Vulnerabilities & Threats that Matter 14 – 20 November 2022

For a detailed threat digest, download the pdf file here

Summary

This week witnessed the discovery of 504 vulnerabilities out of which 11 gained the attention of security researchers worldwide. Among these 11, one Zero-day and six vulnerabilities are in RESERVED status on the NVD. Hive Pro Threat Research Team advises organizations to patch this vulnerability as soon as possible.

This week, we also witnessed FRwL encrypt data with Somnia malware. KmsdBot exploits systems over an SSH connection with insecure login credentials. Batloader compromise via multi-stage infection chain. The BumbleBee leveraged Zerologon to escalate privileges. A noval variant of Typhon stealer. Venus Ransomware targets publicly exposed Remote Desktop services. RapperBot launches DDoS attacks on Game Servers.

Further, we also observed four Threat Actor groups being highly active in the last week. First Billbug, a Chinese threat actor, popular for Information theft and espionage targeted multiple government agencies across Asia. Second FRwL, Russian threat actors, popular for Financial crime targeted Ukraine with Somnia ransomware. Third Lazarus Group North Korean threat actors utilized DTrack Backdoor. Fourth Fox Kitten an Iranian threat actor leveraged Log4j to target the US federal. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section.