Healthcare industry tore down by Karakurt ransomware group
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Karakurt ransomware group is a recent addition to the list of cybercriminal gangs, with reports of its first appearance in late 2021. Since June 2022, the recent attacks have had …
DarkTortilla crypter is set to become a formidable threat
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DarkTortilla is a sophisticated and highly configurable .NET-based crypter that has been active since at least August 2015. The malware is popular for the deployment of remote access trojans (RATs), targeted …
Iranian APT’s new data extraction tool Hyperscrape
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Charming Kitten, an Iranian government-backed threat group, has been employing a new data extraction tool, HYPERSCAPE. It has been used to retrieve data from Microsoft Outlook, Yahoo, and Gmail accounts. The …
Input validation flaw in GitLab’s Community and Enterprise Software
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A remote code execution vulnerability that affects GitLab Community Edition (CE) and Enterprise Edition (EE) has been identified as CVE-2022-2884. It can be exploited using the GitHub import API, However it requires …
Grandoreiro Banking Trojan Attacks Industries in Spanish-Speaking Countries
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Grandoreiro banking trojan is a campaign that has been active since at least 2016 and targets a variety of businesses in Mexico and Spain, including automotive, chemical production, and others. Threat actors’ …
Denial of service vulnerability in PAN OS exploited in the wild
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The URL filtering policy misconfiguration in PAN-OS leads to a vulnerability that could allow an unauthenticated remote attacker to conduct distributed denial-of-service(DDoS) attacks. This vulnerability has been tracked as CVE-2022-0028. …
Multiple industries targeted by uptick of BianLian ransomware
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Attackers are gravitating to deliver BianLian, a new ransomware strain written in Go that was spotted mid-way through July 2022. Numerous well-known enterprises have been targeted, including those in manufacturing, education, healthcare, …
Iranian-linked hacker group victimized Israel’s shipping industry
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Iranian threat group (UNC3890) used social engineering lures and a watering hole to jeopardize Israel’s shipping, government, energy, aviation, and healthcare sectors. This campaign has been running since at least late 2020 …
Two zero-day vulnerabilities in macOS when chained can take over the entire system
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Two zero-day vulnerabilities have been discovered in Apple macOS. Both could allow an attacker to execute arbitrary code. These new issues bring the total number of zero-day vulnerabilities discovered in the Apple …
Chrome’s zero-day flaw allows arbitrary code execution
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A vulnerability(CVE-2022-2856) in Google Chrome, has been exploited in the wild. Additionally, Chrome has addressed several other use-after-free vulnerabilities in multiple components, including FedCM, SwiftShader, ANGLE, and Blink. …