Microsoft releases updates for exploited zero-day and other vulnerabilities resulting in RCE
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Microsoft patch Tuesday addressed security updates for a Zero-day vulnerability that affects the entire operating system. The update includes bug fixes for Azure Site Recovery, Microsoft Edge (Chromium-based), Microsoft Office, Windows Print …
HavanaCrypt ransomware spreads through fake google updates
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary HavanaCrypt is a new ransomware that distinguishes itself as a Google software update. It evades detection using a Microsoft web hosting service IP address as the command and control (C&C) server. …
Several bugs in Node.js lead to Remote Code Execution
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Node.js has released several fixes for vulnerabilities in the JavaScript runtime environment, which could lead to arbitrary code execution, HTTP request smuggling, DNS rebinding vulnerability and other bugs …
BlackCat Ransomware group implements quadruple extortion
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary The BlackCat ransomware group performs quadruple extortion techniques to pressurize victims in order to pay ransom. Recently, the ransomware group has raised its stakes up to $2.5M in demands. …
OpenSSL Vulnerability leads to Remote Code Execution
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Heap Memory Corruption vulnerability in OpenSSL let attackers perform Remote Code Execution. …
Zero-day vulnerability in Chrome browser being exploited-in-the-wild
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The heap buffer overflow vulnerability in chrome browser let attackers to run arbitrary code or cause denial-of-service condition …
Vulnerabilities & Threats that Matter 27 June – 03 July 2022
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 436 2 2 55 15 30 For a detailed threat digest, download the pdf file here Summary The last week of June 2022 witnessed the discovery of 436 vulnerabilities out of which 2 …
MedusaLocker Ransomware is back targeting organizations in US
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Since 2019, a ransomware-as-a-service (RaaS) known as MedusaLocker has been seen to target organizations, mostly in the healthcare sector by exploiting Remote Desktop Protocol (RDP) vulnerabilities. …
Vulnerability in the UnRaR leads to code execution in Zimbra
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Unrar has a path traversal vulnerability that allows an unauthenticated attacker to execute arbitrary commands as a Zimbra user and escalate privileges. …
FabricScape lets attackers takeover Linux containers
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary FabricScape, a container escape vulnerability in Microsoft Service Fabric could allow an attacker to escalate privileges and compromise the cluster. …