Vulnerabilities & Threats that Matter 25 – 31st July

For a detailed threat digest, download the pdf file here

Summary

The Last week of July 2022 witnessed the discovery of 462 vulnerabilities out of which 7 gained the attention of Threat Actors and security researchers worldwide. Among these 7, 2 of them were zero-days, there was 1 vulnerability that is awaiting analysis on the National Vulnerability Database (NVD). Hive Pro Threat Research Team has curated a list of 7 CVEs that require immediate action.

Further, we also observed 4 Threat Actor groups being highly active in the last week. APT29, a Russian threat actor group popular for Information theft and espionage was seen launching phishing campaigns to launch malware via cloud storage services, EvilNum an unknown threat actor group popular for Information theft and espionage was seen targeting Decentralized Finance (DeFi) sector, APT37 a North Korean threat actor group popular for Information theft and espionage was seen launching attack campaigns using Konni RAT and KNOTWEED an Austrian threat actor group popular for financial crime and gain, was observed exploiting 0-day vulnerabilities of Windows and Adobe to perform targeted attacks against European and Central American customers. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section.