Tracking the Stealthy Movements of Vidar Info-Stealer Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Vidar is an info-stealer malware that was first spotted in the wild in late 2018. It is considered a distinct fork of the Arkei malware family and has a simple business …
CrySIS Ransomware A Long-Standing Threat with a New Twist
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The ransomware family CrySIS, dubbed Dharma, has been advancing since 2016. Its source code was made available to the public, enabling others to customize it for their use. The criminals behind …
A new EmojiDeploy attack has been found in an Azure service
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The EmojiDeploy attack chain allows a threat actor to run arbitrary code, steal or delete sensitive data, and compromise a targeted application on Azure by exploiting a remote code execution vulnerability …
Control Web Panel OS Command Injection Exploitation Increases After POC Release
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary On January 3, 2023, a security researcher published a proof-of-concept exploit for a vulnerability in Control Web Panel (CWP) that allows unauthenticated remote code execution. By January 6, the vulnerability was …
Korean Word Processor Scam Alert Orcus RAT Lurking in Cracked Versions
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Orcus RAT, formerly known as Schnorchel, first appeared in April 2016 and allows for remote control of infected systems. Intruders are attempting to deploy a variant of Orcus RAT along with …
New BOLDMOVE Backdoor uses FortiOS vulnerability for initial access
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A suspected China-nexus campaign has exploited a vulnerability in Fortinet’s FortiOS SSL-VPN, known as CVE-2022-42475. The exploitation was believed to have occurred as early as October 2022 and the targets include …
APT15 enhanced its arsenal with an updated variant of the Turian backdoor
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT15 has modified its toolkit to include new variants of the Turian backdoor, as well as new command and control infrastructure. The malware contains VMProtect, which obfuscates all API calls within …
Kasablanka Group Launches Phishing Campaigns Targeting Russian Government Entities
Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary The GitLab CE and EE have two security issues in Git. One of them is CVE-2022-41903, which is an integer overflow in the ‘git-log’ and ‘git-archive’ commands that can result in …
GitLab releases new CE and EE versions to address integer overflow vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The GitLab CE and EE have two security issues in Git. One of them is CVE-2022-41903, which is an integer overflow in the ‘git-log’ and ‘git-archive’ commands that can result in …
Middle East targeted by Earth Bogle using NjRAT malware
Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary Earth Bogle’s active campaign hosts malware on public cloud storage sites like files.fm and failiem.lv. Compromised web servers also distribute NjRAT, also known as Bladabindi, a remote access trojan (RAT) malware …