Citrix Netscaler ADC and Gateway Vulnerabilities Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Citrix has released a zero-day critical patch for a remote code execution vulnerability in Netscaler ADC and Netscaler Gateway that has been exploited, along with two other vulnerabilities. Urgent updates are …
FIN8 Strikes with Noberus Ransomware via Altered Sardonic Backdoor
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The financially motivated threat actor FIN8 has been detected employing a revised variant of the backdoor known as Sardonic to deliver the Noberus ransomware. To receive real-time threat advisories, please follow …
Hackers Target WooCommerce Payments Plugin to Hijack Websites
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Cybercriminals are orchestrating a widespread campaign to exploit a pivotal WooCommerce Payments plugin, thereby acquiring the privileges of various users, including those with administrator status, on susceptible WordPress installations. To receive …
Active Exploitation of Adobe ColdFusion Critical Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Hackers are actively exploiting vulnerabilities in Adobe ColdFusion, specifically CVE-2023-29298 and CVE-2023-38203. These vulnerabilities allow attackers to bypass authentication, execute remote code, and gain unauthorized access to vulnerable servers. To receive …
LokiBot Data Exfiltrating Trojan Targets Windows Systems
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LokiBot, an infamous data-exfiltrating Trojan, has maintained a prominent presence since 2015. This pernicious malware predominantly sets its sights on Windows systems, diligently striving to acquire confidential data from compromised machines. …
CustomerLoader Disseminating Diverse Malware Payloads
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A covert .NET loader, known as CustomerLoader, was specifically designed to facilitate the retrieval, deciphering, and activation of subsequent payloads. Throughout the early days of June 2023, various malicious entities actively …
TA445 Targeting Government and Military Sectors in Ukraine and Poland
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TA455 conducts ongoing campaigns targeting government entities, military organizations, and civilians in Ukraine and Poland to steal information and establish remote access, using multi-stage infection chains and payloads like AgentTesla RAT, …
Storm-0978 actively exploited the Office zero-day
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0978 is a Russian cybercriminal group that specializes in executing sophisticated phishing campaigns. Storm-0978 was found to be engaged in a new wave of attacks, leveraging the Zero-day flaw (CVE-2023-36884) to distribute the RomCom backdoor. To receive …
New Python-Based Fileless Malware Named ‘PyLoose’ Targeting Cloud Environments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new fileless attack called PyLoose targets cloud workloads by loading an XMRig Miner directly into memory using Python code and the memfd technique. This evasive attack highlights the need for …
Microsoft’s July 2023 Patch Tuesday Addresses 5 Zero-day Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft’s July 2023 Patch Tuesday includes security updates for 130 flaws, including five actively exploited zero-day vulnerabilities, nine are rated as ‘Critical’, and 37 remote code execution vulnerabilities. One of the …