THREATS  June  H  March(19)  April(93)  May(144)  June(75)  July(17) 

DATE

NAME

CATEGORY

SUBCATEGORIES

INFO

29.6.22 YTStealer Malware Stealer YTStealer Malware: “YouTube Cookies! Om Nom Nom Nom”
29.6.22 CVE-2022-30333

Vulnerebility

Vulnerebility

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file.
29.6.22 CVE-2022-30137

Vulnerebility

Vulnerebility

Azure Service Fabric Container Elevation of Privilege Vulnerability.
29.6.22 CVE-2022-29499

Vulnerebility

Vulnerebility

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation.
29.6.22 CVE-2021-30533

Vulnerebility

Vulnerebility

Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.
29.6.22 CVE-2021-4034 

Vulnerebility

Vulnerebility

A local privilege escalation vulnerability was found on polkit's pkexec utility.

28.6.22

ZuoRAT

Malware

RAT

A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks.

28.6.22

CVE-2021-26855

Vulnerebility

Vulnerebility

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.

28.6.22

OpenSSL remote memory corruption

Vulnerebility

Vulnerebility

OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to remote memory corruption which can be triggered trivially by an attacker.

28.6.22

Revive

Android

Malware

In June 2022, a new Android banking trojan was discovered by the Cleafy TIR team.

27.6.22

Black Basta Ransomware

Ransomware

Ransomware

The Black Basta ransomware is a new strain of ransomware discovered in April of 2022.

27.6.22

Matanbuchus Loader Resurfaces

Malware

Malware loader

Recently, Cyble Research Labs came across a Twitter post where a researcher observed this malware spreading through spam campaigns.

25.6.22

The curious tale of a fake Carrier.app

Vulnerebility

Vulnerebility

This issue was CVE-2021-30983 was fixed in iOS 15.2 in December 2021.

25.6.22

The Week in Ransomware - June 24th 2022 - Splinter Cells

Ransomware

Ransomware

The Week in Ransomware - June 24th 2022 - Splinter Cells

23.6.22

Common TTPs of modern ransomware groups

Ransomware

Ransomware

With the release of the report Common TTPs of modern ransomware, Kaspersky experts have taken a different approach.

23.6.22

BRONZE STARLIGHT

Operation

APT

The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0.

23.6.22

CVE-2022-22954

Vulnerebility

Vulnerebility

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection.

23.6.22

CVE-2021-44228

Vulnerebility

Vulnerebility

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.

23.6.22

CVE-2019-11043

Vulnerebility

Vulnerebility

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data,

23.6.22

CVE-2018-8174

Vulnerebility

Vulnerebility

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability.

23.6.22

CVE-2019-0752

Vulnerebility

Vulnerebility

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.

23.6.22

CVE-2021-26411

Vulnerebility

Vulnerebility

Internet Explorer Memory Corruption Vulnerability

21.6.22

CVE-2022-22620

Vulnerebility

Vulnerebility

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8).

19.6.22

CVE-2022-26134

Vulnerebility

Vulnerebility

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.

19.6.22

CVE-2022-1040 

Vulnerebility

Vulnerebility

(CVSS score: 9.8), and concerns an authentication bypass vulnerability that can be weaponized to execute arbitrary code remotely. It affects Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier.

16.6.22

CVE-2022-20825

Vulnerebility

Vulnerebility

CVSS score: 9.8), relates to a case of insufficient user input validation of incoming HTTP packets.

16.6.22

CVE-2022-20798

Vulnerebility

Vulnerebility

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA)

16.6.22

Sality Malware Rootkit/Backdoor Modern Sality variants also have the ability to communicate over a peer-to-peer (P2P) network, allowing an attacker to control a botnet of Sality-infected machines.

16.6.22

Panchan’s BotNet BotNet Akamai security researchers discovered Panchan, a new peer-to-peer botnet and SSH worm that emerged in March 2022 and has been actively breaching Linux servers since.

