JanelaRAT Strikes at Latin American Financial Sector
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary JanelaRAT, a financial malware, is directed toward users in Latin America (LATAM) with the ability to seize sensitive data. This malicious software primarily focuses on gathering financial and cryptocurrency information from …
Monti Ransomware’s New Linux Variant Enhanced Encryption
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Monti ransomware, resembling Conti, resurfaces after a break, targeting legal and government sectors. A new Linux variant diverges significantly, using distinct tactics for encryption and virtual machine termination. Organizations must enhance …
Unveiling The TunnelCrack VPN Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The Tunnelcrack vulnerabilities are a set of four vulnerabilities that affect most VPN products. The vulnerabilities affect the way that VPNs handle certain ciphers, which are algorithms used to encrypt traffic. …
LummaC Stealer Enlists Amadey Bot to Unleash SectopRAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fresh approach to spreading SectopRAT has surfaced. This method involves distributing the SectopRAT payload by utilizing the Amadey bot, which is sourced from the LummaC stealer. To receive real-time threat …
DroxiDat Targets Southern African Power Utility
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a targeted operation, an unidentified actor strategically deployed the advanced DroxiDat proxy-capable backdoor alongside Cobalt Strike beacons. The operation was aimed at a critical power utility within the infrastructure of …
Gafgyt Botnet Exploiting Five Years Old Critical Vulnerability in Zyxel Routers
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical vulnerability (CVE-2017-18368) in the Zyxel P660HN-T1A router allows the Gafgyt botnet to execute unauthorized commands, potentially leading to a complete takeover of affected devices. This exploitation enables the botnet …
Knocking the Surface of Rhysida Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Rhysida ransomware campaign is rapidly gaining notoriety, driven by a series of successful infiltrations into various sectors. Employing an array of dissemination techniques such as Cobalt Strike, phishing campaigns, and …
LOLKEK Ransomware Evolving New Tactics to Evade Detection
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LOLKEK ransomware is still being actively developed and uses new tactics to evade detection, including obfuscation, legitimate tools, and network shares. It encrypts all drives, including network shares, and demands 0.1 …
Microsoft’s August Patch Tuesday Addresses Active Zero-Day Exploits
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the August Patch Tuesday release, Microsoft addressed a total of 73 CVEs, encompassing six critical and 67 important vulnerabilities. Within this range of vulnerabilities, the security update covered the typical …
Reptile Rootkit Targets Linux Systems in South Korea
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Reptile, an open-source Linux rootkit, goes beyond concealment, offering attackers a reverse shell and utilizing Port Knocking for control; observed in attacks including Chinese groups exploiting zero-days. Similarities to Mélofée malware …