THREATS May H March(19) April(93) May(144) June(75) July(17)
DATE |
NAME |
CATEGORY |
SUBCATEGORIES |
INFO |
31.5.22 |
Vulnerebility |
Vulnerebility |
rated 7.8 out of 10 for severity on the CVSS vulnerability scoring system. Microsoft Office versions Office 2013, Office 2016, Office 2019, and Office 2021, as well as Professional Plus editions, are impacted. |
|
31.5.22 |
Vulnerebility |
Vulnerebility |
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. |
|
31.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.8), concerns a critical bug in the BIG-IP iControl REST endpoint that provides an unauthenticated adversary with a method to execute arbitrary system commands. |
|
31.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 10.0) - A code injection vulnerability in Spring Cloud Gateway |
|
31.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.8) - A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware |
|
31.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.8) - A command injection vulnerability in TOTOLink A3000RU wireless router |
|
31.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.8) - A remote code execution vulnerability in KRAMER VIAware |
|
31.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.8) - A privilege escalation and command execution vulnerability in Kramer VIAWare |
|
31.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.8) - A remote code execution vulnerability in Liferay Portal |
|
31.5.22 |
Malware |
Malware |
Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices |
|
31.5.22 |
Attack |
Attack |
Microsoft has now revealed the CVE identifier for this vulnerability is CVE-2022-30190, including a Security Update and article with guidance... but no patch looks to be available as of yet. |
|
31.5.22 |
Ransomware |
Ransomware |
Goodwill ransomware group propagates very unusual demands in exchange for the decryption key. The Robin Hood-like group is forcing its Victims to donate to the poor and provides financial assistance to the patients in need. |
|
29.5.22 |
Vulnerebility |
Vulnerebility |
||
29.5.22 |
Vulnerebility |
Vulnerebility |
||
29.5.22 |
Vulnerebility |
Vulnerebility |
||
29.5.22 |
Vulnerebility |
Vulnerebility |
||
29.5.22 |
Hacking |
Hacking |
as it's called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt. |
|
29.5.22 |
Vulnerebility |
Vulnerebility |
A cross-site scripting (XSS) vulnerability in some firewall versions that could be exploited to access information stored in the user's browser, such as cookies or session tokens, via a malicious script. |
|
29.5.22 |
Vulnerebility |
Vulnerebility |
Several input validation flaws in command line interface (CLI) commands for some versions of firewall, AP controller, and AP devices that could be exploited to cause a system crash. |
|
29.5.22 |
Vulnerebility |
Vulnerebility |
A command injection vulnerability in the "packet-trace" CLI command for some versions of firewall, AP controller, and AP devices that could lead to execution of arbitrary OS commands. |
|
29.5.22 |
Vulnerebility |
Vulnerebility |
An authentication bypass vulnerability affecting select firewall versions that could permit an attacker to downgrade from two-factor authentication to one-factor authentication via an IPsec VPN client. |
|
29.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.8), the critical security flaw came to light in January 2019 and relates to a case of arbitrary read and write access to the BMC's physical address space, resulting in arbitrary code execution. |
|
29.5.22 |
Malware |
Malware |
ChromeLoader might seem like a run-of-the-mill browser hijacker, but its peculiar use of PowerShell could spell deeper trouble. |
|
29.5.22 |
Malware |
Malware |
Lowering the Barrier of Entry for Malicious Actors.Free-to-use browser automation framework creates thriving criminal community |
|
29.5.22 |
Vulnerebility |
Vulnerebility |
|
|
29.5.22 |
Vulnerebility |
Vulnerebility |
|
|
25.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 8.1) - Improper XML Parsing in Zoom Client for Meetings |
|
25.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 5.9) - Improperly constrained session cookies in Zoom Client for Meetings |
|
25.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 7.5) - Update package downgrade in Zoom Client for Meetings for Windows |
|
25.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 5.9) - Insufficient hostname validation during server switch in Zoom Client for Meetings |
|
25.5.22 |
