THREATS  May H  March(19)  April(93)  May(144)  June(75)  July(17) 

DATE

NAME

CATEGORY

SUBCATEGORIES

INFO

31.5.22

CVE-2022-30190

Vulnerebility

Vulnerebility

rated 7.8 out of 10 for severity on the CVSS vulnerability scoring system. Microsoft Office versions Office 2013, Office 2016, Office 2019, and Office 2021, as well as Professional Plus editions, are impacted.

31.5.22

CVE-2022-22954

Vulnerebility

Vulnerebility

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection.

31.5.22

CVE-2022-1388

Vulnerebility

Vulnerebility

(CVSS score: 9.8), concerns a critical bug in the BIG-IP iControl REST endpoint that provides an unauthenticated adversary with a method to execute arbitrary system commands.

31.5.22

CVE-2022-22947

Vulnerebility

Vulnerebility

(CVSS score: 10.0) - A code injection vulnerability in Spring Cloud Gateway

31.5.22

CVE-2021-4039

Vulnerebility

Vulnerebility

(CVSS score: 9.8) - A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware

31.5.22

CVE-2022-25075

Vulnerebility

Vulnerebility

(CVSS score: 9.8) - A command injection vulnerability in TOTOLink A3000RU wireless router

31.5.22

CVE-2021-36356

Vulnerebility

Vulnerebility

(CVSS score: 9.8) - A remote code execution vulnerability in KRAMER VIAware

31.5.22

CVE-2021-35064

Vulnerebility

Vulnerebility

(CVSS score: 9.8) - A privilege escalation and command execution vulnerability in Kramer VIAWare

31.5.22

CVE-2020-7961

Vulnerebility

Vulnerebility

(CVSS score: 9.8) - A remote code execution vulnerability in Liferay Portal

31.5.22

IoT malware EnemyBot

Malware

Malware

Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices

31.5.22

Microsoft Office RCE -

“Follina” MSDT Attack

Attack

Attack

Microsoft has now revealed the CVE identifier for this vulnerability is CVE-2022-30190, including a Security Update and article with guidance... but no patch looks to be available as of yet.

31.5.22

GoodWill ransomware

Ransomware

Ransomware

Goodwill ransomware group propagates very unusual demands in exchange for the decryption key. The Robin Hood-like group is forcing its Victims to donate to the poor and provides financial assistance to the patients in need.

29.5.22

CVE-2021-42601

Vulnerebility

Vulnerebility

 

29.5.22

CVE-2021-42600

Vulnerebility

Vulnerebility

 

29.5.22

CVE-2021-42599

Vulnerebility

Vulnerebility

 

29.5.22

CVE-2021-42598

Vulnerebility

Vulnerebility

 

29.5.22

GhostTouch

Hacking

Hacking

as it's called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt.

29.5.22

CVE-2022-0734

Vulnerebility

Vulnerebility

A cross-site scripting (XSS) vulnerability in some firewall versions that could be exploited to access information stored in the user's browser, such as cookies or session tokens, via a malicious script.

29.5.22

CVE-2022-26531

Vulnerebility

Vulnerebility

Several input validation flaws in command line interface (CLI) commands for some versions of firewall, AP controller, and AP devices that could be exploited to cause a system crash.

29.5.22

CVE-2022-26532

Vulnerebility

Vulnerebility

A command injection vulnerability in the "packet-trace" CLI command for some versions of firewall, AP controller, and AP devices that could lead to execution of arbitrary OS commands.

29.5.22

CVE-2022-0910

Vulnerebility

Vulnerebility

An authentication bypass vulnerability affecting select firewall versions that could permit an attacker to downgrade from two-factor authentication to one-factor authentication via an IPsec VPN client.

29.5.22

CVE-2019-6260

Vulnerebility

Vulnerebility

(CVSS score: 9.8), the critical security flaw came to light in January 2019 and relates to a case of arbitrary read and write access to the BMC's physical address space, resulting in arbitrary code execution.

