Manjusaka – Cybercriminal’s new attack framework weapon
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Manjusaka is a new attack framework that mimics Cobalt Strike and Sliver. The new malware family implants are written in the Rust programming language and are compatible with Windows and Linux. The …
VMware products impacted by an authentication bypass vulnerability and other flaws
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary VMware has addressed multiple vulnerabilities, including an authentication bypass (CVE-2022-31656), remote code execution (CVE-2022-31658, CVE-2022-31659, and CVE-2022-31665), and many more flaws. …
LockBit 3.0 makes a comeback by exploiting Log4j
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary LockBit 3.0 (LockBit Black), a new variant of LockBit Ransomware, is deploying Cobalt Strike beacons on compromised systems by exploiting the Windows Defender command line tool and Log4j in VMware Horizon. …
KNOTWEED exploits zero-days to target US and Europe
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary KNOTWEED, an Austria-based private-sector offensive actor (PSOA), are exploiting 0-day vulnerabilities of Windows and Adobe to perform targeted attacks against European and Central American customers by using their malware named Subzero. …
APT37 employs Konni malware to target high-level organizations
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary The Konni remote access trojan, which is widely used malware by the APT37, is used in the attack campaign to take advantage of high-value targets from countries like the Czech Republic, Poland, …
Evilnum strikes commodities and cryptocurrency Forum
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary In recent campaigns, the Evilnum actor group has targeted the Decentralized Finance (DeFi) sector using Evilnum Malware. The latest iteration of Evilnum backdoor employs a diverse set of ISO, Microsoft Word, and …
Spyware Group Candiru exploits Chrome Zero-Day to Target Middle East
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Candiru(Saito Tech) spyware used the recently fixed CVE-2022-2294 Chrome zero-day in assaults on journalists, with a substantial portion of the attacks taking place in Lebanon. This recently patched vulnerability in WebRTC is …
Shell Command Injection Vulnerability found in Apache Spark
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Apache Spark recently disclosed a weakness, CVE-2022-33891, which would allow threat actors to execute arbitrary shell commands as a Spark. …
Revamped version of Redeemer Ransomware has been uncovered on Dark Web Forums
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary A new version of the free Redeemer ransomware has been discovered on hacker forums, providing inexperienced threat actors with an easy entry into the field of encryption-backed extortion campaigns. The new 2.0 …
APT29 utilizes cloud storage service to deliver malicious payloads
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary APT29, a cyber espionage gang uses cloud storage services such as Google Drive and Dropbox to distribute malware to compromised systems. The gang used a phishing campaign that targeted several Western diplomatic …