Tag: CVE

CVE-2022-41974, CVE-2022-41973, CVE-2022-3328 Exploit Detection: Three Linux Vulnerabilities Chained to Gain Full Root Privileges

Security experts from Qualys’ Threat Research Unit warn of a novel vulnerability  (CVE-2022-3328) in Snapd, a popular software management tool for Linux, that might be exploited for local privilege escalation and arbitrary code execution. The security issue in the spotlight can be chained with older vulnerabilities revealed in multipathd (CVE-2022-41973 & CVE-2022-41974) to escalate privileges […]

Read More
CVE-2022-3602 & CVE-2022-3786
CVE-2022-3602 & CVE-2022-3786: New High-Severity OpenSSL Vulnerabilities 

Due to a constantly evolving number of vulnerabilities affecting open-source software products, proactive detection of vulnerability exploitation remains one of the most common security use cases according to the latest SOC Prime’s Detection as Code Innovation report. At the turn of November 2022, a couple of new vulnerabilities in the OpenSSL software library identified as […]

Read More
Detect CVE-2021-39144: Critical Remote Code Execution Vulnerability in VMware Cloud Foundation via XStream Open Source Library

Another day, another exploit emerges in the wild to cause a headache for security practitioners. VMware warns of a public exploit code available for a recently-patched critical remote code execution (RCE) vulnerability (CVE-2021-39144) in VMware Cloud Foundation and NSX Manager. Leveraging this flaw, unauthenticated threat actors might execute the malicious code with the highest system […]

Read More
Detecting Text4Shell (CVE-2022-42889), Critical RCE in Apache Commons Text

Threat actors don’t sleep, and cyber defenders cannot sleep a wink either to keep up with emerging threats. In 2022, a wave of critical “shell” vulnerabilities has been flooding the cyber threat arena, starting with the loud appearance of Log4Shell at the turn of the year, followed by Spring4Shell in March, then ProxyNotShell just one […]

Read More
CVE-2022-40684 Detection
CVE-2022-40684 Detection: A Critical Fortinet Authentication Bypass Vulnerability Exploited in the Wild

Heads up! A new critical vulnerability is on the radar. Fortinet has recently disclosed an authentication bypass vulnerability in its FortiOS, FortiProxy, and FortiSwitchManager appliances. The security flaw tracked as CVE-2022-40684 is actively exploited in the wild, posing a serious risk to Fortinet’s customers leveraging vulnerable product instances. Detect CVE-2022-40684 Exploitation Attempts In view of […]

Read More
BlackByte ransomware disabling EDR protection
BlackByte Ransomware Detection: Threat Actors Exploit CVE-2019-16098 Vulnerability in RTCore64.sys Driver to Bypass EDR Protection

BlackByte ransomware reemerges in the cyber threat arena exploiting a security flaw in legitimate drivers to disable EDR products on compromised devices. Cybersecurity researchers have revealed that ransomware operators apply an advanced adversary technique dubbed “Bring Your Own Driver” enabling them to bypass security products and spread infection on vulnerable machines. Detect BlackByte Ransomware Used […]

Read More
CVE-2022-27925 Detection
CVE-2022-27925 Detection: Mass Exploitation of Remote Code Execution (RCE) Vulnerability in Zimbra Collaboration Suite

Exploitation attempts of vulnerabilities found in Zimbra Collaboration Suite (ZCS) are coming into the spotlight in the cyber threat arena, like in the case of CVE-2018-6882 used in a targeted cyber-espionage campaign against Ukrainian state bodies in mid-April 2022. Throughout July and August 2022, cybersecurity researchers were investigating a series of security breaches affecting ZCS […]

Read More
CVE-2022-31672 Detection: Pre-Authenticated Remote Code Execution Exploit
CVE-2022-31672 Detection: Pre-Authenticated Remote Code Execution Exploit Using Patched Vulnerabilities in VMware vRealize Operations Management Suite

Security flaws in VMware products that can be leveraged in exploit chain attacks have been in the limelight in the cyber threat arena since May 2022, when CISA issued an alert warning of known remote code execution (RCE) and privilege escalation vulnerabilities. On August 9, 2022, VMware patched another set of vulnerabilities that might be […]

Read More
CVE-2022-30333
CVE-2022-30333 Detection: New Security Hole in the UnRAR Utility

The US Critical Infrastructure Security Agency (CISA) expands its catalog of Known Exploited Vulnerabilities by documenting several new actively exploited directory traversal flaws. The bugs in question are an RCE flaw tagged CVE-2022-34713 and a path traversal vulnerability filed under CVE-2022-30333. Microsoft has acknowledged that a CVE-2022-34713 vulnerability is a variant of the Follina-like DogWalk […]

Read More
KNOTWEED Activity Detection: CVE-2022-22047 Vulnerability and Multiple Windows & Adobe Zero-Day Exploitation by the European Private-Sector Offensive Actor (PSOA)

On July 27, 2022, Microsoft cybersecurity researchers published a notice observing the recently revealed malicious activity of the European private-sector offensive actor (PSOA) tracked as KNOTWEED, which leverages a set of Windows and Adobe zero-day exploits, including the newly patched CVE-2022-22047 vulnerability. According to the research, threat actors launch targeted cyber-attacks against organizations in Europe […]

Read More