Tag: CVE

Detect CVE-2022-47986 Exploits: Critical Pre-Authenticated Remote Code Execution Vulnerability in IBM Aspera Faspex
Detect CVE-2022-47986 Exploits: Critical Pre-Authenticated Remote Code Execution Vulnerability in IBM Aspera Faspex

Stay alert! Adversaries set eyes on Aspena Faspex, an IBM file-exchange application frequently used by large enterprises to speed up file transfer procedures. Specifically, threat actors attempt to leverage a pre-authenticated remote code execution (RCE) vulnerability (CVE-2022-47986) affecting the app to proceed with ransomware attacks. At least two ransomware collectives were spotted exploiting CVE-2022-47986, including […]

Read More
CVE-2023-24055 Detection: Notorious Vulnerability in KeePass Potentially Exposing Cleartext Passwords
CVE-2023-24055 Detection: Notorious Vulnerability in KeePass Potentially Exposing Cleartext Passwords

Stay alert! Security researchers have discovered a notorious vulnerability posing a serious threat to users of a popular password manager KeePass. A security flaw, tracked as CVE-2023-24055, might affect KeePass version 2.5x, potentially allowing attackers to obtain stored passwords in cleartext.  CVE-2023-24055 Detection With proof-of-concept (PoC) exploit available, and in view that KeePass is one […]

Read More
CVE-2022-42475 Detection: Zero-Day Vulnerability in FortiOS SSL-VPN Exploited in Attacks Against Government Entities and Large Organizations
CVE-2022-42475 Detection: Zero-Day Vulnerability in FortiOS SSL-VPN Exploited in Attacks Against Government Entities and Large Organizations

Stay alert! Security researchers are warning the global cyber defender community of a zero-day vulnerability in FortiOS SSL-VPN, which was patched in December 2022. The security flaw tracked as CVE-2022-42475 and resulting in unauthenticated remote code execution (RCE) has been exploited in targeted attacks against government agencies and large organizations across the globe.  Detect CVE-2022-42475: […]

Read More
CVE-2022-41974, CVE-2022-41973, CVE-2022-3328 Exploit Detection: Three Linux Vulnerabilities Chained to Gain Full Root Privileges
CVE-2022-41974, CVE-2022-41973, CVE-2022-3328 Exploit Detection: Three Linux Vulnerabilities Chained to Gain Full Root Privileges

Security experts from Qualys’ Threat Research Unit warn of a novel vulnerability  (CVE-2022-3328) in Snapd, a popular software management tool for Linux, that might be exploited for local privilege escalation and arbitrary code execution. The security issue in the spotlight can be chained with older vulnerabilities revealed in multipathd (CVE-2022-41973 & CVE-2022-41974) to escalate privileges […]

Read More
CVE-2022-3602 & CVE-2022-3786: New High-Severity OpenSSL Vulnerabilities 
CVE-2022-3602 & CVE-2022-3786: New High-Severity OpenSSL Vulnerabilities 

Due to a constantly evolving number of vulnerabilities affecting open-source software products, proactive detection of vulnerability exploitation remains one of the most common security use cases according to the latest SOC Prime’s Detection as Code Innovation report. At the turn of November 2022, a couple of new vulnerabilities in the OpenSSL software library identified as […]

Read More
Detect CVE-2021-39144: Critical Remote Code Execution Vulnerability in VMware Cloud Foundation via XStream Open Source Library
Detect CVE-2021-39144: Critical Remote Code Execution Vulnerability in VMware Cloud Foundation via XStream Open Source Library

Another day, another exploit emerges in the wild to cause a headache for security practitioners. VMware warns of a public exploit code available for a recently-patched critical remote code execution (RCE) vulnerability (CVE-2021-39144) in VMware Cloud Foundation and NSX Manager. Leveraging this flaw, unauthenticated threat actors might execute the malicious code with the highest system […]

Read More
Detecting Text4Shell (CVE-2022-42889), Critical RCE in Apache Commons Text
Detecting Text4Shell (CVE-2022-42889), Critical RCE in Apache Commons Text

Threat actors don’t sleep, and cyber defenders cannot sleep a wink either to keep up with emerging threats. In 2022, a wave of critical “shell” vulnerabilities has been flooding the cyber threat arena, starting with the loud appearance of Log4Shell at the turn of the year, followed by Spring4Shell in March, then ProxyNotShell just one […]

Read More
CVE-2022-40684 Detection: A Critical Fortinet Authentication Bypass Vulnerability Exploited in the Wild
CVE-2022-40684 Detection: A Critical Fortinet Authentication Bypass Vulnerability Exploited in the Wild

Heads up! A new critical vulnerability is on the radar. Fortinet has recently disclosed an authentication bypass vulnerability in its FortiOS, FortiProxy, and FortiSwitchManager appliances. The security flaw tracked as CVE-2022-40684 is actively exploited in the wild, posing a serious risk to Fortinet’s customers leveraging vulnerable product instances. Detect CVE-2022-40684 Exploitation Attempts In view of […]

Read More
BlackByte Ransomware Detection: Threat Actors Exploit CVE-2019-16098 Vulnerability in RTCore64.sys Driver to Bypass EDR Protection
BlackByte Ransomware Detection: Threat Actors Exploit CVE-2019-16098 Vulnerability in RTCore64.sys Driver to Bypass EDR Protection

BlackByte ransomware reemerges in the cyber threat arena exploiting a security flaw in legitimate drivers to disable EDR products on compromised devices. Cybersecurity researchers have revealed that ransomware operators apply an advanced adversary technique dubbed “Bring Your Own Driver” enabling them to bypass security products and spread infection on vulnerable machines. Detect BlackByte Ransomware Used […]

Read More
CVE-2022-27925 Detection: Mass Exploitation of Remote Code Execution (RCE) Vulnerability in Zimbra Collaboration Suite
CVE-2022-27925 Detection: Mass Exploitation of Remote Code Execution (RCE) Vulnerability in Zimbra Collaboration Suite

Exploitation attempts of vulnerabilities found in Zimbra Collaboration Suite (ZCS) are coming into the spotlight in the cyber threat arena, like in the case of CVE-2018-6882 used in a targeted cyber-espionage campaign against Ukrainian state bodies in mid-April 2022. Throughout July and August 2022, cybersecurity researchers were investigating a series of security breaches affecting ZCS […]

Read More