RangnarLocker Ransomware hits Critical Infrastructure Compromising 50+ Organizations
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Federal Bureau of Investigation (FBI) has released an alert on Ragnarlocker campaign that has affected nearly 52 organizations encompassing 10 critical infrastructure sectors, including entities in significant manufacturing, energy, financial services, government, and …
Multiple security vulnerabilities in Adobe After Effects and Illustrator
THREAT LEVEL: Green. For a detailed advisory, download the pdf file here Adobe addressed 5 security flaws in Illustrator and After Effects. According to Adobe, none of the vulnerabilities have been exploited so far. Successful exploitation of any of the five vulnerabilities listed below could allow …
Chinese state-sponsored threat group APT41 targets U.S. critical organizations using two Zero-Days
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A China state-sponsored threat group known as APT41 is observed compromising at least six U.S. state governments networks in a threat campaign beginning from May 2021. APT41 is a well-known Chinese state-sponsored espionage outfit …
Microsoft addressed three zero-day vulnerabilities March 2022 Patch Tuesday Update
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 71 the following vulnerabilities in their March 2022 Patch Tuesday Update. This advisory briefs about six vulnerabilities out of which three of them have been rated critical in severity and three of …
Weekly Threat Digest: 28 February – 6 March 2022
For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Targeted Countries Targeted Industries ATT&CK TTPs 381 19 3 5 22 The first week of March 2022 witnessed the discovery of 381 vulnerabilities out of which 19 garnered the attention of security …
Dirty Pipe: A privilege escalation vulnerability in Linux Kernel
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A vulnerability in the Linux kernel existed since version 5.8 and allows overwriting data in arbitrary read-only files. Because unprivileged processes can inject code into root processes, this results in privilege escalation. It has …
Two actively exploited Zero-Day vulnerabilities discovered in Mozilla Firefox
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Two critical zero-day vulnerabilities have been identified in Mozilla Firefox that are being exploited in-the-wild and tracked as CVE-2022-26485 and CVE-2022-26485. Both are use-after-free bugs that exist in XSLT parameter processing and the WebGPU …
Linux Distributions affected by a privilege escalation vulnerability
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here A new privilege escalation vulnerability has been reported that affects all the major releases of the Linux kernel and being tracked as CVE-2022-0492. The issue primarily affects the Linux kernel feature known as control …
Thousands of GitLab instances impacted by multiple security flaws
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Multiple security vulnerabilities have been discovered by researchers in GitLab, an open-source DevOps software. Some of these flaws could allow an unauthenticated remote attacker to retrieve all information linked to GitLab users and further …