September 20, 2022

Vulnerabilities & Threats that Matter 12 – 18 September

Published VulnerabilitiesInteresting VulnerabilitiesActive Threat GroupsTargeted CountriesTargeted IndustriesATT&CK TTPs
657442401848

For a detailed threat digest, download the pdf file here

Summary

The second week of September 2022 witnessed the discovery of 657 vulnerabilities out of which 44 gained the attention of Threat Actors and security researchers worldwide. Among these 44, five were zero-days, and five vulnerabilities are awaiting analysis on the National Vulnerability Database (NVD). Hive Pro Threat Research Team has curated a list of 44 CVEs that require immediate action.

This week, Uber experienced a mission-critical security breach following a social engineering attack on an employee that forced the company to shut down its internal communications and engineering systems.
Parallelly, Monti ransomware targeted the VMware Horizon virtualization system by exploiting the well-known “Log4Shell” vulnerability. Further, Iranian government-sponsored threat actors launched attacks using Fortinet, Microsoft Exchange, Log4j, and VMware Horizon vulnerabilities.

Further, we also observed two Threat Actor groups being highly active in the last week. First was a quadruple actor gang comprised of DEV-0842, DEV-0861, DEV-0166, and DEV-0133 of Iranian provenance, which was targeting Albanian government websites for financial gain. The second was SparklingGoblin, a Chinese threat actor known for information theft and espionage, who was spotted advancing the SideWalk backdoor. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section

Recent Resources

Dive into our library of resources for expert insights, guides, and in-depth analysis on maximizing Uni5 Xposure’s capabilities

Book a demo and find out more about how Hive Pro can double your operational efficiency

Book a Demo