Unauthenticated remote user can reset administrator password in Citrix ADM

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary An unauthorized remote user can corrupt the system which can lead to an administrator password reset to default on the next reboot...

Security updates for Adobe Animate June 2022

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Adobe has issued a security update for Adobe Animate. The update resolves a critical vulnerability at priority 3 as per Adobe that could lead to arbitrary code execution in the context of the current use...

Security updates for Adobe InCopy June 2022

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Adobe has released security updates in Adobe InCopy that address critical vulnerabilities at priority 3 as per Adobe. These vulnerabilities could lead to arbitrary code execution...

Security updates for Adobe InDesign June 2022

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Adobe has released security updates in Adobe InDesign that addresses critical vulnerabilities at priority 3 as per Adobe. These vulnerabilities could lead to arbitrary code execution on target systems, i...

Security updates for Adobe Illustrator June 2022

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Adobe has released security updates in Adobe Illustrator that addresses critical vulnerabilities at priority 3 as per Adobe. These vulnerabilities could lead to arbitrary code execution on target systems...

Microsoft addresses multiple RCE vulnerabilities in their June 2022 Patch Tuesday

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Microsoft June 2022 Patch Tuesday addressed 55 security flaws. One of them is the Follina which has been addressed in another detailed advisory. Three of them have been rated criticalas per Microsoft and...

Security updates for Adobe Bridge June 2022

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Adobe has released security updates in Adobe Bridge that address critical vulnerabilities at priority 3 as per Adobe. These vulnerabilities could lead to arbitrary code execution, arbitrary file system, ...

Follina: A zero-day vulnerability in Microsoft Office

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Microsoft has issued a patch after almost 15 days for a zero-day vulnerability identified as CVE-2022-30190 after various proof-of-concept POCs indicating that it is actively exploited became public. Security...

Drupal addresses a Guzzle third-party vulnerability

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Drupal core project addresses security flaws in a third-party Guzzle library to handle HTTP requests and responses to external services. These may not directly affect Drupal core; however, it can hav...

Stable Channel Update in Chrome for Windows, Mac and Linux

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A list of security fixes has been addressed in the latest version for Windows, Mac and Linux. There are seven security fixes of which four are high severity vulnerabilities as per Chrome. These...

Weekly Digest 30 May – 5 June 2022

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 412 24 1 45 3 13 For a detailed threat digest, download the pdf file here Summary The first week of June 2022 witnessed the discovery of 412 vulnerabilities out of which 2...

Network Providers and Devices targeted by Chinese state-sponsored actors

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The National Security Agency NSA, the Cybersecurity and Infrastructure Security Agency CISA, and the Federal Bureau of Investigation FBI have released a joint advisory to make organizations in the...

A zero-day vulnerability in Atlassian Confluence

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Cybersecurity and Infrastructure Security Agency CISA has warned organizations about a new vulnerability in Atlassians Confluence Server and Data Center. This vulnerability is actively exploited in t...

Gitlab addresses critical security vulnerabilities with newer versions

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The new versions of Gitlab address one critical and two high-security flaws as per Gitlab. Some of these vulnerabilities could be exploited by an attacker to perform a Stored Cross-Site ScriptingXSS...

How to Evolve Your Vulnerability Management to Threat Exposure Management

...

Enemybot malware expands its arsenal by exploiting well-known vulnerabilities

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary EnemyBot, a Mirai-based botnet, is expanding its arsenal by exploiting well-known vulnerabilities in log4j, VMware workspace, Spring Framework, and others. Keksec, also known as Nero and Freakout, is the threat...

Mozilla addresses security vulnerabilities in Firefox, Firefox ESR, and Thunderbird

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Mozilla has released updates that address up to eight high severity vulnerabilities as per Mozilla in Firefox, Firefox ESR, and Thunderbird. These vulnerabilities could allow an attacker to exploit the...

New Zoom vulnerabilities can compromise user devices with a single message

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Zoom has addressed four security flaws that, one of them if exploited, can compromise a user via chat by sending specially crafted Extensible Messaging and Presence Protocol XMPP messages and executing...

Weekly Threat Digest: 16-22 May 2022

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 466 6 2 26 10 27 For a detailed threat digest, download the pdf file here Summary The third week of May 2022 witnessed the discovery of 466 vulnerabilities out of which 6...

Lazarus distributes Nukesped to VMware Horizon Servers by exploiting Log4J

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Lazarus, a North Korean threat actor group, is deploying Nukesped aka Manuscrypt malware on unpatched VMware Horizon servers by exploiting the Log4J remote code execution vulnerability...

New Ransomware Group Axxes is on the rise

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Axxes ransomware is a relatively new ransomware group that appears to be a rebranded version of Midas ransomware. The H Dubai is the latest victim of the threat group, which has previously targeted the United...

RedLine InfoStealer exploits Google Chrome’s zero-day

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Summary The notorious information-gathering malware RedLine InfoStealer is stealing data from individuals and organizations such as Samsung, Zoom, Cisco, Vodafone, Jio, and Axis Bank by exploiting a two-month-old zero-day...

Vulnerabilities in VMware when chained together grants Full System Control

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Cybersecurity and Infrastructure Security Agency CISA has issued a warning to organizations about malicious actors using CVE-2022-22954 and CVE-2022-22960. This alert was published following the...

Monthly Threat Digest: April 2022

...

Weekly Threat Digest: 9-15 May 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 650 3 1 14 10 13 The second week of May 2022 witnessed the discovery of 650 vulnerabilities out of which 3 gained...

OilRig is back with another Phishing Email attack, delivering the Saitama Backdoor

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here An Iranian cyber espionage gang known as OilRig has began delivering malicious email to a Jordanian government employee at the foreign ministry. The email includes a malicious Excel sheet that installs the Saitama backdoor...

