THREATS June H March(19) April(93) May(144) June(75) July(17)
DATE |
NAME |
CATEGORY |
SUBCATEGORIES |
INFO |
29.6.22 | YTStealer | Malware | Stealer | YTStealer Malware: “YouTube Cookies! Om Nom Nom Nom” |
29.6.22 | CVE-2022-30333 |
Vulnerebility |
Vulnerebility |
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. |
29.6.22 | CVE-2022-30137 |
Vulnerebility |
Vulnerebility |
Azure Service Fabric Container Elevation of Privilege Vulnerability. |
29.6.22 | CVE-2022-29499 |
Vulnerebility |
Vulnerebility |
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. |
29.6.22 | CVE-2021-30533 |
Vulnerebility |
Vulnerebility |
Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe. |
29.6.22 | CVE-2021-4034 |
Vulnerebility |
Vulnerebility |
A local privilege escalation vulnerability was found on polkit's pkexec utility. |
28.6.22 |
Malware |
RAT |
A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks. |
|
28.6.22 |
Vulnerebility |
Vulnerebility |
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. |
|
28.6.22 |
Vulnerebility |
Vulnerebility |
OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to remote memory corruption which can be triggered trivially by an attacker. |
|
28.6.22 |
Android |
Malware |
In June 2022, a new Android banking trojan was discovered by the Cleafy TIR team. |
|
27.6.22 |
Ransomware |
Ransomware |
The Black Basta ransomware is a new strain of ransomware discovered in April of 2022. |
|
27.6.22 |
Malware |
Malware loader |
Recently, Cyble Research Labs came across a Twitter post where a researcher observed this malware spreading through spam campaigns. |
|
25.6.22 |
Vulnerebility |
Vulnerebility |
This issue was CVE-2021-30983 was fixed in iOS 15.2 in December 2021. |
|
25.6.22 |
Ransomware |
Ransomware |
The Week in Ransomware - June 24th 2022 - Splinter Cells |
|
23.6.22 |
Ransomware |
Ransomware |
With the release of the report Common TTPs of modern ransomware, Kaspersky experts have taken a different approach. |
|
23.6.22 |
Operation |
APT |
The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0. |
|
23.6.22 |
Vulnerebility |
Vulnerebility |
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. |
|
23.6.22 |
Vulnerebility |
Vulnerebility |
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. |
|
23.6.22 |
Vulnerebility |
Vulnerebility |
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, |
|
23.6.22 |
Vulnerebility |
Vulnerebility |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability. |
|
23.6.22 |
Vulnerebility |
Vulnerebility |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. |
|
23.6.22 |
Vulnerebility |
Vulnerebility |
Internet Explorer Memory Corruption Vulnerability |
|
21.6.22 |
CVE-2022-22620 |
Vulnerebility |
Vulnerebility |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). |
19.6.22 |
CVE-2022-26134 |
Vulnerebility |
Vulnerebility |
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. |
19.6.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.8), and concerns an authentication bypass vulnerability that can be weaponized to execute arbitrary code remotely. It affects Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier. |
|
16.6.22 |
CVE-2022-20825 |
Vulnerebility |
Vulnerebility |
CVSS score: 9.8), relates to a case of insufficient user input validation of incoming HTTP packets. |
16.6.22 |
CVE-2022-20798 |
Vulnerebility |
Vulnerebility |
A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) |
16.6.22 |
Sality | Malware | Rootkit/Backdoor | Modern Sality variants also have the ability to communicate over a peer-to-peer (P2P) network, allowing an attacker to control a botnet of Sality-infected machines. |
16.6.22 |
Panchan’s | BotNet | BotNet | Akamai security researchers discovered Panchan, a new peer-to-peer botnet and SSH worm that emerged in March 2022 and has been actively breaching Linux servers since. |
16.6.22 |
CVE-2022-30190 |
Vulnerebility |
Vulnerebility |
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability |
16.6.22 |
CVE-2022-30136 |
Vulnerebility |
Vulnerebility |
Windows Network File System Remote Code Execution Vulnerability |
16.6.22 |
CVE-2022-30163 |
Vulnerebility |
Vulnerebility |
Windows Hyper-V Remote Code Execution Vulnerability |
16.6.22 |
CVE-2022-30147 |
Vulnerebility |
Vulnerebility |
(CVSS score: 7.8), an elevation of privilege vulnerability affecting Windows Installer and which has been marked with an "Exploitation More Likely" assessment by Microsoft. |
16.6.22 |
Hertzbleed Attack |
Attack |
Attack |
Hertzbleed is a new family of side-channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. |
14.6.22 |
CVE-2022-27924 |
Vulnerebility |
Vulnerebility |
(CVSS score: 7.5), the issue has been characterized as a case of "Memcached poisoning with unauthenticated request," leading to a scenario where an adversary can inject malicious commands and siphon sensitive information. |
14.6.22 |
CVE-2022-29972 |
Vulnerebility |
Vulnerebility |
(CVSS score: 7.8) and disclosed early last month, could have allowed an attacker to perform remote command execution and gain access to another Azure client's cloud environment. |
14.6.22 |
Syslogk | Malware | Linux | Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. |
14.6.22 |
Warzone RAT | Malware | RAT | Warzone aims to be the Remote Access Trojan (RAT) of choice for aspiring miscreants on a budget. It is sold on a publicly available website as opposed to on the dark web, as a Malware-as-a-Service (MaaS) subscription-based platform. |
14.6.22 |
Snake Keylogger | Malware | Keylogger | Snake Keylogger is a malware developed using .NET. It first appeared in late 2020 and focused on stealing sensitive information from a victim’s device, including saved credentials, the victim’s keystrokes, |
14.6.22 |
Arkei | Malware | RAT | Arkei Infostealer Expands Reach Using SmokeLoader to Target Crypto Wallets and MFA |
14.6.22 |
