Please find the security advisory on Scattered Spider-Social Engineering Attack that uses BlackCat/ALPHV Ransomware. The approach obtains credentials by using phishing techniques and performs Pushbombing and Subscriber Identity Module (SIM) by installing remote access tools to bypass Multi-Factor Authentication (MFA).
VMware has released security advisories to tackle vulnerabilities CVE-2023-34048, CVE-2023-34056 affecting VMware vCenter Server and VMware Cloud Foundation.
Cisco disclosed a new high-severity zero-day vulnerability (CVE-2023- 20273) that is actively being exploited to deploy malicious implants on IOS XE devices.
Juniper has released out-ofcycle updates to multiple vulnerabilities in Junos OS. A remote attacker could chain these vulnerabilities to execute malicious code on vulnerable devices.
Barracuda, a company that provides network and email security solutions, has informed customers that some of its Email Security Gateways (ESGs) have been compromised by a zero-day vulnerability that has been patched.
OneNote is making an important change to how it treats embedded files that have dangerous extensions.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.
In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022- 37958). Microsoft has now reclassified the vulnerability as “Critical” severity after it was discovered that the vulnerability could allow attackers to remotely execute code.
A critical zero-day vulnerability was found in multiple versions of Fortinet’s FortiOS SSL-VPN. CVE-2022-42475 was given a 9.3 on the common vulnerability scoring system and has been exploited in the wild at least once.
Citrix has released security updates to address a critical vulnerability (CVE-2022-27518) in Citrix ADC and Citrix Gateway that is being actively exploited.
Android OEMs platform certifications and keys are getting heavily abused to obtain digital signatures on malicious applications to gain privilege access.
Billbug is a State-sponsored actor that has targeted Cert Authority and Government Agencies in multiple Asian countries. Campaign has been ongoing at least since March 2022.
Zimbra has released updates to address a critical code execution vulnerability that is being actively exploited. The vulnerability, CVE-2022- 41352, affects the Amavis open-source content filter component of Zimbra Collaboration Suite versions 8.8.15 and 9.0.
Fortinet released updates for the exploited Authentication Bypass Vulnerability CVE-2022- 40684 giving details of mitigation guidance for vulnerable products.
A new Chinese-language command-and-control (C2) attack framework is being widely used in attacks targeting Windows, Linux and Mac machines. It is equipped with a new malware, named Insekt, having remote administration functionalities.
Microsoft announced disabling basic authentication access for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell to improve Exchange Online security.
Microsoft Exchange Server vulnerabilities updates on previously known zero-day remote code execution vulnerabilities identified as CVE-2022-41040 and CVE2022-41082.
Fortinet released patches for a critical authentication bypass vulnerability tracked as CVE-2022-40684 which allows threat actors to log into unpatched FortiGate devices.
• Oktapus Phishing - a recent spike in Smishing
• New GoLang malware campaign, GO#WEBBFUSCATOR, decoys targets in viewing images that are loaded with a GoLang Malware.
• Microsoft Teams store Unencrypted Authentication Tokens
• Critical Zero-day Sophos Firewall Remote Code execution vulnerability, CVE-2022-3236, has been patched
• Malicious OAuth Applications
Attackers exploited a zero-day remote code execution (RCE) vulnerability in Sophos Firewall. Patch has been released for the same.
Vectra security team recently identified that Microsoft Teams stores authentication tokens in unencrypted plaintext mode, allowing attackers to potentially control communications within an organization.
A recent malware campaign, named GO#WEBBFUSCATOR, decoys targets in viewing historic James Webb space telescope deep field images that are loaded with a Golang malware.
A recent spike in Smishing – SMS phishing – shows attackers using text messages to steal remote access credentials and one-time passcodes from employees.
A new sophisticated post-compromise malware, MagicWeb, used by the previously known Russia-linked, NOBELIUM Advance Persistent Threat (APT) group, has been in use to maintain persistent access to compromised environments.
Apple released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities that are being exploited by threat actors to compromise vulnerable devices.
A serious vulnerability in SIP application layer gateway (ALG), identified as CVE-2022- 27255, has been found in Realtek's Software Development Kit (SDK) that exposes the networking devices of many vendors to remote.
A new variant of previously known vulnerability, Dogwalk, is being actively exploited in wild. The CVE-2022-34713 vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) allows for remote code execution that leaves the target system compromised.
Globally, there have been almost 236 million ransomware attacks on organizations in the first half of 2022. CERT-In has also reported a 51% increase in the number of these attacks targeting Indian organizations in the same period as compared to the previous year.