Active exploitation of the Fortinet pre-auth RCE vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has addressed a critical security flaw in its FortiOS SSL-VPN product, which is being actively exploited in the wild. The heap-based buffer overflow bug in FortiOS sslvpnd is listed as …
Truebot exploits vulnerability in Netwrix to deploy Clop Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In 2017, Truebot was discovered to be linked to the Silence group and has affected more than 1,500 systems worldwide with shellcode, Cobalt Strike beacons, Grace malware, the Teleport tool, and …
Iran-based Agrius deploys Fantasy wiper to attack IT firms in Israel
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Iran-based Agrius group has targeted Israel and the United Arab Emirates since 2020. In the beginning, the group deployed a wiper called Apostle, disguised as ransomware, which was later modified into …
Internet Explorer Zero-Day Vulnerability Exploited by APT 37
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary North Korean hackers identified as APT37 exploited a previously unknown Internet Explorer zero-day vulnerability to infect South Koreans, North Korean defectors, policymakers, journalists, and human rights activists. The vulnerability is discovered …
Fortinet addresses Authentication Bypass in addition to numerous flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet addressed security flaws across its products, including a high-severity authentication bypass affecting FortiOS and FortiProxy tracking CVE-2022-35843 in FortiOS’s SSH login component. Only when Radius authentication is utilized can the …
New Botnet named Zerobot Exploiting Multiple Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new botnet named ‘Zerobot’ has two variants, both are written in Go programming language, the first variant discovered on 18 Nov 2022, and within a short time on 24 Nov …
US Defense & NGOs fall prey to Russian hackers
Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary Russian state-sponsored group Calisto is linked to spoofing Microsoft login pages of Global Ordnance, a legitimate U.S. military weapons and hardware supplier. According to some, the themed domains are likely an …
BlackMagic Ransomware disrupts the Israeli logistics sector
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The latest ransomware entity, known as “BlackMagic” has emerged. This gang targets its victims using a double extortion approach in which it initially exfiltrates the victim’s data, followed by encryption, and …
Linux flaws could be chained together to achieve root access
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two vulnerabilities (CVE-2022-41974 and CVE-2022-41973) can either be exploited individually or in combination to lead to local privilege escalation, the first potentially causing a symlink attack and the second causing an …
BackdoorDiplomacy targets the telecom industry in the Middle East
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary BackdoorDiplomacy, an advanced persistent threat (APT) gang with roots in China, is most likely behind a hostile campaign targeting the Middle East. The espionage action, aimed at a Middle Eastern telecom …