Stranger Strings: A 22-year-old vulnerability in SQLite
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in the SQLite library API has been assigned CVE-2022-35737, which could allow an attacker to crash or control programs. …
Lazarus neutralizes antivirus software using BYOVD technique
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Lazarus group exploits known vulnerabilities within Dream Security’s MagicLine4NX and INITECH INISAFE CrossWEB EX V3 by utilizing Bring Your Own Vulnerable Driver (BYOVD) technique to neutralize an antivirus program. …
SideWinder APT group’s new arsenal named WarHawk
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The SideWinder APT gang operates espionage campaigns against government, military, and business sectors throughout Asia, primarily Pakistan, by employing the WarHawk backdoor to exfiltrate vulnerable system metadata to a remote server. …
US healthcare organizations targeted by Daixin Team ransomware
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Daixin Team ransomware, and data extortion group has been gaining initial access to victims through virtual private networks (VPN) servers since June 2022, either by exploiting an unpatched vulnerability in the …
LDR4 is a new Ursnif variant
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In June 2022, a new aspect of the URSNIF malware was identified. Unlike prior URSNIF iterations, this new variation, code named LDR4, is a backdoor designed to facilitate operations such as …
The Spyder Loader malware targets organizations in Hong Kong
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Spyder Loader malware was first publicly documented in March 2021. The recent Spyder Loader malware campaign appears to have had the ultimate goal of information theft, and the threat actor …
Text2Shell: Vulnerability like Log4Shell in Apache Common Texts
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new vulnerability in Apache Commons Text has been named text2shell. The vulnerability allows unauthenticated attackers to remotely execute code on servers running affected applications. Due to the availability of the …
Prestige Ransomware impacts transportation industry in Ukraine and Poland
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Prestige Ransomware is using already-gained ADMIN access to target organizations in Ukraine and Poland by deploying its payload. The activity has been associated with DEV-0960. …
WIP19 targets IT service providers and telcos with custom malware
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary WIP19, a Chinese APT group is using legitimate and stolen certificates to sign malware, such as SQLMaggie, ScreenCap, and a credential dumper which it then used to target telecommunications and IT …
Budworm Attackers Return with New Espionage Strikes Against the United States
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Budworm espionage group exploited Log4j vulnerabilities to jeopardize the Apache Tomcat service by integrating several custom and publicly available tools to exfiltrate sensitive information. …