29.5.22

ChromeLoader

Malware

Malware

ChromeLoader might seem like a run-of-the-mill browser hijacker, but its peculiar use of PowerShell could spell deeper trouble.

29.5.22

Browser Automation Frameworks for Malicious Activities

Malware

Malware

Lowering the Barrier of Entry for Malicious Actors.Free-to-use browser automation framework creates thriving criminal community

29.5.22

CVE-2022-1529

Vulnerebility

Vulnerebility

 

29.5.22

CVE-2022-1802

Vulnerebility

Vulnerebility

 

25.5.22

CVE-2022-22784 

Vulnerebility

Vulnerebility

(CVSS score: 8.1) - Improper XML Parsing in Zoom Client for Meetings

25.5.22

CVE-2022-22785

Vulnerebility

Vulnerebility

(CVSS score: 5.9) - Improperly constrained session cookies in Zoom Client for Meetings

25.5.22

CVE-2022-22786

Vulnerebility

Vulnerebility

(CVSS score: 7.5) - Update package downgrade in Zoom Client for Meetings for Windows

25.5.22

CVE-2022-22787

Vulnerebility

Vulnerebility

(CVSS score: 5.9) - Insufficient hostname validation during server switch in Zoom Client for Meetings

25.5.22

Yashma Ransomware

Ransomware

Ransomware

It’s not often that we get to observe the behind-the-scenes drama that can accompany the creation of new malware, but when we do, it gives us a fascinating glimpse into how threat actors operate.

21.5.22

CVE-2022-1609

Vulnerebility

Vulnerebility

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory.

21.5.22

CVE-2022-20821

Vulnerebility

Vulnerebility

NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.

20.5.22

XorDdos

Malware

Linux

XorDdos depicts the trend of malware increasingly targeting Linux-based operating systems, which are commonly deployed on cloud infrastructures and Internet of Things (IoT) devices.

20.5.22

CVE-2021-37973

Vulnerebility

Vulnerebility

Use-after-free in Portals API

20.5.22

CVE-2021-37976

Vulnerebility

Vulnerebility

Information leak in core

20.5.22

CVE-2021-38000

Vulnerebility

Vulnerebility

Insufficient validation of untrusted input in Intents (root cause analysis)

20.5.22

CVE-2021-38003

Vulnerebility

Vulnerebility

Inappropriate implementation in V8, and

20.5.22

CVE-2021-1048

Vulnerebility

Vulnerebility

Use-after-free in Android kernel (root cause analysis)

20.5.22

Cytrox

Malware

Android Spyware

Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users.

20.5.22

NukeSped Backdoor

Malware

Malware

The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped (aka Manuscrypt) implant against targets located in its southern counterpart.

20.5.22

Vidar Malware

Malware

Malware

In April 2022, ThreatLabz discovered several newly registered domains, which were created by a threat actor to spoof the official Microsoft Windows 11 OS download portal.

20.5.22

BLE Proximity Authentication Vulnerable to Relay Attacks

Attack

Bluetooth Attack

An attacker can falsely indicate the proximity of Bluetooth LE (BLE) devices to one another through the use of a relay attack. This may enable unauthorized access to devices in BLE-based proximity authentication systems.

20.5.22

CVE-2021-22573

Vulnerebility

Vulnerebility

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else.

20.5.22

CVE-2022-22973

Vulnerebility

Vulnerebility

(CVSS score: 7.8), the other bug, is a case of local privilege escalation that could enable an attacker with local access to elevate privileges to the "root" user on vulnerable virtual appliances.

20.5.22

CVE-2022-22972

Vulnerebility

Vulnerebility

(CVSS score: 9.8), concerns an authentication bypass that could enable an actor with network access to the UI to gain administrative access without prior authentication.

20.5.22

CVE-2022-22960

Vulnerebility

Vulnerebility

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

20.5.22

CVE-2022-22954

Vulnerebility

Vulnerebility

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection.

20.5.22

SuspSQLUsage

Malware

SQL Malware

Microsoft on Tuesday warned that it recently spotted a malicious campaign targeting SQL Servers that leverages a built-in PowerShell binary to achieve persistence on compromised systems.

