Who is behind the Cisco attack?
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Cisco has revealed that they have faced a breach carried out by threat actors, the UNC2447, the Lapsus$, and the Yanluowang ransomware gang. They stole around 2.8 GB of data, which included …
Zero-day vulnerability leveraged to deploy Cuba Ransomware
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The threat actors behind the Cuba ransomware have stepped up their game by using a new Remote Access Trojan called ROMCOM and weaponizing a local privilege escalation vulnerability(CVE-2022-24521). A wide range of …
Microsoft tackles DogWalk zero-day vulnerability and multiple privilege escalation vulnerabilities
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Microsoft Patch Tuesday addresses CVE-2022-34713, also known as DogWalk, as well as numerous issues affecting Microsoft Exchange Server, Microsoft Windows Support Diagnostic Tool (MSDT), Windows Print Spooler Components, and Windows Secure Boot, …
Industrial Spy trades stolen data on dark web Marketplace
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Since March 2022, Industrial Spy ransomware, a new menace in the threat environment, has been stealing and selling data on the dark web marketplace and conducting double extortion attacks, combining data theft …
Iranian threat actor targets the Albanian government using ROADSWEEP ransomware
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary A cyberattack that took place in mid-July momentarily disrupted various Albanian government services and websites and was most likely the work of Iranian hackers. The attack used a new ransomware family called …
Vulnerabilities & Threats that Matter 01 – 07th Aug
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 461 12 1 60 30 26 For a detailed threat digest, download the pdf file here Summary The first week of August 2022 witnessed the discovery of 461 vulnerabilities out of which 12 …
Woody RAT leverages Follina to target Russia
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The unknown threat actor employs the Woody RAT to spear-phish Russian organizations. The malware was distributed via archive files and later switched to Microsoft Office documents leveraging the now-patched CVE-2022-30190 vulnerability. …
Manjusaka – Cybercriminal’s new attack framework weapon
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Manjusaka is a new attack framework that mimics Cobalt Strike and Sliver. The new malware family implants are written in the Rust programming language and are compatible with Windows and Linux. The …
VMware products impacted by an authentication bypass vulnerability and other flaws
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary VMware has addressed multiple vulnerabilities, including an authentication bypass (CVE-2022-31656), remote code execution (CVE-2022-31658, CVE-2022-31659, and CVE-2022-31665), and many more flaws. …
LockBit 3.0 makes a comeback by exploiting Log4j
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary LockBit 3.0 (LockBit Black), a new variant of LockBit Ransomware, is deploying Cobalt Strike beacons on compromised systems by exploiting the Windows Defender command line tool and Log4j in VMware Horizon. …