16.6.22

CVE-2022-30190

Vulnerebility

Vulnerebility

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

16.6.22

CVE-2022-30136

Vulnerebility

Vulnerebility

Windows Network File System Remote Code Execution Vulnerability

16.6.22

CVE-2022-30163

Vulnerebility

Vulnerebility

Windows Hyper-V Remote Code Execution Vulnerability

16.6.22

CVE-2022-30147

Vulnerebility

Vulnerebility

(CVSS score: 7.8), an elevation of privilege vulnerability affecting Windows Installer and which has been marked with an "Exploitation More Likely" assessment by Microsoft.

16.6.22

Hertzbleed Attack

Attack

Attack

Hertzbleed is a new family of side-channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.

14.6.22

CVE-2022-27924 

Vulnerebility

Vulnerebility

(CVSS score: 7.5), the issue has been characterized as a case of "Memcached poisoning with unauthenticated request," leading to a scenario where an adversary can inject malicious commands and siphon sensitive information.

14.6.22

CVE-2022-29972

Vulnerebility

Vulnerebility

(CVSS score: 7.8) and disclosed early last month, could have allowed an attacker to perform remote command execution and gain access to another Azure client's cloud environment.

14.6.22

Syslogk Malware Linux Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects.

14.6.22

Warzone RAT Malware RAT Warzone aims to be the Remote Access Trojan (RAT) of choice for aspiring miscreants on a budget. It is sold on a publicly available website as opposed to on the dark web, as a Malware-as-a-Service (MaaS) subscription-based platform.

14.6.22

Snake Keylogger Malware Keylogger Snake Keylogger is a malware developed using .NET. It first appeared in late 2020 and focused on stealing sensitive information from a victim’s device, including saved credentials, the victim’s keystrokes,

14.6.22

Arkei Malware RAT Arkei Infostealer Expands Reach Using SmokeLoader to Target Crypto Wallets and MFA

14.6.22

Rekoobe Malware Linux A Trojan for Linux intended to infect machines with the SPARC architecture and Intel x86, x86-64 computers. The Trojan’s configuration data is stored in a file encrypted with XOR algorithm

14.6.22

PureCrypter Malware RAT PureCrypter has been growing in popularity with a number of information stealers and remote access trojans (RATs) being deployed by it. ThreatLabz has observed PureCrypter being used to distribute the following malware families:

14.6.22

SeaFlower

Malware

Android/iOS

How SeaFlower 藏海花 installs backdoors in iOS/Android web3 wallets to steal your seed phrase

14.6.22

PingPull

Malware

Malware

Unit 42 recently identified a new, difficult-to-detect remote access trojan named PingPull being used by GALLIUM, an advanced persistent threat (APT) group.

14.6.22

CVE-2022-29855

Vulnerebility

Vulnerebility

Successful exploitation of the flaws could allow access to sensitive information and code execution. The vulnerabilities impact 6800 and 6900 Series SIP phones, excluding the 6970 model.

14.6.22

CVE-2022-29854

Vulnerebility

Vulnerebility

Successful exploitation of the flaws could allow access to sensitive information and code execution. The vulnerabilities impact 6800 and 6900 Series SIP phones, excluding the 6970 model.

14.6.22

HelloXD Ransomware

Ransomware

Ransomware

Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts.

14.6.22

MicroBackdoor

Malware

Malware

Open-source lightweight backdoor for C2 communication.

11.6.22

PACMAN: Attacking ARM Pointer Authentication with Speculative Execution Attack Attack We demonstrate multiple proof-of-concept attacks of PACMAN on the Apple M1 SoC, the first desktop processor that supports ARM Pointer Authentication.

9.6.22

CVE-2010-3333

Vulnerebility

Vulnerebility

Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."

9.6.22

CVE-2012-0158

Vulnerebility

Vulnerebility

The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1

9.6.22

DogWalk

Vulnerebility

Exploit

Microsoft Diagnostic Tool "DogWalk" Package Path Traversal Gets Free Micropatches (0day/WontFix)

6.6.22

SVCReady Malware Malware A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines.

