Citrix ADC and Gateway Zero-Day Vulnerability Exploited by APT5
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Patch Tuesday for December tackles two zero-day vulnerabilities, one of which is being actively exploited (CVE-2022-44698) and another that was publicly disclosed at the time of release (CVE-2022-44710), along with the …
Microsoft addresses actively exploited zero-day and numerous critical flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Patch Tuesday for December tackles two zero-day vulnerabilities, one of which is being actively exploited (CVE-2022-44698) and another that was publicly disclosed at the time of release (CVE-2022-44710), along with the …
The Cloud Atlas Perpetual Threat aims to persuade entities in Russia
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Cloud Atlas is a cyberespionage gang. They have launched repeated, highly focused attacks on critical infrastructure spanning geographical zones and political disputes since their discovery in 2014. As their initial attack …
MuddyWater is back with new techniques
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary MuddyWater used Dropbox links and document attachments with URLs redirected to ZIP archives as lures in its campaign, which also utilized compromised corporate email accounts. In addition to using Remote Utilities …
Active exploitation of the Fortinet pre-auth RCE vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has addressed a critical security flaw in its FortiOS SSL-VPN product, which is being actively exploited in the wild. The heap-based buffer overflow bug in FortiOS sslvpnd is listed as …
Truebot exploits vulnerability in Netwrix to deploy Clop Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In 2017, Truebot was discovered to be linked to the Silence group and has affected more than 1,500 systems worldwide with shellcode, Cobalt Strike beacons, Grace malware, the Teleport tool, and …
Iran-based Agrius deploys Fantasy wiper to attack IT firms in Israel
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Iran-based Agrius group has targeted Israel and the United Arab Emirates since 2020. In the beginning, the group deployed a wiper called Apostle, disguised as ransomware, which was later modified into …
Internet Explorer Zero-Day Vulnerability Exploited by APT 37
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary North Korean hackers identified as APT37 exploited a previously unknown Internet Explorer zero-day vulnerability to infect South Koreans, North Korean defectors, policymakers, journalists, and human rights activists. The vulnerability is discovered …
Fortinet addresses Authentication Bypass in addition to numerous flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet addressed security flaws across its products, including a high-severity authentication bypass affecting FortiOS and FortiProxy tracking CVE-2022-35843 in FortiOS’s SSH login component. Only when Radius authentication is utilized can the …