Sandworm Team using a new modular malware Cyclops Blink
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The National Cyber Security Centre (NCSC) in the United Kingdom, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have discovered that the Sandworm …
Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon
THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in …
Weekly Threat Digest: 28 March – 3 April 2022
For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 500 7 3 27 16 46 The fourth week of March 2022 witnessed the discovery of 500 vulnerabilities out of which 7 gained …
Authentication Bypass Vulnerability in Zyxel Firmware
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A severe vulnerability (CVE-2022-0342) has been discovered in the firmware of some of Zyxel’s business-grade firewall and VPN products, potentially allowing attackers administrator-level access to affected devices. This vulnerability affects the USG/ZyWALL, USG FLEX, …
Actively exploited vulnerability affects Trend Micro Apex Central
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here Trend Micro Apex Central (on-premise and as a Service) has a zero-day vulnerability. This arbitrary file upload vulnerability if successfully exploited, could allow an unauthenticated remote attacker to upload any file, resulting in remote …
Two Vulnerabilities affecting Apple macOS exploited-in-the-wild
THREAT LEVEL: Red For a detailed advisory, download the pdf file here Two zero-day vulnerabilities were discovered in macOS Monterey versions prior to 12.3.1. These new issues bring the total number of zero-day vulnerabilities discovered in the Apple ecosystem to four. CVE-2022-22674 is an out-of-bounds read …
New PlugX variant “Talisman” used by famous Chinese APT
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here PlugX is a well-known malware family with samples dating back to as early as 2008. A Chinese state-backed threat actor, RedFoxtrot group, is discovered to use a new variant of the PlugX malware, Talisman. …
Sophos Firewall RCE vulnerability actively exploited
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A security researcher has discovered an authentication bypass vulnerability that resides in the User Portal and Webadmin areas of Sophos Firewall. Attackers are actively exploiting this vulnerability to attack enterprises in South Asia. The vulnerability, …
DOS Vulnerability discovered in SonicWall Next-Generation Firewall
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here SonicWall, a manufacturer of security hardware discovered a flaw in their SonicOS security operating system that allows denial of service (DoS) attacks and could lead to remote code execution (RCE). The identified vulnerability (CVE-2022-22274) …