Ransomware |
Ransomware |
It’s not often that we get to observe the behind-the-scenes drama that can accompany the creation of new malware, but when we do, it gives us a fascinating glimpse into how threat actors operate. |
|
21.5.22 |
Vulnerebility |
Vulnerebility |
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory. |
|
21.5.22 |
Vulnerebility |
Vulnerebility |
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available. |
|
20.5.22 |
Malware |
Linux |
XorDdos depicts the trend of malware increasingly targeting Linux-based operating systems, which are commonly deployed on cloud infrastructures and Internet of Things (IoT) devices. |
|
20.5.22 |
Vulnerebility |
Vulnerebility |
Use-after-free in Portals API |
|
20.5.22 |
Vulnerebility |
Vulnerebility |
Information leak in core |
|
20.5.22 |
Vulnerebility |
Vulnerebility |
Insufficient validation of untrusted input in Intents (root cause analysis) |
|
20.5.22 |
Vulnerebility |
Vulnerebility |
Inappropriate implementation in V8, and |
|
20.5.22 |
Vulnerebility |
Vulnerebility |
Use-after-free in Android kernel (root cause analysis) |
|
20.5.22 |
Malware |
Android Spyware |
Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. |
|
20.5.22 |
Malware |
Malware |
The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped (aka Manuscrypt) implant against targets located in its southern counterpart. |
|
20.5.22 |
Malware |
Malware |
In April 2022, ThreatLabz discovered several newly registered domains, which were created by a threat actor to spoof the official Microsoft Windows 11 OS download portal. |
|
20.5.22 |
Attack |
Bluetooth Attack |
An attacker can falsely indicate the proximity of Bluetooth LE (BLE) devices to one another through the use of a relay attack. This may enable unauthorized access to devices in BLE-based proximity authentication systems. |
|
20.5.22 |
Vulnerebility |
Vulnerebility |
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. |
|
20.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 7.8), the other bug, is a case of local privilege escalation that could enable an attacker with local access to elevate privileges to the "root" user on vulnerable virtual appliances. |
|
20.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.8), concerns an authentication bypass that could enable an actor with network access to the UI to gain administrative access without prior authentication. |
|
20.5.22 |
Vulnerebility |
Vulnerebility |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. |
|
20.5.22 |
Vulnerebility |
Vulnerebility |
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. |
|
20.5.22 |
Malware |
SQL Malware |
Microsoft on Tuesday warned that it recently spotted a malicious campaign targeting SQL Servers that leverages a built-in PowerShell binary to achieve persistence on compromised systems. |
|
18.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 10.0), a code injection vulnerability in Spring Cloud Gateway that could be exploited to allow arbitrary remote execution on a remote host via a maliciously crafted request. |
|
18.5.22 |
BotNet |
BotNet |
New Sysrv Botnet Variant Hijacking Home windows and Linux with Crypto Miners |
|
18.5.22 |
Malware |
Android |
Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys |
|
18.5.22 |
Vulnerebility |
Vulnerebility |
code injection vulnerability in Spring Cloud Gateway that could be exploited to allow arbitrary remote execution on a remote host by means of a specially crafted request. |
|
18.5.22 |
Vulnerebility |
Vulnerebility |
the vulnerability is rated 9.8 for severity and relates to a command injection flaw in select versions of the Zyxel firewall that could enable an unauthenticated adversary to execute arbitrary commands on the underlying operating system. |
|
18.5.22 |
Papers |
Papers |
When Wireless Malware Stays On After Turning Off iPhon |
|
18.5.22 |
Vulnerebility |
Vulnerebility |
BRAKTOOTH: Causing Havoc on Bluetooth Link Manag |
|
14.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 5.7) - Use of a shared and hard-coded cryptographic key SonicWall SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1. |
|
14.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 6.1) - URL redirection to an untrusted site (open redirection) SonicWall SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1. |
|
14.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 8.2) - Unauthenticated Access Control Bypass SonicWall SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1. |
