Vulnerabilities & Threats that Matter 05 – 11 September

Threat Digests

Vulnerabilities & Threats that Matter 05 – 11 September

Published VulnerabilitiesInteresting VulnerabilitiesActive Threat GroupsTargeted CountriesTargeted IndustriesATT&CK TTPs
4534410521118

 

 

For a detailed threat digest, download the pdf file here

 

Summary

 

The first week of September 2022 witnessed the discovery of 453 vulnerabilities out of which four gained the attention of Threat Actors and security researchers worldwide. Among these four, there was one zero-day. Hive Pro Threat Research Team has curated a list of four CVEs that require immediate action.

This week also witnessed CodeRAT a remote access trojan that targeted Farsi-speaking software developers. In addition, the Dangerous Savanna has been targeting various financial service firms in Africa.

Further, we also observed four Threat Actor groups being highly active in the last week. First was Vice Society, a threat actor group popular for Financial gain, which was observed exploiting two PrintNightmare vulnerabilities to escalate privileges. The second was Worok, a threat actor group, popular for Information theft and espionage, which was spotted targeting governments and high-profile companies in Asia. Third was Lazarus Group a North Korean threat actor group popular for Information theft and espionage, which was observed compromising vulnerable VMware Horizon servers and deploying MagicRAT. The fourth was APT42 an Iranian threat actor group popular for Information theft and espionage, which was observed targeting individuals and organizations in at least 14 countries. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section.