Vulnerabilities & Threats that Matter 12 – 18 September
Published Vulnerabilities | Interesting Vulnerabilities | Active Threat Groups | Targeted Countries | Targeted Industries | ATT&CK TTPs |
657 | 44 | 2 | 40 | 18 | 48 |
For a detailed threat digest, download the pdf file here
Summary
The second week of September 2022 witnessed the discovery of 657 vulnerabilities out of which 44 gained the attention of Threat Actors and security researchers worldwide. Among these 44, five were zero-days, and five vulnerabilities are awaiting analysis on the National Vulnerability Database (NVD). Hive Pro Threat Research Team has curated a list of 44 CVEs that require immediate action.
This week, Uber experienced a mission-critical security breach following a social engineering attack on an employee that forced the company to shut down its internal communications and engineering systems.
Parallelly, Monti ransomware targeted the VMware Horizon virtualization system by exploiting the well-known “Log4Shell” vulnerability. Further, Iranian government-sponsored threat actors launched attacks using Fortinet, Microsoft Exchange, Log4j, and VMware Horizon vulnerabilities.
Further, we also observed two Threat Actor groups being highly active in the last week. First was a quadruple actor gang comprised of DEV-0842, DEV-0861, DEV-0166, and DEV-0133 of Iranian provenance, which was targeting Albanian government websites for financial gain. The second was SparklingGoblin, a Chinese threat actor known for information theft and espionage, who was spotted advancing the SideWalk backdoor. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section