitation of CVE-2022-27925, a remote-code-execution RCE vulnerability in ZCS, was most...
APT-C-35 infection chain adds novel Windows framework modules
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary APT-C-35 is an advanced persistent threat actor that has been active since 2016. The gang has upgraded its Windows spyware architecture, dubbed YTY, Jaca. They target South Asian government and military...
Vulnerabilities & Threats that Matter 08 – 14th Aug
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 563 14 3 69 08 71 For a detailed threat digest, download the pdf file here Summary The second week of August 2022 witnessed the discovery of 563 vulnerabilities out of whi...
BlueSky ransomware incorporates Multithreading to expedite encryption
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary BlueSky ransomware is actively targeting businesses and demanding a ransom. It appears that they have ties with the Conti ransomware group. The malware is now primarily targeting Windows hosts and uses...
Zeppelin ransomware target organization in Europe and USA
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Zeppelin, the newest member of the Delphi-based Vega ransomware family, has been quite clever in meticulously tailoring these ransomware operations. Zeppelin, first identified in 2019 as ransomware-as-a-service...
Who is behind the Cisco attack?
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Cisco has revealed that they have faced a breach carried out by threat actors, the UNC2447, the Lapsus$, and the Yanluowang ransomware gang. They stole around 2.8 GB of data, which included non-disclosure...
Zero-day vulnerability leveraged to deploy Cuba Ransomware
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The threat actors behind the Cuba ransomware have stepped up their game by using a new Remote Access Trojan called ROMCOM and weaponizing a local privilege escalation vulnerabilityCVE-2022-24521. A wide range o...
Microsoft tackles DogWalk zero-day vulnerability and multiple privilege escalation vulnerabilities
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Microsoft Patch Tuesday addresses CVE-2022-34713, also known as DogWalk, as well as numerous issues affecting Microsoft Exchange Server, Microsoft Windows Support Diagnostic Tool MSDT, Windows Print...
Industrial Spy trades stolen data on dark web Marketplace
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Since March 2022, Industrial Spy ransomware, a new menace in the threat environment, has been stealing and selling data on the dark web marketplace and conducting double extortion attacks, combining data theft...
Iranian threat actor targets the Albanian government using ROADSWEEP ransomware
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary A cyberattack that took place in mid-July momentarily disrupted various Albanian government services and websites and was most likely the work of Iranian hackers. The attack used a new ransomware family called...
Vulnerabilities & Threats that Matter 01 – 07th Aug
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 461 12 1 60 30 26 For a detailed threat digest, download the pdf file here Summary The first week of August 2022 witnessed the discovery of 461 vulnerabilities out of whic...
Woody RAT leverages Follina to target Russia
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The unknown threat actor employs the Woody RAT to spear-phish Russian organizations. The malware was distributed via archive files and later switched to Microsoft Office documents leveraging the now-patched...