Rekoobe | Malware | Linux | A Trojan for Linux intended to infect machines with the SPARC architecture and Intel x86, x86-64 computers. The Trojan’s configuration data is stored in a file encrypted with XOR algorithm |
14.6.22 |
PureCrypter | Malware | RAT | PureCrypter has been growing in popularity with a number of information stealers and remote access trojans (RATs) being deployed by it. ThreatLabz has observed PureCrypter being used to distribute the following malware families: |
14.6.22 |
Malware |
Android/iOS |
How SeaFlower 藏海花 installs backdoors in iOS/Android web3 wallets to steal your seed phrase |
|
14.6.22 |
Malware |
Malware |
Unit 42 recently identified a new, difficult-to-detect remote access trojan named PingPull being used by GALLIUM, an advanced persistent threat (APT) group. |
|
14.6.22 |
Vulnerebility |
Vulnerebility |
Successful exploitation of the flaws could allow access to sensitive information and code execution. The vulnerabilities impact 6800 and 6900 Series SIP phones, excluding the 6970 model. |
|
14.6.22 |
Vulnerebility |
Vulnerebility |
Successful exploitation of the flaws could allow access to sensitive information and code execution. The vulnerabilities impact 6800 and 6900 Series SIP phones, excluding the 6970 model. |
|
14.6.22 |
Ransomware |
Ransomware |
Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts. |
|
14.6.22 |
Malware |
Malware |
Open-source lightweight backdoor for C2 communication. |
|
11.6.22 |
PACMAN: Attacking ARM Pointer Authentication with Speculative Execution | Attack | Attack | We demonstrate multiple proof-of-concept attacks of PACMAN on the Apple M1 SoC, the first desktop processor that supports ARM Pointer Authentication. |
9.6.22 |
CVE-2010-3333 |
Vulnerebility |
Vulnerebility |
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." |
9.6.22 |
CVE-2012-0158 |
Vulnerebility |
Vulnerebility |
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 |
9.6.22 |
Vulnerebility |
Exploit |
Microsoft Diagnostic Tool "DogWalk" Package Path Traversal Gets Free Micropatches (0day/WontFix) |
|
6.6.22 |
SVCReady | Malware | Malware | A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines. |
6.6.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 7.1) - Large buffer overflow leads to DoS in U-Boot IP packet defragmentation code |
|
6.6.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.6) - Hole Descriptor overwrite in U-Boot IP packet defragmentation leads to an arbitrary out-of-bounds write primitive. |
|
6.6.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 7.4) - A lack of TLS encryption for LRM versions 2.4 and lower that could be abused by an attacker to stage a man-in-the-middle (MitM) attack and access credentials. |
|
6.6.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.1) - A lack of authentication in LRM by default, enabling an attacker to inject, modify, or access sensitive data. |
|
6.6.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 10.0) - An issue with the unrestricted upload of any file type, allowing an attacker to achieve arbitrary code execution. |
|
6.6.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 10.0) - A directory traversal vulnerability that could allow an attacker to upload malicious files to arbitrary locations. |
|
6.6.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 10.0) - A remote code execution vulnerability at the operating system level that could allow an attacker to tamper with settings and access sensitive data or APIs. |
|
6.6.22 |
CVE-2022-30190 |
Vulnerebility |
Vulnerebility |
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. |
5.6.22 |
WinDealer | Malware |
Malware espionage |
An "extremely sophisticated" Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks. |
4.6.22 |
CVE-2022-1680 |
Vulnerebility |
Vulnerebility |
GitLab Critical Security Release: 15.0.1, 14.10.4, and 14.9.5 for GitLab Community Edition (CE) and Enterprise Edition (EE). |
4.6.22 |
Malware |
Malware |
FAKEUPDATES is a downloader written in JavaScript that communicates via HTTP. Supported payload types include executables and JavaScript. It writes the payloads to disk prior to launching them. |
|
4.6.22 |
Vulnerebility |
Vulnerebility |
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 |
|
3.6.22 |
Ransomware |
Ransomware |
In late February of this year, an unknown individual began leaking internal information and communications from the notorious Conti ransomware organization. |
|
3.6.22 |
UNISOC baseband opens mobile phones |
Vulnerebility |
Vulnerebility |
Do you remember push-button telephones? Many of them were based on chips from Spreadtrum Communications Inc., a Chinese chip manufacturer founded in 2001. |
3.6.22 |
Vulnerebility |
Vulnerebility |
Security researchers from Volexity discovered a 0-day vulnerability (CVE-2022-26134) in Atlassian Confluence software over the weekend. This vulnerability is being actively exploited |
|
3.6.22 |
Ransomware |
IoT |
In this report, Vedere Labs demonstrates R4IoT: a proof of concept for next-generation ransomware that exploits IoT devices for initial access, targets IT devices to deploy ransomware and cryptominers, |
|
3.6.22 |
Vulnerebility |
Vulnerebility |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. |
|
3.6.22 |
Vulnerebility |
Vulnerebility |
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. |
|
3.6.22 |
APT |
Hacking |
Group-IB Threat Intelligence researchers have discovered a new malicious infrastructure and a custom tool of the APT group SideWinder (aka Rattlesnake, Hardcore Nationalist, RAZOR TIGER, T-APT-04 and APT-C-17) |
|
3.6.22 |
Vulnerebility |
Vulnerebility |
Horde Webmail Remote Code Execution via Email. The discovered code vulnerability (CVE-2022-30287) allows an authenticated user of a Horde instance to execute arbitrary code on the underlying server. |
|
3.6.22 |
BotNet |
BotNet |
In July 2021, CPR released a series of three publications covering different aspects of how the Formbook and XLoader malware families function. |