The Dangers of macOS Ransomware A Closer Look at KeRanger, FileCoder, MacRansom, and EvilQuest
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MacOS ransomware typically spreads through user-assisted methods such as downloading and running fake or trojanized applications. It can also arrive as a second-stage payload dropped or downloaded by other malware or …
Bluebottle Group Continues Attacks on Banks in Francophone Africa
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Bluebottle is a cybercrime group that has been targeting banks in French-speaking countries in Africa. The group uses a variety of tactics, including living off the land, dual-use tools, and commodity …
Blind Eagle Hackers resurfaced with a formidable infection chain
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Blind Eagle is a financially motivated threat group that has been targeting individuals in numerous South American countries since at least 2018. A novel infection chain involving a more complex toolkit …
Zoho Addresses SQL Injection Vulnerability in ManageEngine Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A security flaw affecting multiple ManageEngine products identified as CVE-2022-47523 is an SQL injection vulnerability found in the ZOHO’s Password Manager Pro Secure Vault, PAM360 Privileged Access Management Software, and Access …
Linux Malware Using SHC Compiler Installs CoinMiner and DDoS Bots
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new strain of Linux malware, developed using the Shc compiler, has been found to install a CoinMiner on infected systems. It is believed that this malware is being spread through …
Threat Actors Using WerFault.exe to Deploy Pupy RAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Pupy RAT malware is using a technique called DLL side-loading to disguise itself as the legitimate WerFault.exe process in order to evade detection. The malware is delivered via an ISO …
Several vulnerabilities are addressed by Fortinet across its product range
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet addressed security vulnerabilities across its products, most notably FortiADC, which has a high-severity command injection bug listed as CVE-2022-39947 due to incorrect input validation in the web GUI. A remotely …
A New Emerging CatB Ransomware Using DLL Hijacking to Evade Detection
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CatB is a ransomware that uses a technique called DLL hijacking to evade detection. It does this by injecting itself into the Microsoft Distributed Transaction Coordinator (MSDTC) service, a legitimate Windows …
Synology addresses the RCE vulnerability that affects VPN Plus servers
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Synology has addressed a flaw in VPN Plus Server that has the potential to take control affected systems. The vulnerability, identified as CVE-2022-43931, is an out-of-bounds write fault in Synology VPN …