18.5.22

CVE-2022-22947 

Vulnerebility

Vulnerebility

(CVSS score: 10.0), a code injection vulnerability in Spring Cloud Gateway that could be exploited to allow arbitrary remote execution on a remote host via a maliciously crafted request.

18.5.22

srv botnet

BotNet

BotNet

New Sysrv Botnet Variant Hijacking Home windows and Linux with Crypto Miners

18.5.22

Facestealer

Malware

Android

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys

18.5.22

CVE-2022-22947

Vulnerebility

Vulnerebility

code injection vulnerability in Spring Cloud Gateway that could be exploited to allow arbitrary remote execution on a remote host by means of a specially crafted request.

18.5.22

CVE-2022-30525

Vulnerebility

Vulnerebility

the vulnerability is rated 9.8 for severity and relates to a command injection flaw in select versions of the Zyxel firewall that could enable an unauthenticated adversary to execute arbitrary commands on the underlying operating system.

18.5.22

Evil Never Sleeps

Papers

Papers

When Wireless Malware Stays On After Turning Off iPhon

18.5.22

BRAKTOOTH

Vulnerebility

Vulnerebility

BRAKTOOTH: Causing Havoc on Bluetooth Link Manag

14.5.22

CVE-2022-1701

Vulnerebility

Vulnerebility

(CVSS score: 5.7) - Use of a shared and hard-coded cryptographic key SonicWall SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1.

14.5.22

CVE-2022-1702

Vulnerebility

Vulnerebility

(CVSS score: 6.1) - URL redirection to an untrusted site (open redirection) SonicWall SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1.

14.5.22

CVE-2022-22282

Vulnerebility

Vulnerebility

(CVSS score: 8.2) - Unauthenticated Access Control Bypass SonicWall SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1.

14.5.22

Saitama backdoor

Malware

Backdoor

Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing resemblances to past campaigns staged by the group.

14.5.22

CVE-2022-0556

Vulnerebility

Vulnerebility

Local privilege escalation ZyXel VMG3312-T20A

14.5.22

CVE-2022-26414

Vulnerebility

Vulnerebility

Buffer overflow ZyXel VMG3312-T20A

14.5.22

CVE-2022-26413

Vulnerebility

Vulnerebility

Command injection ZyXel VMG3312-T20A

14.5.22

CVE-2022-30525

Vulnerebility

Vulnerebility

(CVSS score: 9.8), the flaw impacts the following products, with patches released in version ZLD V5.30

14.5.22

COBALT MIRAGE

APT

Ransomware

The Iranian threat group blurs the line between financially motivated attacks and espionage.

12.5.22

Bitter APT

Malware

RAT

 

12.5.22

Nerbian RAT

Malware

RAT

The newly identified Nerbian RAT leverages multiple anti-analysis components spread across several stages, including multiple open-source libraries.

11.5.22

CVE-2022-29140

Vulnerebility

Vulnerebility

Vulnerabilities in the Print Spooler component

11.5.22

CVE-2022-29114

Vulnerebility

Vulnerebility

Vulnerabilities in the Print Spooler component

11.5.22

CVE-2022-29132

Vulnerebility

Vulnerebility

Privilege escalation

11.5.22

CVE-2022-29104

Vulnerebility

Vulnerebility

Privilege escalation

11.5.22

CVE-2022-30129

Vulnerebility

Vulnerebility

Visual Studio Code

11.5.22

CVE-2022-22019

Vulnerebility

Vulnerebility

Remote Procedure Call Runtime

11.5.22

CVE-2022-29133

Vulnerebility

Vulnerebility

Windows Kernel

11.5.22

CVE-2022-26927

Vulnerebility

Vulnerebility

Windows Graphics

11.5.22

CVE-2022-29130

Vulnerebility

Vulnerebility

Windows LDAP

11.5.22

CVE-2022-22012

Vulnerebility

Vulnerebility

Windows LDAP

11.5.22

CVE-2022-26937

Vulnerebility

Vulnerebility

RCE bugs in Windows Network File System

11.5.22

CVE-2022-22713

Vulnerebility

Vulnerebility

(CVSS score: 5.6) - Windows Hyper-V Denial-of-Service Vulnerability

11.5.22

CVE-2022-29972

Vulnerebility

Vulnerebility

(CVSS score: 8.2) - Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver (aka SynLapse)

