OldGremlin, a threat actor targeting Russian organizations with phishing emails since 2020
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here After almost a year, OldGremlin made a comeback in March 2022 by resuming their malicious email campaigns against two Russian organizations. Over the last two years, OldGremlin has carried out 13 malicious email campaigns …
Old Zimbra vulnerability used to target Ukrainian Government Organizations
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here The Ukrainian Computer Emergency Response Team (CERT-UA) has issued an alert about a campaign targeting Ukrainian government entities that involve an exploit for an XSS vulnerability in Zimbra Collaboration Suite. The attackers have been …
Two actively exploited vulnerabilities affect multiple VMware products
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Multiple vulnerabilities have been discovered in VMware products. Two of these have been exploited in the wild. The first zero-day vulnerability, CVE-2022-22954, is a server-side template injection flaw. An attacker could exploit this bug …
Google Chrome issues an emergency update to address the third zero-day of year 2022
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A zero-day vulnerability has been discovered in Google Chrome versions prior to 100.0.4896.127. A type of confusion vulnerability tracked as CVE-2022-1364, is said to be exploited in the wild. This vulnerability affects the V8 …
Microsoft Patch Tuesday April 2022 addressed two zero-day vulnerabilities
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 128 vulnerabilities in there April patch Tuesday update. Two of them have been categorized as zero-day vulnerabilities. One of the two zero-days is exploited-in-the-wild as well. The vulnerability, CVE-2022-24521, has been exploited …
Attacks on European Union and Ukrainian government entities carried out by the Armageddon group
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert warning of an ongoing spear-phishing attempt aimed at delivering an email with a malware attachment to Ukrainian government institutions and European state …
APT 10, a state-sponsored Chinese threat group, conducting a global cyber espionage operation
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A Chinese state-sponsored advanced persistent threat APT 10 group has been attacking government, legal, religious entities and non-governmental organizations (NGOs) around the world in what appears to be an espionage campaign that has been …
RCE Spring Framework Zero-Day vulnerability “Spring4Shell”
THREAT LEVEL: Red For a detailed advisory, download the pdf file here A zero-day vulnerability has been discovered in the Spring framework, a Java framework that provides infrastructure support for web application development. This vulnerability came to light after a Chinese researcher made a GitHub commit …
Sandworm Team using a new modular malware Cyclops Blink
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The National Cyber Security Centre (NCSC) in the United Kingdom, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have discovered that the Sandworm …
Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon
THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in …