Threat Intelligence Bulletin – Exchange Servers Targeted, Panchan Botnet, and Linux Rootkits
DoS vulnerability in envoy proxy allows for attackers to crash the proxy server https://www.darkreading.com/cloud/dos-vulnerability-envoy-proxy-crashes Syslogk Linux rootkit using magic packets to trigger dormant backdoors https://www.bleepingcomputer.com/news/security/new-syslogk-linux-rootkit-uses-magic-packets-to-trigger-backdoor/...
Threat Intelligence Bulletin – CISA Adds New Vulnerabilities to Catalog, Linux Symbiote Malware, and the Most Common Exploit Paths for Q1 2022
Chinese state-sponsored threat actors targeting VPN’s and network devices using several older, well-known flaws https://www.zdnet.com/article/nsa-fbi-warning-hackers-are-using-these-flaws-to-target-vpns-and-network-devices/ New phishing campaign spreading SVCReady malware using shellcode hidden in...
Threat Intelligence Bulletin – Follina, Stolen VPN Credentials, and Telegram Phishing
Microsoft Office zero-day ‘Follina’ (CVE-2022-30190) exploiting Support Diagnostic Tools https://threatpost.com/zero-day-follina-bug-lays-older-microsoft-office-versions-open-to-attack/179756/ https://www.zdnet.com/article/this-zero-day-windows-flaw-opens-a-backdoor-to-hackers-via-microsoft-word-heres-how-to-fix-it/ FBI warns hackers selling VPN credentials from educational institutions https://thehackernews.com/2022/05/fbi-warns-about-hackers-selling-vpn.html Chinese hackers infecting victims...