11.5.22

CVE-2022-26925

Vulnerebility

Vulnerebility

(CVSS score: 8.1), a spoofing vulnerability affecting the Windows Local Security Authority (LSA), which Microsoft describes as a "protected subsystem that authenticates and logs users onto the local system."

11.5.22

REvil

Ransomware

Ransomware

Updated samples indicate access to original source code and active development, signaling that GOLD SOUTHFIELD has resumed operations.

11.5.22

Prynt Stealer

Malware

Stealer

Cyble research labs discovered a new Infostealer named Prynt Stealer. The stealer is new on the cybercrime forums and comes with various capabilities.

11.5.22

Saintstealer

Malware

Stealer

During our routine threat-hunting exercise, Cyble Research Labs came across a C# .NET-based information stealer developed by the Saint gang.

11.5.22

CVE-2022-29972

Vulnerebility

SynLapse

Orca Security is issuing this security advisory for CVE-2022-29972 to address hazards in the use of the Microsoft Azure Synapse service.

11.5.22

Bumblebee malware

Malware

Malware

Identified by Proofpoint as the threat actor behind the Contact Forms campaign, TA578 also appears to be pushing ISO files for Bumblebee malware through thread-hijacked emails.

10.5.22

Octopus Backdoor

Malware

Backdoor

Last week, I found another interesting Word document that delivered an interesting malicious script to potential victims.

10.5.22

DarkCrystal RAT

Malware

RAT

DCRat (also known as DarkCrystal RAT) is a commercial Russian backdoor that was first released in 2018, before being redesigned and relaunched a year later.

10.5.22

Joker malware

Malware

Android

Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker's choice, such as stealing text messages, contact lists, and device information.

10.5.22

Jester Stealer

Malware

Stealer

It is established that the mentioned archive contains the SFX file of the same name, which, in turn, contains the malicious program CredoMap_v2.

10.5.22

CVE-2022-1388

Vulnerebility

Vulnerebility

(CVSS score: 9.8), the flaw relates to an iControl REST authentication bypass that, if successfully exploited, could lead to remote code execution, allowing an attacker to gain initial access and take control of an affected system.

8.5.22

Pipe-based

Malware

Fileless

In February 2022 we observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign.

8.5.22

CVE-2022-27588

Vulnerebility

Vulnerebility

(CVSS score: 9.8), the vulnerability has been addressed in QVR 5.1.6 build 20220401 and later. Credited with reporting the flaw is the Japan Computer Emergency Response Team Coordination Center (JPCERT/CC).

8.5.22

CVE-2021-38693

Vulnerebility

Vulnerebility

(CVSS score: 5.3) - A path traversal vulnerability in thttpd affecting QNAP devices running QTS, QuTS hero, QuTScloud, and QVR Pro Appliance, leading to information disclosure

8.5.22

CVE-2021-44051

Vulnerebility

Vulnerebility

(CVSS score: 8.8) - A command injection vulnerability in QNAP devices running QTS, QuTS hero, and QuTScloud, resulting in arbitrary command execution

8.5.22

CVE-2021-44052

Vulnerebility

Vulnerebility

(CVSS score: 6.5) - An improper link resolution before file access ("link following") vulnerability in QNAP devices running QTS, QuTS hero, and QuTScloud, allowing attackers to read/write files in arbitrary file locations

8.5.22

CVE-2021-44053

Vulnerebility

Vulnerebility

(CVSS score: 5.7) - A cross-site scripting (XSS) vulnerability in QNAP devices running QTS, QuTS hero, and QuTScloud, leading to code injection

