Threat actors buy new BlueFox Stealer to exfiltrate data
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Russian-speaking user named distamx has been selling BlueFox Stealer as malware-as-a-service since December 2021. A subscription to the customizable malware costs $350 per month on underground forums. BlueFox Stealer attacks …
Exploitation of Follina leads to takeover of domain controller
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The recent incident is related to TA570, wherein the attackers exploited the Follina vulnerability (CVE-2022-30190) to compromise the Domain Controller and eventually gain access to confidential files. …
APT10 distributes LODEINFO malware to deploy infection chains
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The APT 10 cyber espionage gang has been spotted adopting a new stealthy infection chain to deploy the LODEINFO backdoor shellcode to exfiltrate sensitive information to Command and Control (C2). …
Patch available for pre-announced Critical Vulnerability in OpenSSL
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary OpenSSL has released the Patch for the pre-announced critical vulnerability. In the announcement the severity of the vulnerability was Critical based on the fact that it can lead to RCE but …
Privilege Escalation in VMware spring-security
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in VMware’s Spring Security affects the mapping of permitted scope in spring-security-oauth2-client, allowing privilege escalation. …
Google Chrome’s seventh zero-day of 2022
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability has been discovered in Google Chrome versions prior to 107.0.5304.87. A type of confusion vulnerability tracked as CVE-2022-3723 is the seventh zero day of 2022 and is said …
LV Ransomware Exploited ProxyShell to target Jordan
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LV ransomware as a service has been active since late 2020 The most recent infiltration entailed the compromise of the corporate environment of a Jordan based entity, leveraging the double extortion …
What can you do about the critical vulnerability in OpenSSL 3.0
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary OpenSSL has a critical vulnerability that affects all the versions from 3.0 to 3.0.6. Due to the criticality of the vulnerability, OpenSSL has pre-announced the security update for security teams to …
Threat Actors launch a campaign to exploit vulnerability in Fortinet
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Tailgate campaign is currently being carried out by the threat actors Hafnium and OilRig. The goal of this campaign is to exploit vulnerabilities in Fortinet. Recently discovered vulnerability CVE-2022-40684, which has …
VMware Cloud Foundation has a significant RCE flaw
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A Remote Code Execution (RCE) vulnerability through the XStream open-source library tagged as CVE-2021-39144 in the VMware Cloud Foundation, which is a hybrid cloud platform for hosting enterprise workloads in private …