Multiple Iranian actors have launched attacks against the Albanian government
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Threat actors acting on behalf of the Iranian government launched a devastating attack that knocked the Albanian government’s websites and public services down. Each stage of the attack was carried out …
Monti ransomware infiltrates networks via the well-known Log4Shell
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Monti ransomware infiltrated the client’s internet-facing VMware Horizon virtualization system by exploiting the well-known “Log4Shell” vulnerability, a.k.a. CVE-2021-44228. Furthermore, the threat actor employed a commercial, cloud-based remote monitoring and maintenance …
Microsoft busts an actively exploited zero-day and several critical flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft addressed a zero-day vulnerability identified as CVE-2022-37969, an Elevation of Privilege vulnerability, in addition to a broad array of other significant flaws that might lead to Remote Code Execution, Information …
Zero-day Vulnerability in the WordPress BackupBuddy Plugin
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in the BackupBuddy WordPress plugin is being actively exploited. There are an estimated 140,000 active installations of the plugin, and the arbitrary file download/read vulnerability is identified under …
Two Zero-day vulnerabilities in macOS BigSur
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple addresses ten vulnerabilities, two of which are actively exploited. The vulnerabilities have been assigned CVE-2022-32917 and CVE-2022-32894 and could allow an attacker to execute arbitrary code …
Dangerous Savanna campaign attacked African financial institutions
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary For the past two years, a malicious campaign known as DangerousSavanna has been targeting various financial service firms in Africa. The attackers use spear-phishing to infiltrate financial institution employees in at …
Is APT 42 a significant threat in the future?
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT42 is an Iranian state-sponsored cyber espionage group. The gang, which has been operating since at least 2015, is distinguished by its highly targeted spear phishing and surveillance operations targeting individuals …
Lazarus deploys new attack tool, MagicRAT to target organizations worldwide
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Lazarus, a North Korean threat actor, compromises vulnerable VMware Horizon servers and deploys MagicRAT, a new remote access tool developed by the attackers. MagicRAT creates scheduled tasks on compromised systems to …
Worok cyber-espionage gang preys on high-profile Asian businesses and governments
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Worok, a newly uncovered cyber-espionage gang, has been targeting governments and high-profile companies in Asia since at least 2020 using a combination of unique and existing harmful tools. This group of …