|
14.5.22 |
Malware |
Backdoor |
Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing resemblances to past campaigns staged by the group. |
|
14.5.22 |
Vulnerebility |
Vulnerebility |
Local privilege escalation ZyXel VMG3312-T20A |
|
14.5.22 |
Vulnerebility |
Vulnerebility |
Buffer overflow ZyXel VMG3312-T20A |
|
14.5.22 |
Vulnerebility |
Vulnerebility |
Command injection ZyXel VMG3312-T20A |
|
14.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.8), the flaw impacts the following products, with patches released in version ZLD V5.30 |
|
14.5.22 |
APT |
Ransomware |
The Iranian threat group blurs the line between financially motivated attacks and espionage. |
|
12.5.22 |
Malware |
RAT |
||
12.5.22 |
Malware |
RAT |
The newly identified Nerbian RAT leverages multiple anti-analysis components spread across several stages, including multiple open-source libraries. |
|
11.5.22 |
Vulnerebility |
Vulnerebility |
Vulnerabilities in the Print Spooler component |
|
11.5.22 |
Vulnerebility |
Vulnerebility |
Vulnerabilities in the Print Spooler component |
|
11.5.22 |
Vulnerebility |
Vulnerebility |
Privilege escalation |
|
11.5.22 |
Vulnerebility |
Vulnerebility |
Privilege escalation |
|
11.5.22 |
Vulnerebility |
Vulnerebility |
Visual Studio Code |
|
11.5.22 |
Vulnerebility |
Vulnerebility |
Remote Procedure Call Runtime |
|
11.5.22 |
Vulnerebility |
Vulnerebility |
Windows Kernel |
|
11.5.22 |
Vulnerebility |
Vulnerebility |
Windows Graphics |
|
11.5.22 |
Vulnerebility |
Vulnerebility |
Windows LDAP |
|
11.5.22 |
Vulnerebility |
Vulnerebility |
Windows LDAP |
|
11.5.22 |
Vulnerebility |
Vulnerebility |
RCE bugs in Windows Network File System |
|
11.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 5.6) - Windows Hyper-V Denial-of-Service Vulnerability |
|
11.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 8.2) - Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver (aka SynLapse) |
|
11.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 8.1), a spoofing vulnerability affecting the Windows Local Security Authority (LSA), which Microsoft describes as a "protected subsystem that authenticates and logs users onto the local system." |
|
11.5.22 |
Ransomware |
Ransomware |
Updated samples indicate access to original source code and active development, signaling that GOLD SOUTHFIELD has resumed operations. |
|
11.5.22 |
Malware |
Stealer |
Cyble research labs discovered a new Infostealer named Prynt Stealer. The stealer is new on the cybercrime forums and comes with various capabilities. |
|
11.5.22 |
Malware |
Stealer |
During our routine threat-hunting exercise, Cyble Research Labs came across a C# .NET-based information stealer developed by the Saint gang. |
|
11.5.22 |
Vulnerebility |
Orca Security is issuing this security advisory for CVE-2022-29972 to address hazards in the use of the Microsoft Azure Synapse service. |
||
11.5.22 |
Malware |
Malware |
Identified by Proofpoint as the threat actor behind the Contact Forms campaign, TA578 also appears to be pushing ISO files for Bumblebee malware through thread-hijacked emails. |
|
10.5.22 |
Malware |
Backdoor |
Last week, I found another interesting Word document that delivered an interesting malicious script to potential victims. |
|
10.5.22 |
Malware |
RAT |
DCRat (also known as DarkCrystal RAT) is a commercial Russian backdoor that was first released in 2018, before being redesigned and relaunched a year later. |
|
10.5.22 |
Malware |
Android |
Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker's choice, such as stealing text messages, contact lists, and device information. |
|
10.5.22 |
Malware |
Stealer |
It is established that the mentioned archive contains the SFX file of the same name, which, in turn, contains the malicious program CredoMap_v2. |
|
10.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.8), the flaw relates to an iControl REST authentication bypass that, if successfully exploited, could lead to remote code execution, allowing an attacker to gain initial access and take control of an affected system. |
|
8.5.22 |
Malware |
Fileless |
In February 2022 we observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. |
|
8.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.8), the vulnerability has been addressed in QVR 5.1.6 build 20220401 and later. Credited with reporting the flaw is the Japan Computer Emergency Response Team Coordination Center (JPCERT/CC). |
|
