Manjusaka – Cybercriminal’s new attack framework weapon

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Manjusaka is a new attack framework that mimics Cobalt Strike and Sliver. The new malware family implants are written in the Rust programming language and are compatible with Windows and Linux. The command and...

The current cybersecurity challenge: All the threat data in the world, but no idea how to leverage it

Milpitas, California, August 05, 2022 -- Organizations today are facing a deluge of automated cybersecurity threats that are increasing exponentially every day, not only in velocity but in variety and complexity. This makes it virtually impossible for organizations to address every vulnerability...

VMware products impacted by an authentication bypass vulnerability and other flaws

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary VMware has addressed multiple vulnerabilities, including an authentication bypass CVE-2022-31656, remote code execution CVE-2022-31658, CVE-2022-31659, and CVE-2022-31665, and many more flaws...

LockBit 3.0 makes a comeback by exploiting Log4j

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary LockBit 3.0 LockBit Black, a new variant of LockBit Ransomware, is deploying Cobalt Strike beacons on compromised systems by exploiting the Windows Defender command line tool and Log4j in VMware Horizon...

Vulnerabilities & Threats that Matter 25 – 31st July

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 462 7 4 52 22 64 For a detailed threat digest, download the pdf file here Summary The Last week of July 2022 witnessed the discovery of 462 vulnerabilities out of which 7...

KNOTWEED exploits zero-days to target US and Europe

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary KNOTWEED, an Austria-based private-sector offensive actor PSOA, are exploiting 0-day vulnerabilities of Windows and Adobe to perform targeted attacks against European and Central American customers by using thei...

APT37 employs Konni malware to target high-level organizations

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary The Konni remote access trojan, which is widely used malware by the APT37, is used in the attack campaign to take advantage of high-value targets from countries like the Czech Republic, Poland, and many others...

Evilnum strikes commodities and cryptocurrency Forum

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary In recent campaigns, the Evilnum actor group has targeted the Decentralized Finance DeFi sector using Evilnum Malware. The latest iteration of Evilnum backdoor employs a diverse set of ISO, Microsoft Word, and...

Hive Pro Welcomes Pierre Noel as New Chief Information Security Officer

New CISO to Support Growth Milpitas, California, July 28, 2022 -- Hive Pro, a cyber security company specializing in Cyber Threat Exposure Management, has appointed Pierre Noel as its new Chief Information Security Officer CISO. He has been hired with the vision of supporting growth in the compan...

Spyware Group Candiru exploits Chrome Zero-Day to Target Middle East

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary CandiruSaito Tech spyware used the recently fixed CVE-2022-2294 Chrome zero-day in assaults on journalists, with a substantial portion of the attacks taking place in Lebanon. This recently patched vulnerability...

Shell Command Injection Vulnerability found in Apache Spark

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Apache Spark recently disclosed a weakness, CVE-2022-33891, which would allow threat actors to execute arbitrary shell commands as a Spark...

Revamped version of Redeemer Ransomware has been uncovered on Dark Web Forums

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary A new version of the free Redeemer ransomware has been discovered on hacker forums, providing inexperienced threat actors with an easy entry into the field of encryption-backed extortion campaigns. The new 2.0...

APT29 utilizes cloud storage service to deliver malicious payloads

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary APT29, a cyber espionage gang uses cloud storage services such as Google Drive and Dropbox to distribute malware to compromised systems. The gang used a phishing campaign that targeted several Western diplomatic...

Vulnerabilities & Threats that Matter 18 – 24th July

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 497 11 2 Worldwide 6 33 For a detailed threat digest, download the pdf file here Summary The third week of July 2022 witnessed the discovery of 497 vulnerabilities out of...

Critical Vulnerabilities in Multiple Atlassian Products being exploited-in-wild

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Atlassian has released patches to address a critical security flaw, being tracked as CVE-2022-26138 involving the usage of hard-coded credentials in the Questions For Confluence app for Confluence Server...

The 8220 Cryptomining Gang massively expands Cloud Botnets

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary The 8220 gang has significantly expanded their cloud bot armies around the world, targeting AWS, Azure, GCP, Alitun, and QCloud cloud service hosts. The group is being detected using a new version of the IRC...

CloudMensis Spyware Actively Targets Apple macOS Users

...

North Korean hacker group targets victims globally with Holy Ghost ransomware

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The H0lyGh0st ransomware group, also tracked as DEV-0530 have been using ransomware payloads to compromise several small to mid-sized organizations across the world...

North Korean state-sponsored actors employ Maui Ransomware to target the health care industry

...

Vulnerabilities & Threats that Matter 11-17 July 2022

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 580 37 2 World-wide 11 61 For a detailed threat digest, download the pdf file here Summary The second week of July 2022 witnessed the discovery of 580 vulnerabilities out ...

Transparent Tribe’s latest campaign targets the education sector

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Transparent Tribe, an Advanced Persistent Threat group also known as APT36 or Mythic Leopard, was discovered actively launching phishing campaigns against educational institutions and students across India. A...

Microsoft uncovers a macOS App Sandbox escape vulnerability

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Microsoft has recently discovered a vulnerability in macOS that allows third parties to bypass sandbox restrictions and execute malicious commands...

Raspberry Robin worm infects Multiple Windows Network Devices

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The Raspberry Robin worm spreads via USB devices and shared folders to infect Windows installers and QNAP devices using compromised QNAP devices as stagers. Majority of the victims in Europe are being targeted...

