Tag: Vulnerability

CVE-2022-1388 Detection: BIG-IP iControl REST Vulnerability
CVE-2022-1388 Detection: BIG-IP iControl REST Vulnerability

F5 Networks, a company that specializes in the development and distribution of software and hardware solutions, has released a Security Advisory on May 4, 2022, addressing a number of issues in their products. Shortly after, the BIG-IP family of products was hit with multiple exploitations in the wild following the publicly published proof-of-concept for a […]

Read More
Detect AvosLocker Ransomware: Abuses a Driver File to Disable Anti-Virus Protection, Scans for Log4Shell Vulnerability
Detect AvosLocker Ransomware: Abuses a Driver File to Disable Anti-Virus Protection, Scans for Log4Shell Vulnerability

Recent cybersecurity research has uncovered AvosLocker ransomware samples abusing the Avast Anti-Rootkit Driver file to disable anti-virus, which allows adversaries to evade detection and block defense. AvosLocker is known to represent a relatively novel ransomware family that appeared in the cyber threat arena to replace the infamous REvil, which was one of the most active […]

Read More
Novel BEATDROP and BOOMMIC Malware Families Used by APT29: Phishing Campaigns with HTML Smuggling Techniques, Long-Term Access for Espionage Purposes
Novel BEATDROP and BOOMMIC Malware Families Used by APT29: Phishing Campaigns with HTML Smuggling Techniques, Long-Term Access for Espionage Purposes

APT29 is a Russian state-sponsored espionage group also referred to by cybersecurity experts as Nobelium APT. The breadth of their attacks corresponds to Russia’s present geopolitical goals. Their latest attacks are characterized by utilizing BEATDROP and BEACON loaders to deploy BOOMMIC (VaporRage) malware. Security analysts report that the latest phishing campaigns were crafted to target […]

Read More
Metasploit Meterpreter Malware Detection: New Phishing Cyber-Attack on Ukrainian Government Entities Linked to UAC-0098 and TrickBot Groups
Metasploit Meterpreter Malware Detection: New Phishing Cyber-Attack on Ukrainian Government Entities Linked to UAC-0098 and TrickBot Groups

On April 28, 2022, CERT-UA published a heads-up notifying of the latest phishing cyber-attack on Ukrainian government entities using the Metasploit framework. The malicious activity can be attributed to the adversary behavior patterns of a group tracked as UAC-0098. Moreover, this most recent attack is believed to be traced to the activity of the TrickBot […]

Read More
CVE-2022-29799 and CVE-2022-29800 Detection: Novel Privilege Escalation Vulnerabilities in Linux OS Known as Nimbuspwn
CVE-2022-29799 and CVE-2022-29800 Detection: Novel Privilege Escalation Vulnerabilities in Linux OS Known as Nimbuspwn

On April 26, Microsoft 365 Defender Research Team discovered a couple of novel vulnerabilities collectively dubbed Nimbuspwn, enabling adversaries to escalate privileges on multiple Linux desktop environments. The newly detected Nimbuspwn flaws have been identified as CVE-2022-29799 and CVE-2022-29800. Once chained together, these flaws give hackers the green light to obtain root privileges, lead to […]

Read More
CVE-2022-29072 Detection: Flaw in 7-Zip Grants Hackers Excessive Permissions
CVE-2022-29072 Detection: Flaw in 7-Zip Grants Hackers Excessive Permissions

The 7-Zip file archiver versions of 21.07 have a serious security weak point. 7-Zip is one of the most in-demand tools to compress and package files with a wide array of supported formats including 7z, ZIP, GZIP, BZIP2, and TAR. The vulnerability tracked as CVE-2022-29072 grants adversaries elevated access and command execution when a file […]

Read More
Parrot Traffic Direction System (TDS) Attacks
Parrot Traffic Direction System (TDS) Attacks

A novel Traffic Direction System (TDS), dubbed Parrot TDS, takes advantage of a network of hacked servers that host websites to route victims that fit the required profile to domains used to run scamming schemes or distribute malware. According to the current data, the number of compromised websites has reached 16,500 and counting. Adversaries primarily […]

Read More
CVE-2022-22954 Detection: Critical Vulnerability Sets Grounds for RCE Attacks
CVE-2022-22954 Detection: Critical Vulnerability Sets Grounds for RCE Attacks

Last week, VMware released an advisory urging users to patch eight vulnerabilities of various severity levels. Unpatched bugs enable the compromise of the following VMware products: VMware Workspace ONE Access, Identity Manager (vIDM), vRealize Automation (vRA), Cloud Foundation, and Suite Lifecycle Manager. The easiest prey on the hit list with the CVSS score of 9.8 […]

Read More
Detect META Information Stealer
Detect META Information Stealer

A new info-stealer malware follows in the footsteps of Mars Stealer and BlackGuard. The malware is available for $125 per month or $1,000 for a lifetime subscription. On darknet markets, META Stealer is advertised as an upgrade of RedLine Stealer, which was first revealed in 2020. META Information Stealer Detection To protect your company infrastructure […]

Read More
Detect Borat Remote Access Malware
Detect Borat Remote Access Malware

A new tricky remote access tool dubbed Borat RAT was found by cybersecurity researchers. Just like the name suggests, it is a crazy mix of things that is hard to wrap your head around. Borat Trojan is a collection of malware modules coming with a builder and server certificate which includes more than 10 malicious […]

Read More