Security Advisories

Security Advisories


VMware patches critical Cloud Foundation vulnerability, tracked as CVE-2021-39144 in XStream open source library.


A newly discovered fully undetectable PowerShell backdoor, created by threat actors uses a unique approach of disguising itself as part of a Windows update process.


Apple addressed the recent actively exploited zero-day vulnerability, tracked as CVE2022-42827, in iOS 16.1 and iPadOS 16 devices with improved bounds checking.


Zimbra has released updates to address a critical code execution vulnerability that is being actively exploited. The vulnerability, CVE-2022- 41352, affects the Amavis open-source content filter component of Zimbra Collaboration Suite versions 8.8.15 and 9.0.


Fortinet released updates for the exploited Authentication Bypass Vulnerability CVE-2022- 40684 giving details of mitigation guidance for vulnerable products.


A new Chinese-language command-and-control (C2) attack framework is being widely used in attacks targeting Windows, Linux and Mac machines. It is equipped with a new malware, named Insekt, having remote administration functionalities.


Microsoft announced disabling basic authentication access for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell to improve Exchange Online security.


Microsoft Exchange Server vulnerabilities updates on previously known zero-day remote code execution vulnerabilities identified as CVE-2022-41040 and CVE2022-41082.


Fortinet released patches for a critical authentication bypass vulnerability tracked as CVE-2022-40684 which allows threat actors to log into unpatched FortiGate devices.


A new phishing campaign by a state-sponsored group, tracked as ZINC, uses weaponized legitimate opensource software such as putty, with objectives focused on espionage, data theft, financial gain, and network destruction.


• Oktapus Phishing - a recent spike in Smishing

• New GoLang malware campaign, GO#WEBBFUSCATOR, decoys targets in viewing images that are loaded with a GoLang Malware.

• Microsoft Teams store Unencrypted Authentication Tokens

• Critical Zero-day Sophos Firewall Remote Code execution vulnerability, CVE-2022-3236, has been patched

• Malicious OAuth Applications


Essential Advisories Recap for September 2022


Attackers exploited a zero-day remote code execution (RCE) vulnerability in Sophos Firewall. Patch has been released for the same.


Vectra security team recently identified that Microsoft Teams stores authentication tokens in unencrypted plaintext mode, allowing attackers to potentially control communications within an organization.


Apple released security updates to address multiple vulnerabilities reported in its products.


A recent malware campaign, named GO#WEBBFUSCATOR, decoys targets in viewing historic James Webb space telescope deep field images that are loaded with a Golang malware.


A recent spike in Smishing – SMS phishing – shows attackers using text messages to steal remote access credentials and one-time passcodes from employees.


Essential Advisories Recap for August 2022


A new sophisticated post-compromise malware, MagicWeb, used by the previously known Russia-linked, NOBELIUM Advance Persistent Threat (APT) group, has been in use to maintain persistent access to compromised environments.


First discovered in September 2021 Android Banking Trojan, SOVA, has been observed now with new features.


Apple released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities that are being exploited by threat actors to compromise vulnerable devices.


A serious vulnerability in SIP application layer gateway (ALG), identified as CVE-2022- 27255, has been found in Realtek's Software Development Kit (SDK) that exposes the networking devices of many vendors to remote.


A new variant of previously known vulnerability, Dogwalk, is being actively exploited in wild. The CVE-2022-34713 vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) allows for remote code execution that leaves the target system compromised.


Globally, there have been almost 236 million ransomware attacks on organizations in the first half of 2022. CERT-In has also reported a 51% increase in the number of these attacks targeting Indian organizations in the same period as compared to the previous year.


Microsoft has warned of yet another phishing attack, where an attacker attempts to obtain a target user's session cookie to bypass the Multi Factor Authentication process.


Pakistan based advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021.


Microsoft released its monthly round of Patch updates to fix 84 new security vulnerabilities spanning multiple product categories, including a zero-day vulnerability that is actively being targeted.


State-sponsored actors are deploying a unique malware– which targets specific files and leaves no ransomware note in ongoing attacks.


A sophisticated, multistage remote access trojan (RAT) that’s been active since April 2020, is exploiting known vulnerabilities to target popular SOHO routers from Cisco Systems, Netgear, Asus and others.


Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers remote command execution and denial of service vulnerability. If you own these four small business cisco routers, it’s time to replace them.


Panchan, a new peer-to-peer botnet and SSH worm that emerged in March 2022 and has been actively breaching Linux servers since.


By using a modern language for its payload, this ransomware attempts to evade detection, especially by conventional security solutions that might still be catching up in their ability to analyze and parse binaries written in such language.


A new vulnerability have been disclosed in Zimbra Email suite that if exploited successfully could enable an unauthenticated attacker to steal cleartext passwords of user.


Threat Actor, Gallium, associated with attacks on telecom networks has been detected to use a new remote access trojan named PingPull.


DragonForce is a Malaysia based Threat Actor group, that is targeting Indian websites. The attacks vary from DDoS, Defacement and Data Leaks. The group claims the motives for the campaign are political.


Researchers discovered a new malware named, Symbiote, that infects Linux systems and is difficult to detect.


A critical zero-day vulnerability in Confluence Server and Data Center is being actively exploited in the wild. CVE2022-26134 allows for unauthenticated remote code execution on servers running all supported versions of Confluence Server and Confluence Data Center.


Zoom users are advised to update their clients to version 5.10.0 to patch a number of holes found by Google Project Zero security researchers. Zoom’s chat functionality could be exploited to allow zero-click remote code execution (RCE).


Microsoft has released information regarding a critical vulnerability, CVE2022-30190, in the Microsoft Support Diagnostic Tools (MSDT) in Windows. The exploitation would result in successful arbitrary code run with the privileges of the calling application.


XorDDoS depicts the trend of malware and targeting Linux based operating system, which are commonly deployed on cloud infrastructure and Internet of Things. XorDDoS was named after its denial-of service related activities on Linux endpoints and servers as well as its usage of XOR-based encryption for its communications.


VMware released patches for two vulnerabilities and the US CISA immediately issued an Emergency Directive telling organizations to patch devices as soon as possible. CISA expects active exploitation of these vulnerabilities in specific vulnerable VMware products.


Hackers have started to exploit a recently patched critical vulnerability, CVE-2022- 30525, affecting Zyxel firewall and VPN devices for businesses. Successful exploitation allows a remote attacker to inject arbitrary commands remotely without authentication, which can enable setting up a reverse shell.


Microsoft released a May 2022 Patch for 74 security vulnerabilities including three zero-day vulnerabilities, among which one was exploited in wild.


Hackers are abusing Gmail's SMTP relay services flaw, and are able to easily spoof legitimate brands to send out phishing and malware campaigns.


A critical bug in Cisco WLC software could allow remote attackers to bypass authentication controls and log in to the device through the management interface.


Attackers are exploiting a zero-day vulnerability, dubbed as Spring4Shell, in the Spring Core Java framework. Exploit code is publicly available for this remote code execution vulnerability. The bug can be fully weaponized and abused on a larger scale.

Download the Security Alert Brochure