Vulnerable Atlassian Confluence Servers utilized to drop Crypto Miners
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Atlassian Confluence Server’s CVE-2022-26134, an unauthenticated remote code execution (RCE) vulnerability that was recently patched, is being used by adversaries to deploy cryptocurrency mining malware. …
Zero-day vulnerability in Windows terminal management tool gets a hotfix Date
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft Endpoint Configuration Manager (MECM) has a spoofing vulnerability that allows remote attackers to access sensitive data. The zero-day vulnerability has been identified as CVE-2022-37972. …
Zero-Day vulnerability in WPGateway Plugin compromises WordPress sites
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The recently uncovered CVE-2022-3180 zero-day vulnerability allows an unauthenticated attacker to add an administrator account to WPGateway-powered websites. WPGateway is a commercial plugin that allows users to install, backup, and clone …
Kinsing malware continues to exploit these two-year-old vulnerabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Malicious actors are exploiting these two-year-old remote code execution vulnerabilities in Oracle WebLogic Server to deploy Kinsing malware. …
UNC4034 slips in a backdoor with trojanized PuTTY
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary UNC4034, a North Korean threat actor, uses a fake job posting to trick victims into downloading a trojanized version of PuTTY. When the malicious PuTTY binary is executed on the host, …
Zero-day vulnerability uncovered in Trend Micro Apex One
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability, along with several other issues, has been addressed by Trend Micro. It has been identified as CVE-2022- 40139 and could allow attackers to execute remote code. …
SparklingGoblin Revamps SideWalk Backdoor for Linux Variant
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SparklingGoblin aka Earth Baku State-backed Chinese hackers has integrated a Linux variant of the SideWalk backdoor. SparklingGoblin Threat actors typically target East and Southeast Asian countries, with a special emphasis on …
Unknown Iranian attackers leverage vulnerabilities to conduct ransom operations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Iranian government-sponsored actors carry out malicious cyber activities against a wide range of people and entities in the United States, Australia, Canada, and the United Kingdom by using known vulnerabilities …