Tag: CVE

CVE-2023-22527 Detection: Maximum Severity RCE Vulnerability in Atlassian’s Confluence Server and Data Center Exploited in the Wild
CVE-2023-22527 Detection: Maximum Severity RCE Vulnerability in Atlassian’s Confluence Server and Data Center Exploited in the Wild

Adversaries carry out high-profile in-the-wild attacks by weaponizing RCE vulnerabilities impacting Atlassian Confluence servers. A newly uncovered RCE vulnerability in the Confluence Data Center and Confluence Server has been observed under active exploitation just a few days after its discovery. The critical flaw tracked as CVE-2023-22527 with the highest possible CVSS score of 10.0 affects […]

Read More
Phemedrone Stealer Detection: Threat Actors Exploit CVE-2023-36025 Vulnerability in Windows SmartScreen to Deploy Malware
Phemedrone Stealer Detection: Threat Actors Exploit CVE-2023-36025 Vulnerability in Windows SmartScreen to Deploy Malware

This time security researchers report a malicious campaign leveraging a now-patched Windows SmartScreen flaw (CVE-2023-36025) to drop the Phemedrone payload. Phemedrone is an open-source information stealer capable of siphoning data from crypto wallets, chatting apps, popular software, and more. Detect Phemedrom Stealer  With over 1 billion malware samples circulating in the cyber domain, security professionals […]

Read More
CVE-2023-46805 and CVE-2024-21887 Detection: Chinese Threat Actors Exploit Zero-Day Vulnerabilities in Invanti Connect Secure and Policy Secure Instances
CVE-2023-46805 and CVE-2024-21887 Detection: Chinese Threat Actors Exploit Zero-Day Vulnerabilities in Invanti Connect Secure and Policy Secure Instances

Critical zero-day vulnerabilities impacting external-facing systems pose severe threats to multiple organizations that rely on them, exposing them to risks of RCE and system compromise, just like the active exploitation of the FortiOS SSL-VPN flaw caused havoc in January 2023. Recently, Chinese state-sponsored hacking groups have been observed exploiting two zero-day vulnerabilities tracked as CVE-2023-46805 […]

Read More
CVE-2023-42793 Detection: Large-Scale Exploitation of the JetBrains TeamCity Vulnerability by the russian Foreign Intelligence Service
CVE-2023-42793 Detection: Large-Scale Exploitation of the JetBrains TeamCity Vulnerability by the russian Foreign Intelligence Service

FBI and CISA, in conjunction with U.S. and international cybersecurity authorities, warn the global cyber defender community about large-scale exploitation of CVE-2023-42793, a critical JetBrains TeamCity CVE potentially leading to RCE on the vulnerable instances. The related cybersecurity alert AA23-347A attributes the ongoing cyber-offensive operations to the russian Foreign Intelligence Service (SVR) represented by the […]

Read More
CVE-2023-49070 Exploit Detection: A Critical Pre-Auth RCE Vulnerability in Apache OFBiz 
CVE-2023-49070 Exploit Detection: A Critical Pre-Auth RCE Vulnerability in Apache OFBiz 

Сritical vulnerabilities in popular open-source software solutions pose severe threats to global businesses that rely on the impacted products. Recently, another critical security flaw was identified in Apache OFBiz, an open-source enterprise resource planning system mainly used by large-scale businesses with over 10,000 of employees. The uncovered flaw is a pre-auth vulnerability tracked as CVE-2023-49070 […]

Read More
Operation Blacksmith Detection: Lazarus APT Uses a CVE-2021-44228 Exploit to Deploy New DLang-Based Malware Strains
Operation Blacksmith Detection: Lazarus APT Uses a CVE-2021-44228 Exploit to Deploy New DLang-Based Malware Strains

Adversaries set their eyes on a notorious security flaw in Log4j Java Library tracked as CVE-2021-44228, aka Log4Shell, even a couple of years after its disclosure. A new campaign dubbed “Operation Blacksmith” involves the exploitation of the Log4Shell vulnerability to deploy new malicious strains written in DLang, including novel RATs. The North Korean APT Lazarus […]

Read More
CVE-2023-49103 Detection: A Critical Vulnerability in OwnCloud’s Graph API App Leveraged for in-the-Wild Attacks
CVE-2023-49103 Detection: A Critical Vulnerability in OwnCloud’s Graph API App Leveraged for in-the-Wild Attacks

Hot on the heels of the Zimbra zero-day vulnerability, another critical security flaw affecting popular software comes to the scene. The open-source file-sharing software ownCloud has recently disclosed a trio of disturbing security holes in its products. Among them, the max severity vulnerability tracked as CVE-2023-49103 gained the CVSS score of 10 due to the […]

Read More
CVE-2023-47246 Detection: Lace Tempest Hackers Actively Exploit a Zero-Day Vulnerability in SysAid IT Software
CVE-2023-47246 Detection: Lace Tempest Hackers Actively Exploit a Zero-Day Vulnerability in SysAid IT Software

This November, a set of new zero-days in the popular software products are emerging in the cyber domain, like CVE-2023-22518 affecting all versions of Confluence Data Center and Server. Shortly after its disclosure, another zero-day flaw in SysAid IT software tracked under CVE-2023-47246 comes to the scene. Microsoft revealed traces of vulnerability exploitation, with the […]

Read More
CVE-2023-22518 Detection: Exploitation of a New Critical Vulnerability in Atlassian Confluence Leads to Cerber Ransomware Deployment 
CVE-2023-22518 Detection: Exploitation of a New Critical Vulnerability in Atlassian Confluence Leads to Cerber Ransomware Deployment 

Just over a month after the disclosure of a critical Confluence zero-day tracked as CVE-2023-22515, a novel vulnerability emerges in the cyber threat arena impacting Atlassian products. Adversaries are setting eyes on a recently fixed and maximum severity vulnerability known as CVE-2023-22518 in all versions of Confluence Data Center and Confluence Server, which enables them […]

Read More
CVE-2023-46604 Detection: HelloKitty Ransomware Maintainers Exploits RCE Vulnerability in Apache ActiveMQ
CVE-2023-46604 Detection: HelloKitty Ransomware Maintainers Exploits RCE Vulnerability in Apache ActiveMQ

At the turn of November, hot over the heels of disclosing CVE-2023-43208, the Mirth Connect vulnerability, another security bug comes to the scene. Defenders notify the global community of a newly uncovered the highest severity RCE bug that affects Apache ActiveMQ products. Detect CVE-2023-46604 With emerging vulnerabilities being a juicy target for adversaries seeking to […]

Read More