New Vulnerability Found in the JsonWebToken Open-Source Project
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new high-severity vulnerability named CVE-2022-23529 has been discovered in the popular JsonWebToken open-source package. This vulnerability allows attackers to execute remote code on servers that verify a maliciously crafted JSON …
Southeast Asian APT Group Saaiwc Targets Military and Financial Departments with PowerDism Backdoor
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Saaiwc Group (APT-LY-1005) is a newly identified APT group that is thought to operate in Southeast Asia. The group’s main tactic is to use an ISO file as a malicious payload, …
Turla APT used ANDROMEDA malware to infiltrate a variety of industries
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Turla Group is reportedly distributing the KOPILUWAK reconnaissance software and the QUIETCANARY backdoor to victims of ANDROMEDA malware in Ukraine. ANDROMEDA malware, spread through infected USB drives. KOPILUWAK is a …
Information Stealer LummaC2 Targets Browsers and Crypto Wallets
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LummaC2 Stealer is an information stealer that targets Chromium and Mozilla-based browsers. It is designed to steal sensitive information from a victim’s machine, including crypto wallets, extensions, and two-factor authentication (2FA). …
The Dangers of macOS Ransomware A Closer Look at KeRanger, FileCoder, MacRansom, and EvilQuest
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MacOS ransomware typically spreads through user-assisted methods such as downloading and running fake or trojanized applications. It can also arrive as a second-stage payload dropped or downloaded by other malware or …
Bluebottle Group Continues Attacks on Banks in Francophone Africa
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Bluebottle is a cybercrime group that has been targeting banks in French-speaking countries in Africa. The group uses a variety of tactics, including living off the land, dual-use tools, and commodity …
Blind Eagle Hackers resurfaced with a formidable infection chain
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Blind Eagle is a financially motivated threat group that has been targeting individuals in numerous South American countries since at least 2018. A novel infection chain involving a more complex toolkit …
Zoho Addresses SQL Injection Vulnerability in ManageEngine Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A security flaw affecting multiple ManageEngine products identified as CVE-2022-47523 is an SQL injection vulnerability found in the ZOHO’s Password Manager Pro Secure Vault, PAM360 Privileged Access Management Software, and Access …
Linux Malware Using SHC Compiler Installs CoinMiner and DDoS Bots
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new strain of Linux malware, developed using the Shc compiler, has been found to install a CoinMiner on infected systems. It is believed that this malware is being spread through …
Threat Actors Using WerFault.exe to Deploy Pupy RAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Pupy RAT malware is using a technique called DLL side-loading to disguise itself as the legitimate WerFault.exe process in order to evade detection. The malware is delivered via an ISO …