MuddyWater targets Israeli organizations by exploiting unpatched log4j vulnerabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MuddyWater, an Iranian threat actor, exploits Log4j two vulnerabilities in SysAid applications to target Israeli organizations. As soon as the attacker gains access to the targeted organization, it establishes persistence, dumps …
Kimsuky targets South Korean entities with phishing campaign
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary As of 2010, Kimsuky has targeted the governments, think tanks, media, and education entities of the United States and South Korea. Early in 2022, a new attack cluster GoldDragon was observed …
Healthcare industry tore down by Karakurt ransomware group
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Karakurt ransomware group is a recent addition to the list of cybercriminal gangs, with reports of its first appearance in late 2021. Since June 2022, the recent attacks have had …
DarkTortilla crypter is set to become a formidable threat
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DarkTortilla is a sophisticated and highly configurable .NET-based crypter that has been active since at least August 2015. The malware is popular for the deployment of remote access trojans (RATs), targeted …
Iranian APT’s new data extraction tool Hyperscrape
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Charming Kitten, an Iranian government-backed threat group, has been employing a new data extraction tool, HYPERSCAPE. It has been used to retrieve data from Microsoft Outlook, Yahoo, and Gmail accounts. The …
Input validation flaw in GitLab’s Community and Enterprise Software
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A remote code execution vulnerability that affects GitLab Community Edition (CE) and Enterprise Edition (EE) has been identified as CVE-2022-2884. It can be exploited using the GitHub import API, However it requires …
Grandoreiro Banking Trojan Attacks Industries in Spanish-Speaking Countries
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Grandoreiro banking trojan is a campaign that has been active since at least 2016 and targets a variety of businesses in Mexico and Spain, including automotive, chemical production, and others. Threat actors’ …
Denial of service vulnerability in PAN OS exploited in the wild
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The URL filtering policy misconfiguration in PAN-OS leads to a vulnerability that could allow an unauthenticated remote attacker to conduct distributed denial-of-service(DDoS) attacks. This vulnerability has been tracked as CVE-2022-0028. …
Multiple industries targeted by uptick of BianLian ransomware
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Attackers are gravitating to deliver BianLian, a new ransomware strain written in Go that was spotted mid-way through July 2022. Numerous well-known enterprises have been targeted, including those in manufacturing, education, healthcare, …