Three zero-days addressed in Microsoft’s May 2022 Patch Tuesday

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 74 vulnerabilities in their May 2022 Patch Tuesday Security Update. Three of them are zero-days, and one is being exploited in the wild. The LSA Spoofing vulnerability CVE-2022-26925 is actively exploited i...

Have you patched this actively exploited BIG-IP vulnerability?

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Last week, F5 patched a vulnerability tracked as CVE-2022-1388, soon after a successful Proof-of-conceptPoC was developed by security researchers making it susceptible to further exploitation. This authentication bypass...

Weekly Threat Digest: 18 – 24 April 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 430 5 2 Worldwide 17 46 The fourth week of April 2022 witnessed the discovery of 430 vulnerabilities out of which ...

Newly patched VMware vulnerability exploited by Iranian espionage group, Rocket Kitten

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here An Iranian cyber espionage gang known as Rocket Kitten has began delivering the Core Impact penetration testing tool on susceptible computers by exploiting a newly fixed severe vulnerability in VMware Workspace ONE...

What will be the consequence of this disputed vulnerability in 7-ZIP?

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The zero-day vulnerability in 7- Zip software, tracked as CVE-2022-29072 is marked as disputed by the National Vulnerability DatabaseNVD, and sparked discussions over its consequences. This started when a researcher published ...

Bypass Authentication vulnerability in Atlassian Jira Seraph

THREAT LEVEL: Green. For a detailed advisory, download the pdf file here Atlassian has addressed a vulnerability in its Jira Seraph software, tracked as CVE-2022-0540. An unauthenticated attacker can use to bypass authentication. By submitting a specially crafted HTTP request to the affected...

Hive Ransomware targets organizations with ProxyShell exploit

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Hive Ransomware has been active since its discovery in June 2021, and it is constantly deploying different backdoors, including the Cobalt Strike beacon, on Microsoft Exchange servers that are vulnerable to ProxyShell...

The US Cyber Incident Reporting Act – its impact and its requirements for Critical Infrastructure Entities

...

Lazarus is back, targeting organizations with cryptocurrency thefts via TraderTraitor malware

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, and the U.S. Treasury Department Treasury have issued a joint Cybersecurity AdvisoryCSA to make organizations in the blockchai...

Weekly Threat Digest: 11 – 17 April 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 765 14 1 2 6 25 The third week of April 2022 witnessed a huge spike on the discovery of 765 vulnerabilities out of...

Two Vulnerabilities discovered in AWS Client VPN

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Two flaws have been discovered in the AWS VPN Client. One of them CVE-2022-25166 was discovered due to a time-of-check to time-of-use TOCTOU condition, which could lead to privilege escalation. Another vulnerability...

OldGremlin, a threat actor targeting Russian organizations with phishing emails since 2020

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here After almost a year, OldGremlin made a comeback in March 2022 by resuming their malicious email campaigns against two Russian organizations. Over the last two years, OldGremlin has carried out 13 malicious email campaigns...

Old Zimbra vulnerability used to target Ukrainian Government Organizations

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here The Ukrainian Computer Emergency Response Team CERT-UA has issued an alert about a campaign targeting Ukrainian government entities that involve an exploit for an XSS vulnerability in Zimbra Collaboration Suite. The attacker...

Two actively exploited vulnerabilities affect multiple VMware products

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Multiple vulnerabilities have been discovered in VMware products. Two of these have been exploited in the wild. The first zero-day vulnerability, CVE-2022-22954, is a server-side template injection flaw. An attacker could...

Google Chrome issues an emergency update to address the third zero-day of year 2022

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A zero-day vulnerability has been discovered in Google Chrome versions prior to 100.0.4896.127. A type of confusion vulnerability tracked as CVE-2022-1364, is said to be exploited in the wild. This vulnerability affects the V8...

Microsoft Patch Tuesday April 2022 addressed two zero-day vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 128 vulnerabilities in there April patch Tuesday update. Two of them have been categorized as zero-day vulnerabilities. One of the two zero-days is exploited-in-the-wild as well. The vulnerability,...

Weekly Threat Digest: 4 – 10 April 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 438 3 3 53 16 54 The second week of April 2022 witnessed the discovery of 438 vulnerabilities out of which 3 gaine...

Attacks on European Union and Ukrainian government entities carried out by the Armageddon group

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Computer Emergency Response Team of Ukraine CERT-UA has issued an alert warning of an ongoing spear-phishing attempt aimed at delivering an email with a malware attachment to Ukrainian government institutions and European...

APT 10, a state-sponsored Chinese threat group, conducting a global cyber espionage operation

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A Chinese state-sponsored advanced persistent threat APT 10 group has been attacking government, legal, religious entities and non-governmental organizations NGOs around the world in what appears to be an espionage campaign th...

Tesla, Guitar, and Cybersecurity

In the first episode of Unplugged Bytes, Sarfaraz Kazi welcomes Hugh Njemanze to share his interests in Tesla, guitar, and cybersecurity. Hugh is President a...

RCE Spring Framework Zero-Day vulnerability “Spring4Shell”

THREAT LEVEL: Red For a detailed advisory, download the pdf file here A zero-day vulnerability has been discovered in the Spring framework, a Java framework that provides infrastructure support for web application development. This vulnerability came to light after a Chinese researcher made a...

Monthly Threat Digest: March 2022

...

Sandworm Team using a new modular malware Cyclops Blink

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The National Cyber Security Centre NCSC in the United Kingdom, the Cybersecurity and Infrastructure Security Agency CISA, the National Security Agency NSA, and the Federal Bureau of Investigation FBI have discovered that the...

Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon

THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in the...