Tag: Vulnerability

Log4Shell in VMware Horizon and UAG Servers
New Attempts to Exploit Log4Shell in VMware Horizon Systems: CISA Warns of Threat Actors Actively Leveraging CVE-2021-44228 Apache Log4j Vulnerability

The notorious CVE-2021-44228 Apache Log4j vulnerability aka Log4Shell is still haunting cyber defenders along with reports about its active in-the-wild exploitations. Starting from December 2021, the nefarious Log4Shell flaw on unpatched VMware Horizon and Unified Access Gateway (UAG) servers has been widely weaponized by threat actors enabling them to gain initial access to targeted systems. […]

Read More
CVE-2022-1040
CVE-2022-1040 Detection: DriftingCloud APT Group Exploits RCE Flaw in Sophos Firewall

A notorious Chinese APT group known under the moniker “DriftingCloud” targets a cybersecurity firm Sophos. Namely, the threat actor is believed to be behind the active exploitation of a security hole in Sophos firewall. The flaw, tracked as CVE-2022-1040, scores 9.8 in severity and has been affecting Sophos Firewall versions 18.5 MR3 and older since […]

Read More
DFSCoerce Detection: New NTLM Relay Attack Enabling Windows Domain Takeover

Brace yourself for a new PetitPotam-like NTLM relay attack enabling complete Windows domain takeover via Microsoft’s Distributed File System (MS-DFSNM) abuse. The new attack method, dubbed DFSCoerce, allows adversaries to coerce Windows servers into authentication with a relay under hackers’ control. Domain Controllers (DC) are also vulnerable, which poses a significant risk of the entire […]

Read More
Blue Mockingbird Threat Actor
Telerik UI Vulnerability Exploit Detection: Blue Mockingbird Leverages CVE-2019-18935

Blue Mockingbird cybercrime group has been on the cybersecurity radar for about two years now. In the current campaign, the threat actor exploits the vulnerabilities discovered in 2019 in a popular Telerik UI suite for ASP.NET AJAX that includes around 120 components. The major vulnerability, tracked as CVE-2019-18935 with a critical severity level of 9.8, […]

Read More
Flaws in FUJITSU CentricStor Control Center
Fujitsu Cloud Storage Vulnerabilities Detection

Fujitsu Eternus CS8000 (Control Center) V8.1. was deemed vulnerable to privilege escalation attacks in early April 2022, with the Fujitsu PSIRT (Product Security Incident Response Team) releasing an official security notice on June 1, 2022. Security researchers reported two security holes in the vendor’s Control Center software that enabled unauthorized attackers to gain remote code […]

Read More
CVE-2022-32275 and CVE-2022-32276 Detection of Exploitation Attempts: New Vulnerabilities Affecting Grafana

Steel yourself for new vulnerabilities revealed in the open-source observability platform leveraged by millions of users from across the globe, which in 2021 was in the spotlight in the cyber threat arena due to a notorious CVE-2021-43798 zero-day flaw actively exploited in the wild. Grafana, the open-source analytics and monitoring platform leveraged by global organizations […]

Read More
CVE-2022-30190 aka Follina
CVE-2022-30190 Detection: Updates on Microsoft Windows RCE Vulnerability

Let’s start with a short rundown of developments regarding Windows zero-day vulnerability (CVE-2022-30190), aka Follina. Back in April 2022, a research team known under the moniker CrazymanArmy warned Microsoft of a new zero-day RCE vulnerability in one of their products. The tech corporation opted not to address the issue at that point. On May 27, […]

Read More
Follina Vulnerability Detection: New Microsoft Office Zero-Day Exploited in the Wild

Cybersecurity researchers turn the spotlight on a novel zero-day vulnerability in Microsoft Office seen in the wild. On May, 27, Follina zero-day flaw was first documented and reported to have been submitted from Belarus. According to the research, the newly discovered Microsoft Office zero-day vulnerability can lead to arbitrary code execution on compromised Windows devices.  […]

Read More
CVE-2022-22960 and CVE-2022-22954 Detection: CISA Warns of Exploitation Attempts of Unpatched VMware Vulnerabilities

On May 18, 2022, CISA issued a notice warning organizations of potential exploitation attempts of known vulnerabilities in the VMware products tracked as CVE-2022-22954 and CVE-2022-22960. Once exploited, the revealed flaws give green light to threat actors to perform malicious template injection on the server end. More specifically, the exploitation of the CVE-2022-22954 can lead […]

Read More
CVE-2022-26923
CVE-2022-26923 Detection: Active Directory Domain Privilege Escalation Vulnerability

Privilege exploitation attacks in Microsoft’s Windows Active Directory (AD) Domain environments are expanding their scope and growing in scale to target millions of devices. The Microsoft Security Response Center (MSRC) has recently updated information on security flaws that affect the company’s products and services, highlighting the newly discovered Active Directory Domain Services elevation of privilege […]

Read More