THREATS July H March(19) April(93) May(144) June(75) July(17)
DATE |
NAME |
CATEGORY |
SUBCATEGORIES |
INFO |
10.7.22 | Rozena Backdoor | Malware | Backdoor | In May 2022, Microsoft published an advisory about CVE-2022-30190, which is about a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability. |
10.7.22 | CVE-2022-30190 |
Vulnerebility |
Vulnerebility |
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. |
9.7.22 | Robin Worm | Malware | Raspberry | Raspberry Robin is a spreading threat, using specifically crafted Microsoft links (LNK files) to infect its victims. Cybereason observed delivery through file archives, removable devices (USB) or ISO files. |
9.7.22 | AstraLocker decryptor | Anti-Ransom Tool | Anti-Ransom Tool | AstraLocker is a ransomware based on the leaked Babuk source code, and encrypts files using a modified HC-128 encryption algorithm, and Curve25519. The extension ".Astra" or ".babyk" is appended to files. |
9.7.22 | Dynamic analysis of firmware components in IoT devices | Report | Report | Firmware analysis is an essential part of security research and targeted search for vulnerabilities in IoT products, vehicle components, industrial control systems, and a multitude of other types of software/hardware systems designed for various purposes. |
9.7.22 | The Week in Ransomware - July 8th 2022 - One down, many to go |
Ransomware |
Ransomware |
The Week in Ransomware - July 8th 2022 - One down, many to go |
8.7.22 | Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine | APT | APT | Following ongoing research our team, IBM Security X-Force has uncovered evidence indicating that the Russia-based cybercriminal syndicate “Trickbot group” has been systematically attacking Ukraine since the Russian invasion |
8.7.22 | THREAT ANALYSIS REPORT: LockBit 2.0 - All Paths Lead to Ransom |
Ransomware |
Ransomware |
In September 2019, a new version of a worm-like ransomware was reported. This ransomware was known as LockBit. Since then, a new variant of LockBit was discovered, dubbed–LockBit 2.0. |
07.7.22 | BPFDoor | Malware | Linux | BPFDoor is a passive backdoor used by a China-based threat actor. This backdoor supports multiple protocols for communicating with a C2 including TCP, UDP, and ICMP allowing the threat actor a variety of mechanisms to interact with the implant. |
07.7.22 | Symbiote Linux | Malware | Linux | Symbiote, a new “nearly impossible to detect” Linux malware, targeted financial sectors in Latin America—and the threat actors behind it might have links to Brazil. |
07.7.22 | OrBit |
Vulnerebility |
Vulnerebility |
OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow |
07.7.22 | CVE-2022-2274 |
Vulnerebility |
Vulnerebility |
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. |
5.7.22 | CVE-2022-2294 |
Vulnerebility |
Vulnerebility |
relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps. |
2.7.22 | The Week in Ransomware - July 1st 2022 - Bug Bounties |
Ransomware |
Ransomware |
The Week in Ransomware - July 1st 2022 - Bug Bounties |
1.7.22 | SessionManager | Malware | Backdoor | Following on from our earlier Owowa discovery, we continued to hunt for more backdoors potentially set up as malicious modules within IIS, a popular web server edited by Microsoft. And we didn’t come back empty-handed… |
1.7.22 | CVE-2019-2725 |
Vulnerebility |
Vulnerebility |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. |
1.7.22 | CVE-2022-26134 |
Vulnerebility |
Vulnerebility |
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. |