Threat Intelligence Bulletin – Linux Kernel Vulnerabilities, Bypassing MFA, and Obscuring Credential Stuffing
DirtyCred (CVE-2022-2588) Linux kernel vulnerability abuses heap memory to swap unprivileged kernel credentials with privileged ones Attackers utilizing PaloAlto PAN-OS URL filtering policy to carry...
Threat Intelligence Bulletin – Weaponized PLCs, Response-based Attacks, and APT41
Researchers describe attack technique that weaponizes programmable logic controllers to gain entry to workstations and subsequently invade networks https://thehackernews.com/2022/08/new-evil-plc-attack-weaponizes-plcs-to.html Open redirect flaws being used to...
Threat Intelligence Bulletin – Manjuska Attack Framework, Zeppelin Ransomware, and the Evolving Email Threat Landscape
CISA adds path traversal vulnerability in Unix versions unRAR utility to Known Exploited Vulnerabilities Catalog https://thehackernews.com/2022/08/cisa-issues-warning-on-active.html Attackers exploiting open redirects to Snapchat and Amex websites...
Threat Intelligence Bulletin – Decentralized Phishing Infrastructure, Top Threat IOCs, and C2-as-a-Service
Most impersonated software according to VirusTotal includes Skype, Adobe Reader, 7-Zip and more https://thehackernews.com/2022/08/virustotal-reveals-most-impersonated.html DrayTek routers affected by RCE vulnerability https://www.darkreading.com/endpoint/critical-rce-bug-draytek-routers-smbs-zero-click-attacks Phishing attacks increasingly using...
Threat Intelligence Bulletin – Container Files, Bots, and Industrial Espionage
In response to Microsoft plans to block macros by default, threat actors changing TTPs to container files (ISO, RAR) and Windows shortcut files (LNK) https://thehackernews.com/2022/07/hackers-opting-new-attack-methods-after.html...
Threat Intelligence Bulletin – Russian Threat Actors, Leveraging Public Cloud Storage, and Cross-platform Capabilities with Rust
Netwrix Auditor application contains security vulnerability leading to arbitrary code execution in Active Directory domain if successfully exploited https://thehackernews.com/2022/07/new-netwrix-auditor-bug-could-let.html VoIP phones utilizing Digium software and...
Threat Intelligence Bulletin – Spectre Attacks, Impersonations, and Bypassing MFA
Phishing campaign leveraging Follina vulnerability to deploy backdoor on Windows systems https://thehackernews.com/2022/07/hackers-exploiting-follina-bug-to.html Details on modus operandi of current phishing campaign https://www.bleepingcomputer.com/news/security/new-luna-moth-hackers-breach-orgs-via-fake-subscription-renewals/ Microsoft temporarily removes automatic...
Threat Intelligence Bulletin – Server Backdoors, Worms, and State-sponsored Threats
Chinese cloud threat actor updates toolset to breach Linux servers to install crypto miners https://thehackernews.com/2022/06/microsoft-warns-of-cryptomining-malware.html SessionManager malware exploits a ProxyLogon flaw to backdoor Exchange servers...
Threat Intelligence Bulletin – Router RATs, Chinese APTs, and the 25 Most Dangerous Software Flaws
Phishing campaign using Azure Front Door in attacks https://www.helpnetsecurity.com/2022/06/27/azure-front-door-phishing-attacks/ Outline of phishing campaign abusing QuickBooks cloud domain https://www.darkreading.com/remote-workforce/cyberattackers-abuse-quickbooks-cloud-service-ouble-spear-campaign Experts warn of emerging “Black Basta” ransomware...
Threat Intelligence Bulletin – Vulnerable QNAP NAS Devices, Phishing Campaign Delivering Cobalt Strike, and Atlassian Confluence Flaws
Ransomware targeting vulnerable QNAP Network Attached Storage devices https://www.bleepingcomputer.com/news/security/qnap-nas-devices-targeted-by-surge-of-ech0raix-ransomware-attacks/ PHP flaw in QNAP Network Attached Storage devices leads to RCE vulnerability https://www.bleepingcomputer.com/news/security/critical-php-flaw-exposes-qnap-nas-devices-to-rce-attacks/ Threat analyst outlines...