Adobe addresses new vulnerabilities in Adobe Acrobat and Reader

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Adobe addresses multiple critical vulnerabilities as per Adobe and has released security updates for Adobe Acrobat and Reader for Windows and macOS...

Microsoft releases updates for exploited zero-day and other vulnerabilities resulting in RCE

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Microsoft patch Tuesday addressed security updates for a Zero-day vulnerability that affects the entire operating system. The update includes bug fixes for Azure Site Recovery, Microsoft Edge...

HavanaCrypt ransomware spreads through fake google updates

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary HavanaCrypt is a new ransomware that distinguishes itself as a Google software update. It evades detection using a Microsoft web hosting service IP address as the command and control C&C server...

Several bugs in Node.js lead to Remote Code Execution

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Node.js has released several fixes for vulnerabilities in the JavaScript runtime environment, which could lead to arbitrary code execution, HTTP request smuggling, DNS rebinding vulnerability and other b...

BlackCat Ransomware group implements quadruple extortion

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary The BlackCat ransomware group performs quadruple extortion techniques to pressurize victims in order to pay ransom. Recently, the ransomware group has raised its stakes up to $2.5M in demands...

OpenSSL Vulnerability leads to Remote Code Execution

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Heap Memory Corruption vulnerability in OpenSSL let attackers perform Remote Code Execution...

Zero-day vulnerability in Chrome browser being exploited-in-the-wild

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The heap buffer overflow vulnerability in chrome browser let attackers to run arbitrary code or cause denial-of-service condition...

Vulnerabilities & Threats that Matter 27 June – 03 July 2022

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 436 2 2 55 15 30 For a detailed threat digest, download the pdf file here Summary The last week of June 2022 witnessed the discovery of 436 vulnerabilities out of which 2...

MedusaLocker Ransomware is back targeting organizations in US

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Since 2019, a ransomware-as-a-service RaaS known as MedusaLocker has been seen to target organizations, mostly in the healthcare sector by exploiting Remote Desktop Protocol RDP vulnerabilities...

Vulnerability in the UnRaR leads to code execution in Zimbra

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Unrar has a path traversal vulnerability that allows an unauthenticated attacker to execute arbitrary commands as a Zimbra user and escalate privileges...

FabricScape lets attackers takeover Linux containers

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary FabricScape, a container escape vulnerability in Microsoft Service Fabric could allow an attacker to escalate privileges and compromise the cluster...

Bronze Starlight uses loader malware to deploy ransomware

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Bronze Starlight, a Chinese APT, is deploying ransomware LockFile, AtomSilo, Rook, Night Sky, and Pandora via the HUI loader malware to carry out double extortion...

Vulnerabilities & Threats that Matter 20 June – 26 June 2022

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 413 14 4 121 19 33 For a detailed threat digest, download the pdf file here Summary The last week of June 2022 witnessed the discovery of 413 vulnerabilities out of which ...

50+ firms attacked by Black Basta ransomware group

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Black Basta ransomware is a new ransomware family that has been discovered in April 2022. The group targets English-speaking countries, specifically, and has targeted approximately 50 victims in Australia, Canad...

Unknown threat groups continues to exploit Log4j in VMware Products

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary An unknown APT group is exploiting the Log4j vulnerability that is affecting VMware Horizon and Unified Access Gateway UAG servers to compromise the system and take over the entire network by deploying malware...

APT28 exploits Follina to deploy CredoMap

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Google Chrome addresses nine vulnerabilities in its latest stable channel update for Windows, Mac, and Linux...

How Threat Exposure Management Can Minimize Attack Surface

...

Google addresses new vulnerabilities in Chrome

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Google Chrome addresses nine vulnerabilities in its latest stable channel update for Windows, Mac, and Linux...

ToddyCat exploits unknown vulnerability in Microsoft Exchange servers to targets entities in Europe and Asia

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary ToddyCat, an APT group is deploying web shells by exploiting an unknown vulnerability in the Microsoft Exchange Servers. They are initiating a multi-stage infection that aims at governmental bodies in Europe and...

DriftingCloud exploits zero-day in Sophos firewall

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The Chinese APT actor DriftingCloud exploits the RCE vulnerability in Sophos firewall to take over the entire network...

New vulnerability allows attackers to takeover entire WordPress website

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary An unauthenticated attacker can call multiple methods in Ninja Forms class in order to inject objects to eventually perform Remote Code ExecutionRCE...

Vulnerability in Zimbra that steals clear-text credentials from users

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A new vulnerability in Zimbra allows an attacker to steal cleartext credentials from instances via Memcache injection. Over 200,000 users logged in can be impacted by the security flaw...

Vulnerabilities & Threats that Matter 13 June – 19 June 2022

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 798 53 1 109 4 13 For a detailed threat digest, download the pdf file here Summary The first week of June 2022 witnessed the discovery of 798 vulnerabilities out of which ...

Iranian APT targets Middle East’s Energy & Telecommunications industry

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary A new campaign has been launched by a state-sponsored Iranian APT group, Lyceum to target organizations from the Middle East in the energy and telecommunication sectors. They have been observed deploying a new...

Deserialization of untrusted data by Fastjson library leads to RCE

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Applications using the Fastjson java library are impacted by remote code execution vulnerability...

GALLIUM targets Telecommunications sector using new PingPull tool

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary A new, difficult-to-detect remote access trojan known as PingPull has been discovered and is used by GALLIUM also known as Softcell, an APT group. They have expanded by targeting telecommunications, finance and...

Attackers can bypass authentication in Cisco SMA & ESA

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary An attacker can login into a web management interface of an affected system to perform bypass authentication remotely...