Tag: Vulnerability

CVE-2023-27524 Detection: New Vulnerability Exposes Thousands of Apache Superset Servers to RCE Attacks
CVE-2023-27524 Detection: New Vulnerability Exposes Thousands of Apache Superset Servers to RCE Attacks

The popular open-source data visualization and data exploration tool, Apache Superset, is claimed to be vulnerable to authentication bypass and remote code execution (RCE), enabling threat actors to gain administrator access to the targeted servers and further collect user credentials and compromise data. The discovered bug is an insecure default configuration flaw tracked as CVE-2023-27524, […]

Read More
Detect CVE-2023-28252 & CVE-2023-21554 Exploitation Attempts: Windows Zero-Day Actively Used in Ransomware Attacks and a Critical RCE Flaw
Detect CVE-2023-28252 & CVE-2023-21554 Exploitation Attempts: Windows Zero-Day Actively Used in Ransomware Attacks and a Critical RCE Flaw

With a growing number of zero-day flaws affecting widely used software products, proactive detection of vulnerability exploitation has been among the most prevalent security use cases since 2021.  Microsoft has recently issued a series of security updates relevant to critical flaws affecting its products, including a patch for a zero-day actively exploited in the wild […]

Read More
Detect CVE-2022-47986 Exploits: Critical Pre-Authenticated Remote Code Execution Vulnerability in IBM Aspera Faspex
Detect CVE-2022-47986 Exploits: Critical Pre-Authenticated Remote Code Execution Vulnerability in IBM Aspera Faspex

Stay alert! Adversaries set eyes on Aspena Faspex, an IBM file-exchange application frequently used by large enterprises to speed up file transfer procedures. Specifically, threat actors attempt to leverage a pre-authenticated remote code execution (RCE) vulnerability (CVE-2022-47986) affecting the app to proceed with ransomware attacks. At least two ransomware collectives were spotted exploiting CVE-2022-47986, including […]

Read More
Detect CVE-2023-23397 Exploits: Critical Elevation of Privilege Vulnerability in Microsoft Outlook Leveraged in the Wild to Target European Government and Military
Detect CVE-2023-23397 Exploits: Critical Elevation of Privilege Vulnerability in Microsoft Outlook Leveraged in the Wild to Target European Government and Military

Security heads-up for cyber defenders! Microsoft has recently fixed a critical elevation of privilege vulnerability (CVE-2023-23397) affecting Microsoft Outlook for Windows that allows adversaries to dump hash passwords from targeted instances. Notably, the flaw has been exploited in the wild as a zero-day since April 2022, being utilized in cyber-attacks against the government, military, and […]

Read More
BlackLotus UEFI Bootkit Detection: Exploits CVE-2022-21894 to Bypass UEFI Secure Boot and Disables OS Security Mechanisms
BlackLotus UEFI Bootkit Detection: Exploits CVE-2022-21894 to Bypass UEFI Secure Boot and Disables OS Security Mechanisms

An increasing number of Unified Extensible Firmware Interface (UEFI) security flaws uncovered in the last couple of years give the green light to offensive forces to exploit them. In 2022, the infamous in-the-wild MoonBounce malware caused a massive stir in the cyber threat arena distributed via the UEFI bootkit. Another malware of such kind, called […]

Read More
Mirai Variant V3G4 Detection: New Botnet Version Exploiting 13 Vulnerabilities to Target Linux Servers, IoT Devices
Mirai Variant V3G4 Detection: New Botnet Version Exploiting 13 Vulnerabilities to Target Linux Servers, IoT Devices

Threat actors are constantly enriching their offensive toolkits while experimenting with new sophisticated malware variants to expand the scope of attacks. Cyber defenders have observed a new Mirai botnet variant called V3G4 come into the spotlight in the cyber threat landscape. The novel malware variant has been leveraged in multiple adversary campaigns threatening targeted users […]

Read More
ProxyShellMiner Detection: Novel Crypto-Mining Attacks Abusing CVE-2021-34473 and CVE-2021-34523 ProxyShell Vulnerabilities in Windows Exchange Servers 
ProxyShellMiner Detection: Novel Crypto-Mining Attacks Abusing CVE-2021-34473 and CVE-2021-34523 ProxyShell Vulnerabilities in Windows Exchange Servers 

Stay alert! Threat actors once again set eyes on Microsoft Windows Exchange servers, attempting to compromise them by exploiting infamous ProxyShell vulnerabilities. Cybersecurity researchers have observed a new evasive malicious campaign dubbed “ProxyShellMiner” that exploits two Microsoft Exchange ProxyShell flaws tracked as CVE-2021-34473 and CVE-2021-34523 to deliver cryptocurrency miners.  Detect ProxyShellMiner Attacks Exploiting Microsoft Exchange […]

Read More
CVE-2023-24055 Detection: Notorious Vulnerability in KeePass Potentially Exposing Cleartext Passwords
CVE-2023-24055 Detection: Notorious Vulnerability in KeePass Potentially Exposing Cleartext Passwords

Stay alert! Security researchers have discovered a notorious vulnerability posing a serious threat to users of a popular password manager KeePass. A security flaw, tracked as CVE-2023-24055, might affect KeePass version 2.5x, potentially allowing attackers to obtain stored passwords in cleartext.  CVE-2023-24055 Detection With proof-of-concept (PoC) exploit available, and in view that KeePass is one […]

Read More
Detect CVE-2022-47966 Exploits: Critical Zoho ManageEngine RCE Vulnerability Under Active Exploitation
Detect CVE-2022-47966 Exploits: Critical Zoho ManageEngine RCE Vulnerability Under Active Exploitation

Another day, another critical RCE making rounds in the cyberthreat arena. This time security practitioners are urged to patch ASAP against a critical remote code execution bug (CVE-2022-47966) affecting multiple Zoho ManageEngine products. Since the proof of concept (PoC) exploit was publicly released last week, experts have observed a huge spike of in-the-wild attacks leveraging […]

Read More
CVE-2022-42475 Detection: Zero-Day Vulnerability in FortiOS SSL-VPN Exploited in Attacks Against Government Entities and Large Organizations
CVE-2022-42475 Detection: Zero-Day Vulnerability in FortiOS SSL-VPN Exploited in Attacks Against Government Entities and Large Organizations

Stay alert! Security researchers are warning the global cyber defender community of a zero-day vulnerability in FortiOS SSL-VPN, which was patched in December 2022. The security flaw tracked as CVE-2022-42475 and resulting in unauthenticated remote code execution (RCE) has been exploited in targeted attacks against government agencies and large organizations across the globe.  Detect CVE-2022-42475: […]

Read More