8.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 5.3) - A path traversal vulnerability in thttpd affecting QNAP devices running QTS, QuTS hero, QuTScloud, and QVR Pro Appliance, leading to information disclosure |
|
8.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 8.8) - A command injection vulnerability in QNAP devices running QTS, QuTS hero, and QuTScloud, resulting in arbitrary command execution |
|
8.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 6.5) - An improper link resolution before file access ("link following") vulnerability in QNAP devices running QTS, QuTS hero, and QuTScloud, allowing attackers to read/write files in arbitrary file locations |
|
8.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 5.7) - A cross-site scripting (XSS) vulnerability in QNAP devices running QTS, QuTS hero, and QuTScloud, leading to code injection |
|
8.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 4.3) - An open redirect vulnerability in QNAP devices running QTS, QuTS hero, and QuTScloud, making it possible to redirect users to a rogue web pages |
|
8.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 5.3) - A missing authorization vulnerability in QNAP devices running Video Station, allowing attackers to access data or perform unauthorized actions |
|
8.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 7.1) - An improper authentication vulnerability in QNAP devices running Video Station, leading to system compromise |
|
8.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 7.1) - An improper authentication vulnerability in QNAP devices running Photo Station, leading to system compromise |
|
8.5.22 |
Malware |
Malware |
||
8.5.22 |
Malware |
Pay-per-install (PPI) |
Pay-per-install (PPI) malware services have been an integral part of the cybercrime ecosystem for a considerable amount of time. |
|
8.5.22 |
Malware |
Ransomware |
||
8.5.22 |
Malware |
Ransomware |
A .NET based keylogger and RAT readily available to actors. Logs keystrokes and the host's clipboard and beacons this information back to the C2. |
|
8.5.22 |
Malware |
Malware RAT |
||
8.5.22 |
Malware |
Malware RAT |
RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, |
|
8.5.22 |
Malware |
Banking Trojan |
OxCERT blog describes Dridex as "an evasive, information-stealing malware variant; its goal is to acquire as many credentials as possible and return them via an encrypted tunnel to a Command-and-Control (C&C) server. |
|
8.5.22 |
Malware |
Malware |
||
8.5.22 |
Malware |
Bot |
A financial Trojan believed to be a derivative of Dyre: the bot uses very similar code, web injects, and operational tactics. Has multiple modules including VNC and Socks5 Proxy. Uses SSL for C2 communication. |
|
8.5.22 |
Malware |
RAT |
Nanocore is a Remote Access Tool used to steal credentials and to spy on cameras. It as been used for a while by numerous criminal actors as well as by nation state threat actors. |
|
8.5.22 |
Malware |
RAT |
Remcos (acronym of Remote Control & Surveillance Software) is a Remote Access Software used to remotely control computers.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user. |
|
8.5.22 |
Malware |
Cryptbot |
A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. |
|
8.5.22 |
Malware |
Crypt |
FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware. |
|
8.5.22 |
Malware |
Bot |
Proofpoints describes DanaBot as the latest example of malware focused on persistence and stealing useful information that can later be monetized rather than demanding an immediate ransom from victims. |
|
8.5.22 |
Malware |
Malware |
||
8.5.22 |
Malware |
cryptocurrencies |
Raccoon is a stealer and collects "passwords, cookies and autofill from all popular browsers (including FireFox x64), CC data, system information, almost all existing desktop wallets of cryptocurrencies". |
|
8.5.22 |
Malware |
Stealer |
Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser. |
|
8.5.22 |
Malware |
Stealer |
RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). |
|
8.5.22 |
Malware |
Backdoor |
The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. |
|
8.5.22 |
Malware |
Malware |
We recently encountered a fairly sophisticated malware framework that we named NetDooka after the names of some of its components. The framework is distributed via a pay-per-install (PPI) service and contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured remote access trojan (RAT) that implements its own network communication protocol. |
|
8.5.22 |
Operation |
Espionage |
