Linux malware leverages plugin exploits to backdoor WordPress sites
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary WordPress sites are being exploited by an unidentified strain of Linux malware that exploits flaws in plugins and compromises the sites by injecting malicious JavaScripts that are run sequentially until one …
Malware Distribution via Google PPC by IcedID Botnet Distributors
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The IcedID botnet has been using Google pay-per-click ads to distribute itself through malvertising attacks since December 2022. Malvertising involves the use of malicious ads that are displayed in search results …
WordPress plugin has been exploited in the wild to mount backdoors
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Malicious actors are actively exploiting a critical vulnerability in the YITH WooCommerce Gift Cards Premium WordPress plugin in order to plant backdoors on e-Commerce sites. The security flaw (CVE-2022-45359) exists due …
Trading platforms are in jeopardy due to ArkeiStealer
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Threat actors are currently disseminating ArkeiStealer via Windows Installer binaries disguised as trading applications. The trading application has been backdoored with the SmokeLoader downloader, which also includes an information stealer. …
New Ransomware Variants Created Using Leaked Conti Source Code
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The leaked source code of the Conti ransomware has been used to create new strains of the ransomware. These new strains include Putin Team, ScareCrow, BlueSky, and Meow ransomware are being …
The Linux kernel has several security flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The Linux kernel is vulnerable to a vulnerability that allows remote attackers to execute arbitrary code on affected installations. This vulnerability can be exploited without authentication, but only on systems that …
Bluenoroff Bypasses MoTW to Target Japanese Organizations
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Bluenoroff is known for targeting financial institutions and government organizations and has been active since at least 2014. From September onwards Bluenoroff threat actors added a new feature, that bypasses the …
SideCopy APT Launches Phishing Campaign Against Indian Government
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The new malicious activity of the SideCopy threat actors is the attack campaign STEPPY#KAVACH, which was notably active in 2021 and was originally related to Pakistan. The most recent malicious attack …