8.5.22

CVE-2021-44054

Vulnerebility

Vulnerebility

(CVSS score: 4.3) - An open redirect vulnerability in QNAP devices running QTS, QuTS hero, and QuTScloud, making it possible to redirect users to a rogue web pages

8.5.22

CVE-2021-44055

Vulnerebility

Vulnerebility

(CVSS score: 5.3) - A missing authorization vulnerability in QNAP devices running Video Station, allowing attackers to access data or perform unauthorized actions

8.5.22

CVE-2021-44056

Vulnerebility

Vulnerebility

(CVSS score: 7.1) - An improper authentication vulnerability in QNAP devices running Video Station, leading to system compromise

8.5.22

CVE-2021-44057

Vulnerebility

Vulnerebility

(CVSS score: 7.1) - An improper authentication vulnerability in QNAP devices running Photo Station, leading to system compromise

8.5.22

Raspberry Robin malware

Malware

Malware

 

8.5.22

PrivateLoader

Malware

Pay-per-install (PPI)
malware

Pay-per-install (PPI) malware services have been an integral part of the cybercrime ecosystem for a considerable amount of time.

8.5.22

LockBit

Malware

Ransomware 

 

8.5.22

Agent Tesla

Malware

Ransomware 

A .NET based keylogger and RAT readily available to actors. Logs keystrokes and the host's clipboard and beacons this information back to the C2.

8.5.22

BitRAT

Malware

Malware RAT

 

8.5.22

NjRAT

Malware

Malware RAT

RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell,

8.5.22

Dridex

Malware

Banking Trojan

OxCERT blog describes Dridex as "an evasive, information-stealing malware variant; its goal is to acquire as many credentials as possible and return them via an encrypted tunnel to a Command-and-Control (C&C) server.

8.5.22

Kronos

Malware

Malware

 

8.5.22

TrickBot

Malware

Bot

A financial Trojan believed to be a derivative of Dyre: the bot uses very similar code, web injects, and operational tactics. Has multiple modules including VNC and Socks5 Proxy. Uses SSL for C2 communication.

8.5.22

NanoCore

Malware

RAT

Nanocore is a Remote Access Tool used to steal credentials and to spy on cameras. It as been used for a while by numerous criminal actors as well as by nation state threat actors.

8.5.22

Remcos

Malware

RAT

Remcos (acronym of Remote Control & Surveillance Software) is a Remote Access Software used to remotely control computers.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.

8.5.22

CryptBot

Malware

Cryptbot

A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system.

8.5.22

Formbook

Malware

Crypt

FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.

8.5.22

DanaBot

Malware

Bot

Proofpoints describes DanaBot as the latest example of malware focused on persistence and stealing useful information that can later be monetized rather than demanding an immediate ransom from victims.

8.5.22

GCleaner

Malware

Malware

 

8.5.22

Raccoon

Malware

cryptocurrencies

Raccoon is a stealer and collects "passwords, cookies and autofill from all popular browsers (including FireFox x64), CC data, system information, almost all existing desktop wallets of cryptocurrencies".

8.5.22

Vidar

Malware

Stealer

Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.

8.5.22

RedLine Stealer

Malware

Stealer

RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month).

8.5.22

SmokeLoader

Malware

Backdoor

The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware.

8.5.22

NetDooka Malware

Malware

Malware

We recently encountered a fairly sophisticated malware framework that we named NetDooka after the names of some of its components. The framework is distributed via a pay-per-install (PPI) service and contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured remote access trojan (RAT) that implements its own network communication protocol.

8.5.22

Mustang Panda

Operation

Espionage

MustangPanda, also known as "RedDelta" or "Bronze President," is a China-based threat actor that has targeted entities all over the world since at least 2012, including American and European entities such as government organizations, think tanks, NGOs, and even Catholic organizations at the Vatican.

8.5.22

CVE-2021-22600

Vulnerebility

Vulnerebility

(CVSS score: 7.8), the vulnerability is ranked "High" for severity and could be exploited by a local user to escalate privileges or deny service.