MustangPanda, also known as "RedDelta" or "Bronze President," is a China-based threat actor that has targeted entities all over the world since at least 2012, including American and European entities such as government organizations, think tanks, NGOs, and even Catholic organizations at the Vatican. |
|
8.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 7.8), the vulnerability is ranked "High" for severity and could be exploited by a local user to escalate privileges or deny service. |
|
8.5.22 |
Vulnerebility |
Vulnerebility |
Avast’s “Anti Rootkit” driver (also used by AVG) has been found to be vulnerable to two high severity attacks that could potentially lead to privilege escalation by running code in the kernel from a non-administrator user. |
|
8.5.22 |
Vulnerebility |
Vulnerebility |
Avast’s “Anti Rootkit” driver (also used by AVG) has been found to be vulnerable to two high severity attacks that could potentially lead to privilege escalation by running code in the kernel from a non-administrator user. |
|
5.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.9) - An issue with insufficient guest restrictions that allows an authenticated, remote attacker to escape from the guest VM to gain unauthorized root-level access on the NFVIS host. |
|
5.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 8.8) - An improper input validation flaw that permits an unauthenticated, remote attacker to inject commands that execute at the root level on the NFVIS host during the image registration process. |
|
5.5.22 |
Vulnerebility |
Vulnerebility |
(CVSS score: 9.9) - An issue with insufficient guest restrictions that allows an authenticated, remote attacker to escape from the guest VM to gain unauthorized root-level access on the NFVIS host. |
|
5.5.22 |
Vulnerebility |
Vulnerebility |
This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only. |
|
5.5.22 |
Operation |
Operation |
Researchers at Cybereason recently discovered such an attack, which was assessed to be the work of Chinese APT Winnti. |
|
5.5.22 |
Vulnerebility |
Vulnerebility |
When files are uploaded into dotCMS via the content API, but before they become content, dotCMS writes the file down in a temp directory. |
|
5.5.22 |
Malware |
Javascript/Backdoor |
A new JavaScript-based remote access Trojan (RAT) propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection-evasion methods to elude discovery and analysis. |
|
5.5.22 |
Hacker Group |
Hacker Group |
Belarusian hacking crew named Ghostwriter in different credential phishing campaigns targeting defense and cybersecurity organizations in the Baltic region and high-risk individuals in Ukraine. |
|
5.5.22 |
Malware |
Malware RAT |
I haven't really looked into Remcos RAT lately, but I found an email with a password-protected Excel file attached to it. |
|
4.5.22 |
Vulnerebility |
Vulnerebility |
Armis has discovered five vulnerabilities in the implementation of TLS communications in multiple models of Aruba and Avaya switches. |
|
4.5.22 |
Ransomware |
Ransomware |
As part of Cisco Talos’ continuous efforts to learn more about the current ransomware landscape, we recently examined a trove of chat logs between the Conti and Hive ransomware gangs and their victims. |
|
4.5.22 |
Ransomware |
Ransomware |
We found samples of AvosLocker ransomware that makes use of a legitimate driver file to disable anti-virus solutions and detection evasion. |
|
4.5.22 |
Attack |
Attack Exploit |
A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX. |
|
4.5.22 |
Vulnerebility |
Vulnerebility ICS |
The issue, which was originally reported in September 2021, affects the Domain Name System (DNS) implementation of two popular C libraries called uClibc and uClibc-ng that are used for developing embedded Linux systems. |
|
4.5.22 |
Hacker Group |
Hacker Group |
A newly discovered suspected espionage threat actor has been targeting employees focusing on mergers and acquisitions as well as large corporate transactions to facilitate bulk email collection from victim environments. |
|
4.5.22 |
APT |
APT |
NAIKON is the name of an APT (Advanced Persistent Threat) which is believed to originate from China. The Naikon hacker group was first tracked over a decade ago, back in 2010. |
|
4.5.22 |
APT |
APT |
Beginning mid-January 2022, Mandiant detected and responded to an APT29 phishing campaign targeting a diplomatic entity. |
|
1.5.22 |
Vulnerebility |
Vulnerebility |
Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL |