Authentication Bypass Vulnerability in Zyxel Firmware
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A severe vulnerability (CVE-2022-0342) has been discovered in the firmware of some of Zyxel’s business-grade firewall and VPN products, potentially allowing attackers administrator-level access to affected devices. This vulnerability affects the USG/ZyWALL, USG FLEX, …
Actively exploited vulnerability affects Trend Micro Apex Central
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here Trend Micro Apex Central (on-premise and as a Service) has a zero-day vulnerability. This arbitrary file upload vulnerability if successfully exploited, could allow an unauthenticated remote attacker to upload any file, resulting in remote …
Two Vulnerabilities affecting Apple macOS exploited-in-the-wild
THREAT LEVEL: Red For a detailed advisory, download the pdf file here Two zero-day vulnerabilities were discovered in macOS Monterey versions prior to 12.3.1. These new issues bring the total number of zero-day vulnerabilities discovered in the Apple ecosystem to four. CVE-2022-22674 is an out-of-bounds read …
New PlugX variant “Talisman” used by famous Chinese APT
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here PlugX is a well-known malware family with samples dating back to as early as 2008. A Chinese state-backed threat actor, RedFoxtrot group, is discovered to use a new variant of the PlugX malware, Talisman. …
Sophos Firewall RCE vulnerability actively exploited
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A security researcher has discovered an authentication bypass vulnerability that resides in the User Portal and Webadmin areas of Sophos Firewall. Attackers are actively exploiting this vulnerability to attack enterprises in South Asia. The vulnerability, …
DOS Vulnerability discovered in SonicWall Next-Generation Firewall
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here SonicWall, a manufacturer of security hardware discovered a flaw in their SonicOS security operating system that allows denial of service (DoS) attacks and could lead to remote code execution (RCE). The identified vulnerability (CVE-2022-22274) …
Prolific threat actor TA551 using new malware IcedID
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here TA551 is a financially motivated threat group that has been active at least since 2018. The gang primarily targeted English, German, Italian, and Japanese speakers through email-based malware distribution activities. IcedID, a modular banking …
Muhstik botnet adds another vulnerability exploit to its arsenal
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Muhstik malware has begun attacking Redis Servers by exploiting a recently reported vulnerability, CVE-2022-0543. This flaw can be found in several Redis Debian packages. The attack began on March 11, 2022, and was carried …
North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability (CVE-2022-0609) in Google Chrome’s web browser. The attack mainly …
Microsoft’s privilege escalation vulnerability that refuses to go away
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here After seven months, a vulnerability that was addressed in August 2021 patch Tuesday remained unpatched. This locally exploited vulnerability is tracked as CVE-2021-34484 and affects the Windows User Profile Service. While Proof-of-concept is been …