6.6.22

CVE-2022-30552

Vulnerebility

Vulnerebility

(CVSS score: 7.1) - Large buffer overflow leads to DoS in U-Boot IP packet defragmentation code

6.6.22

CVE-2022-30790

Vulnerebility

Vulnerebility

(CVSS score: 9.6) - Hole Descriptor overwrite in U-Boot IP packet defragmentation leads to an arbitrary out-of-bounds write primitive.

6.6.22

CVE-2022-1524

Vulnerebility

Vulnerebility

(CVSS score: 7.4) - A lack of TLS encryption for LRM versions 2.4 and lower that could be abused by an attacker to stage a man-in-the-middle (MitM) attack and access credentials.

6.6.22

CVE-2022-1521

Vulnerebility

Vulnerebility

(CVSS score: 9.1) - A lack of authentication in LRM by default, enabling an attacker to inject, modify, or access sensitive data.

6.6.22

CVE-2022-1519

Vulnerebility

Vulnerebility

(CVSS score: 10.0) - An issue with the unrestricted upload of any file type, allowing an attacker to achieve arbitrary code execution.

6.6.22

CVE-2022-1518 

Vulnerebility

Vulnerebility

(CVSS score: 10.0) - A directory traversal vulnerability that could allow an attacker to upload malicious files to arbitrary locations.

6.6.22

CVE-2022-1517

Vulnerebility

Vulnerebility

(CVSS score: 10.0) - A remote code execution vulnerability at the operating system level that could allow an attacker to tamper with settings and access sensitive data or APIs.

6.6.22

CVE-2022-30190

Vulnerebility

Vulnerebility

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

5.6.22

WinDealer Malware

Malware espionage

An "extremely sophisticated" Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks.

4.6.22

CVE-2022-1680

Vulnerebility

Vulnerebility

GitLab Critical Security Release: 15.0.1, 14.10.4, and 14.9.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).

4.6.22

FakeUpdates

Malware

Malware

FAKEUPDATES is a downloader written in JavaScript that communicates via HTTP. Supported payload types include executables and JavaScript. It writes the payloads to disk prior to launching them.

4.6.22

CVE-2018-13379

Vulnerebility

Vulnerebility

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7

3.6.22

CONTI TARGETS CRITICAL FIRMWARE

Ransomware

Ransomware

In late February of this year, an unknown individual began leaking internal information and communications from the notorious Conti ransomware organization.

3.6.22

UNISOC baseband opens mobile phones
communications to remote hacker attacks

Vulnerebility

Vulnerebility

Do you remember push-button telephones? Many of them were based on chips from Spreadtrum Communications Inc., a Chinese chip manufacturer founded in 2001.

3.6.22

CVE-2022-26134

Vulnerebility

Vulnerebility

Security researchers from Volexity discovered a 0-day vulnerability (CVE-2022-26134) in Atlassian Confluence software over the weekend. This vulnerability is being actively exploited

3.6.22

R4IoT

Ransomware

IoT

In this report, Vedere Labs demonstrates R4IoT: a proof of concept for next-generation ransomware that exploits IoT devices for initial access, targets IT devices to deploy ransomware and cryptominers,

3.6.22

CVE-2022-20210

Vulnerebility

Vulnerebility

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior.

3.6.22

CVE-2019-2215

Vulnerebility

Vulnerebility

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel.

3.6.22

SideWinder.AntiBot.Script

APT

Hacking

Group-IB Threat Intelligence researchers have discovered a new malicious infrastructure and a custom tool of the APT group SideWinder (aka Rattlesnake, Hardcore Nationalist, RAZOR TIGER, T-APT-04 and APT-C-17)

3.6.22

CVE-2022-30287

Vulnerebility

Vulnerebility

Horde Webmail Remote Code Execution via Email. The discovered code vulnerability (CVE-2022-30287) allows an authenticated user of a Horde instance to execute arbitrary code on the underlying server.

3.6.22

XLoader Botnet

BotNet

BotNet

In July 2021, CPR released a series of three publications covering different aspects of how the Formbook and XLoader malware families function.