8.5.22

CVE-2022-26523

Vulnerebility

Vulnerebility

Avast’s “Anti Rootkit” driver (also used by AVG) has been found to be vulnerable to two high severity attacks that could potentially lead to privilege escalation by running code in the kernel from a non-administrator user.

8.5.22

CVE-2022-26522

Vulnerebility

Vulnerebility

Avast’s “Anti Rootkit” driver (also used by AVG) has been found to be vulnerable to two high severity attacks that could potentially lead to privilege escalation by running code in the kernel from a non-administrator user.

5.5.22

CVE-2022-20777

Vulnerebility

Vulnerebility

(CVSS score: 9.9) - An issue with insufficient guest restrictions that allows an authenticated, remote attacker to escape from the guest VM to gain unauthorized root-level access on the NFVIS host.

5.5.22

CVE-2022-20779

Vulnerebility

Vulnerebility

(CVSS score: 8.8) - An improper input validation flaw that permits an unauthenticated, remote attacker to inject commands that execute at the root level on the NFVIS host during the image registration process.

5.5.22

CVE-2022-20777

Vulnerebility

Vulnerebility

(CVSS score: 9.9) - An issue with insufficient guest restrictions that allows an authenticated, remote attacker to escape from the guest VM to gain unauthorized root-level access on the NFVIS host.

5.5.22

CVE-2022-1388

Vulnerebility

Vulnerebility

This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.

5.5.22

Operation CuckooBees

Operation

Operation

Researchers at Cybereason recently discovered such an attack, which was assessed to be the work of Chinese APT Winnti.

5.5.22

CVE-2022-26352

Vulnerebility

Vulnerebility

When files are uploaded into dotCMS via the content API, but before they become content, dotCMS writes the file down in a temp directory.

5.5.22

DarkWatchman

Malware

Javascript/Backdoor

A new JavaScript-based remote access Trojan (RAT) propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection-evasion methods to elude discovery and analysis.

5.5.22

COLDRIVER

Hacker Group

Hacker Group

Belarusian hacking crew named Ghostwriter in different credential phishing campaigns targeting defense and cybersecurity organizations in the Baltic region and high-risk individuals in Ukraine.

5.5.22

Remcos RAT

Malware

Malware RAT

I haven't really looked into Remcos RAT lately, but I found an email with a password-protected Excel file attached to it.

4.5.22

TLStorm 2

Vulnerebility

Vulnerebility

Armis has discovered five vulnerabilities in the implementation of TLS communications in multiple models of Aruba and Avaya switches.

4.5.22

Conti and Hive ransomware operations

Ransomware 

Ransomware 

As part of Cisco Talos’ continuous efforts to learn more about the current ransomware landscape, we recently examined a trove of chat logs between the Conti and Hive ransomware gangs and their victims.

4.5.22

AvosLocker Ransomware

Ransomware 

Ransomware 

We found samples of AvosLocker ransomware that makes use of a legitimate driver file to disable anti-virus solutions and detection evasion.

4.5.22

Moshen Dragon’s

Attack

Attack Exploit

A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX.

4.5.22

ICS-VU-638779

Vulnerebility

Vulnerebility ICS

The issue, which was originally reported in September 2021, affects the Domain Name System (DNS) implementation of two popular C libraries called uClibc and uClibc-ng that are used for developing embedded Linux systems.

4.5.22

UNC3524

Hacker Group

Hacker Group

A newly discovered suspected espionage threat actor has been targeting employees focusing on mergers and acquisitions as well as large corporate transactions to facilitate bulk email collection from victim environments.

4.5.22

Override Panda

APT

APT

NAIKON is the name of an APT (Advanced Persistent Threat) which is believed to originate from China. The Naikon hacker group was first tracked over a decade ago, back in 2010.

4.5.22

APT29 Phishing Campaigns

APT

APT

Beginning mid-January 2022, Mandiant detected and responded to an APT29 phishing campaign targeting a diplomatic entity.

1.5.22

ExtraReplica Vulnerebility

Vulnerebility

Vulnerebility

Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL