BlackByte uses a new attack technique to target vulnerable Windows drivers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary BlackByte Ransomware is leveraging a security flaw in a legitimate Windows driver to conduct a new bring your own vulnerable driver (BYOVD) attack. …
Zero-day vulnerabilities in Microsoft Exchange Server
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft Exchange Server has two zero-day vulnerabilities. One of them is a Server-Side Request Forgery (SSRF) vulnerability(CVE-2022-41040), while the second is a remote code execution (RCE) vulnerability (CVE-2022-41082)in PowerShell. An authenticated …
Sophos Zero-day vulnerability becomes target for attackers
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in the User Portal and WebAdmin of Sophos Firewall has been tracked as CVE-2022-3236. This vulnerability is been used by some unknown attackers to target organizations in South …
Vulnerable Atlassian Confluence Servers utilized to drop Crypto Miners
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Atlassian Confluence Server’s CVE-2022-26134, an unauthenticated remote code execution (RCE) vulnerability that was recently patched, is being used by adversaries to deploy cryptocurrency mining malware. …
Zero-day vulnerability in Windows terminal management tool gets a hotfix Date
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft Endpoint Configuration Manager (MECM) has a spoofing vulnerability that allows remote attackers to access sensitive data. The zero-day vulnerability has been identified as CVE-2022-37972. …
Zero-Day vulnerability in WPGateway Plugin compromises WordPress sites
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The recently uncovered CVE-2022-3180 zero-day vulnerability allows an unauthenticated attacker to add an administrator account to WPGateway-powered websites. WPGateway is a commercial plugin that allows users to install, backup, and clone …
Kinsing malware continues to exploit these two-year-old vulnerabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Malicious actors are exploiting these two-year-old remote code execution vulnerabilities in Oracle WebLogic Server to deploy Kinsing malware. …
UNC4034 slips in a backdoor with trojanized PuTTY
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary UNC4034, a North Korean threat actor, uses a fake job posting to trick victims into downloading a trojanized version of PuTTY. When the malicious PuTTY binary is executed on the host, …
Zero-day vulnerability uncovered in Trend Micro Apex One
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability, along with several other issues, has been addressed by Trend Micro. It has been identified as CVE-2022- 40139 and could allow attackers to execute remote code. …
SparklingGoblin Revamps SideWalk Backdoor for Linux Variant
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SparklingGoblin aka Earth Baku State-backed Chinese hackers has integrated a Linux variant of the SideWalk backdoor. SparklingGoblin Threat actors typically target East and Southeast Asian countries, with a special emphasis on …