Vulnerabilities & Threats that Matter 07 – 13 November 2022

For a detailed threat digest, download the pdf file here

Summary

This week witnessed the discovery of 520 vulnerabilities out of which 21 gained the attention of security researchers worldwide. Among these 21, there were six zero-days and eight other vulnerabilities about which the NVD is still awaiting reanalysis while two were not present in the NVD at all. Hive Pro Threat Research Team has curated a list of 21 CVEs that require immediate action.

This week, we also witnessed attackers disseminate Azov ransomware, a wiper that damages 666 bytes at a stretch.

Further, we also observed a Threat Actor group being highly active in the last week. Earth Longzhi, a Chinese threat actor, popular for Information theft and espionage conducted spear-phishing operations aimed at East and Southeast Asia. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section.