LAPSUS$ – New extortion group involved in the breach against Nvidia, Microsoft, Okta and Samsung
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Lapsus$ (DEV-0537) is an extortion threat group that first appeared on December 10, 2021, and has since breached the Brazilian Ministry of Health, NVIDIA, Samsung, Vodafone, Ubisoft, Octa, and Microsoft. Unlike other extortionist groups, …
Magic Hound Exploiting Old Microsoft Exchange ProxyShell Vulnerabilities
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here APT35 aka Magic Hound, an Iranian-backed threat group, has begun using Microsoft Exchange ProxyShell vulnerabilities as an initial attack vector and to execute code through multiple web shells. The group has primarily targeted organizations in the …
AvosLocker Ransomware group has targeted 50+ Organizations Worldwide
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency released threat advisories on AvosLocker Ransomware. It is a Ransomware as a Service (RaaS) affiliate-based group that has targeted 50+ organizations in critical infrastructure sectors …
Berkeley Internet Name Domain (BIND) affected by multiple vulnerabilities
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here The Internet Systems Consortium (ISC) has published security upgrades to address several vulnerabilities in the widely used Berkeley Internet Name Domain (BIND) server software. An attacker could take advantage of some of these vulnerabilities …
Environment Variables Leak affect Multiple browsers
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A system environment variables leak security bug was found in Chromium 92 version. Multiple web browsers are based on the chromium engine, such as Google Chrome, Microsoft Edge, Opera, and Brave. Most of them …
Major Content Management Systems affected by Multiple vulnerabilities
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Several flaws in well-known content management systems WordPress and Drupal have been uncovered. A content management system, or CMS, is software that allows users to create, manage, and edit website content without requiring specialist …
New Threat Actor Exotic Lily acting as Initial Access Broker for Conti and Diavol ransomware group
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Exotic Lily was first discovered exploiting a zero-day vulnerability in Microsoft MSHTML (CVE-2021-40444), which piqued the curiosity of researchers as a potentially sophisticated threat actor. Following additional analysis, it was revealed that the group …
Russian threat actors leveraging misconfigured multifactor authentication to exploit PrintNightmare vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an alert for enterprises that Russian state-sponsored cyber attackers have obtained network access by exploiting default MFA protocols …