Korean Word Processor Scam Alert Orcus RAT Lurking in Cracked Versions
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Orcus RAT, formerly known as Schnorchel, first appeared in April 2016 and allows for remote control of infected systems. Intruders are attempting to deploy a variant of Orcus RAT along with …
New BOLDMOVE Backdoor uses FortiOS vulnerability for initial access
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A suspected China-nexus campaign has exploited a vulnerability in Fortinet’s FortiOS SSL-VPN, known as CVE-2022-42475. The exploitation was believed to have occurred as early as October 2022 and the targets include …
APT15 enhanced its arsenal with an updated variant of the Turian backdoor
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT15 has modified its toolkit to include new variants of the Turian backdoor, as well as new command and control infrastructure. The malware contains VMProtect, which obfuscates all API calls within …
Kasablanka Group Launches Phishing Campaigns Targeting Russian Government Entities
Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary The GitLab CE and EE have two security issues in Git. One of them is CVE-2022-41903, which is an integer overflow in the ‘git-log’ and ‘git-archive’ commands that can result in …
GitLab releases new CE and EE versions to address integer overflow vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The GitLab CE and EE have two security issues in Git. One of them is CVE-2022-41903, which is an integer overflow in the ‘git-log’ and ‘git-archive’ commands that can result in …
Middle East targeted by Earth Bogle using NjRAT malware
Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary Earth Bogle’s active campaign hosts malware on public cloud storage sites like files.fm and failiem.lv. Compromised web servers also distribute NjRAT, also known as Bladabindi, a remote access trojan (RAT) malware …
NetSupport RAT employs phishing campaigns that incorporate Pokemon lures
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary NetSupport Manager is a remote control tool that can be used by ordinary or corporate users to remotely control systems, but it is being abused by threat actors as it allows …
Google Chrome Vulnerability Exposes Data of 2.5 Billion Users
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in Google Chrome could affect over 2.5 billion users. An attacker can exploit this vulnerability for the theft of sensitive files, such as crypto wallets and cloud provider credentials. …
Rhadamanthys: A New Evasive Information Stealer
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Rhadamanthys Evasive Infostealer is spread through phishing emails and prevalent Google ads that lead to fake download pages for popular workforce software. …
A Critical Vulnerability That Affects ManageEngine Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical vulnerability in several ManageEngine products allows for remote code execution (RCE) without authentication. This vulnerability is tracked as CVE-2022-47966 and is caused by an outdated third-party dependency, Apache Santuario. …