NeedleDropper malware leverages a memory corruption flaw in Microsoft to disseminate
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new dropper strain dubbed NeedleDropper is used to distribute multiple malware families. The dropper attempts to obfuscate by dumping numerous useless, invalid files and storing critical data within several MB …
After four months of idleness, Emotet reappears and deploys loaders
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Emotet banking Trojan was initially found in 2014 as one of the most expensive and damaging malware. The phishing efforts that spread Emotet used the same email thread hijacking approach …
Microsoft addresses one actively exploited zero-day and numerous critical vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft released a patch on January 2023’s Patch Tuesday addressing 98 vulnerabilities, of which 11 are considered critical. The patch includes fixes for a range of vulnerabilities including 39 Elevation of …
Google releases Chrome 109 with a range of bug fixes
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chrome 109 is being promoted to the stable channel for Windows, Mac, and Linux. It contains a number of bug fixes and improvements, including use after free in Overview Mode, …
PatchWork gang dropped a variant of the BADNEWS Trojan
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Patchwork deployed a variant of the BADNEWS (Ragnatela) Remote Administration Trojan that employed malicious RTF files in its most recent campaign. The group’s project name and control panel are named “Ragnatela,” …
New Vulnerability Found in the JsonWebToken Open-Source Project
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new high-severity vulnerability named CVE-2022-23529 has been discovered in the popular JsonWebToken open-source package. This vulnerability allows attackers to execute remote code on servers that verify a maliciously crafted JSON …
Southeast Asian APT Group Saaiwc Targets Military and Financial Departments with PowerDism Backdoor
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Saaiwc Group (APT-LY-1005) is a newly identified APT group that is thought to operate in Southeast Asia. The group’s main tactic is to use an ISO file as a malicious payload, …
Turla APT used ANDROMEDA malware to infiltrate a variety of industries
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Turla Group is reportedly distributing the KOPILUWAK reconnaissance software and the QUIETCANARY backdoor to victims of ANDROMEDA malware in Ukraine. ANDROMEDA malware, spread through infected USB drives. KOPILUWAK is a …
Information Stealer LummaC2 Targets Browsers and Crypto Wallets
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LummaC2 Stealer is an information stealer that targets Chromium and Mozilla-based browsers. It is designed to steal sensitive information from a victim’s machine, including crypto wallets, extensions, and two-factor authentication (2FA). …