New Yashma Ransomware Variant Mimics WannaCry in New Attack
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Vietnamese-origin threat actor employs a Yashma ransomware variant since June 2023, using unique GitHub-based ransom note delivery and mimicking WannaCry. This operation demonstrates the accelerated diversification of ransomware attacks due …
TargetCompany Ransomware’s FUD Obfuscation Maneuvers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The TargetCompany ransomware employs a combination of its proprietary variant and the BatCloak obfuscator engine, acclaimed for its full undetectability (FUD) capabilities. Accompanying this fusion is the Remcos RAT, which operates …
STRRAT a Java-Powered Versatile Remote Access Trojan
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary STRRAT, a Java-based RAT, excels in utilizing a wide array of capabilities. Its latest version, STRRAT 1.6, is notable for employing diverse infection paths and conducting startup host queries to understand …
2022 Most Consistently Exploited Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary This advisory presents comprehensive information regarding the CVEs consistently and frequently targeted by malicious cyber adversaries throughout the year 2022 across multiple vendors, encompassing Fortinet, Microsoft, Zoho ManageEngine, Atlassian, Apache, VMware, …
New Rilide Stealer Version Evades Chrome Manifest V3 Protections
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new version of the Rilide Stealer malware, evading Chrome’s security measures to target Chromium-based browsers in campaigns that exploit user trust through fake plugins and games, posing a significant threat …
New APT 29 Campaign Targets Organizations through Microsoft Teams
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT 29, a Russia-based threat actor, employs targeted social engineering via Microsoft Teams to steal credentials, leveraging compromised domains and convincing users to enter authentication codes, furthering their espionage objectives. To …
STARK#MULE Targets South Korea with US Military-themed Baits
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The STARK#MULE cyber attack campaign is ongoing, with a focus on targeting Korean-speaking individuals. It employs U.S. Military-themed document baits to deceive its targets, leading them into unwittingly running malware, thus …
Ivanti Addressed Second Zero-Day Flaw Exploited by Attackers
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability (CVE-2023-35081) in Ivanti EPMM enables admin-authenticated attackers to write arbitrary files, risking unauthorized access, OS command execution, and malicious web shell deployment. Urgent patching is crucial to prevent …
Zimbra Fixes A Zero-Day Vulnerability Exploited in Attacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The vulnerability (CVE-2023-37580) in Zimbra Collaboration Suite (ZCS) version 8.8.15 is a Cross-Site Scripting (XSS) flaw in the Zimbra Classic Web Client interface. Its impact is severe as it can compromise …
Unmasking Decoy Dog Malware Toolkit Hiding in DNS Traffic
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Decoy Dog, a sophisticated malware toolkit uses DNS for C2 communication, evading detection with its wildcard-type behavior and encryption methods. Its origin remains mysterious, and the malware’s capabilities surpass traditional RATs …