Security Advisories

Security Advisories

10/04/2021

There are multiple vulnerabilities including unauthenticated RCE and EoP dubbed as OMIGOD in Microsoft's OMI agent. These vulnerabilities affect many Azure customers as this agent is a requirement for several Azure services including Azure Log Analytics, Azure Security Center, Azure Operations Management Suite. The vulnerabilities affect any OMI installation and are not limited to Azure.

10/04/2021

Drinik Malicious Android app masquerades as an Income Tax Department app and after installation, the app asks the user to give necessary permissions like SMS, Call Log, Contacts, etc. The Application steals user information like PAN, Aadhaar number, address, date of birth, mobile number, email address and financial details like account number, IFS code, CIF number, debit card number, expiry date, CVV and PIN.

9/07/2021

Hive Ransomware first appeared in June 2021. Hive Ransomware relies on a diverse set of tactics, techniques, and procedures (TTP) which make it difficult for any organization to defend against its attacks.

9/07/2021

In view of ProxyShell attacks, Microsoft has recently released an update advising customers to update patches on Exchange servers to prevent such attacks.

8/27/2021

LockFile ransomware targets organizations using Microsoft Exchange ProxyShell vulnerabilities and Windows PetitPotam NTLM Relay vulnerability.

8/12/2021

LockBit ransomware attacked an IT consulting company, Accenture. Ransomware operators stole company data and have threatened to publish on the Dark web.

8/11/2021

Multiple vulnerabilities have been discovered in Google Chrome which can be exploited by remote attacker to compromise the targeted system.

7/26/2021

Threat actors are deploying the Mespinoza/ PYSA ransomware by accessing a system via remote desktop to copy and execute the ransomware on other systems on the network. Before deploying the ransomware to other systems, the attacker runs PowerShell scripts on the other systems on the network to exfiltrate files of interest and to maximize the impact of the ransomware.

7/26/2021

Linux ELF-64 versions of the HelloKitty ransomware targeted VMware ESXi servers and virtual machines (VMs) running on them.

7/08/2021

Microsoft released patches for 55 CVEs in Microsoft Windows, .NET Core and Visual Studio, Internet Explorer (IE), Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server on May Patch Tuesday. Of these 55 bugs, four are rated as Critical in severity. The four critical CVEs to which attention should be paid are all remote code execution (RCE) vulnerabilities that could enable malicious actors to gain persistence on victim networks. These are CVE2021-26419, CVE-2021-31166, CVE-2021-31194, and CVE-2021- 28476

7/08/2021

Microsoft has released an emergency out-of-band security update to address the critical zero-day vulnerability - known as "PrintNightmare", affecting the Windows Print Spooler service, which can permit remote threat actors to run arbitrary code and take over vulnerable systems. The PrintNightmare bug acknowledged by Microsoft post release of PoC exploits by several security researchers last week was tracked under CVE 2021-34527.

7/07/2021

Security researchers at Eclypsium have discovered a series of four, high-severity vulnerabilities that can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices. The bugs affect 129 models of laptops, tablet and desktops, including enterprise and consumer devices, that are protected by Secure Boot, a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers.

7/07/2021

New windows malware Pingback uses Internet Control Message Protocol (ICMP) for its command-and-control activities to evade detection and DLL hijacking technique to achieve persistence in Operating system.

7/07/2021

Attackers have been targeting a remote command execution vulnerability (CVE-2021-25296) in Nagios XI software to deploy cryptominer.

7/07/2021

Threat actors behind the SolarMarker/Jupyter malware have started using PDF documents filled with search engine optimization (SEO) keywords to boost their visibility on search engines in order to lead potential victims to malware on a malicious site that poses as Google Drive. SolarMarker is a backdoor malware that pretends to be a legit PDFescape installer which steals data and credentials from browsers once installed.

7/07/2021

Sextortion scam emails mislead victims into thinking that the attacker owns a recording of victim’s screen and camera and that recording contains images or videos of the victim in sexually explicit situations. The attackers use this claim of a recording to blackmail the victim into paying the attacker. The attacker threatens to publicly disclose the recording.

7/07/2021

The vulnerability was patched in October 2020 as part of a security advisory released by Cisco to address multiple cross-site scripting (XSS) vulnerabilities in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software web services. For the CVE-2020-3580, the initial patch was incomplete and a further fix was released in April 2021. On 24th June 2021, researchers published via twitter, a PoC exploit for the Cisco ASA vulnerability identified as CVE-2020-3580.

7/07/2021

Attackers are targeting Zyxel security appliances with remote management or SSL VPN enabled in the USG/ZyWALL, USG FLEX, ATP, and VPN series. The threat actor attempts to access a device through WAN.

7/07/2021

Microsoft released an update for a print spooler vulnerability as part of June Patch Tuesday tracking it under CVE-2021- 1675. On June 29, 2021, PoC exploit for another critical remote code execution (RCE) vulnerability in print spooler had been posted by security researchers. US CERT has raised an alert for this bug that has been named PrintNightmare.

7/07/2021

Fortinet has recently addressed a high-severity vulnerability (CVE-2021-22123) affecting its FortiWeb web application firewall (WAF), a remote, authenticated attacker can exploit it to execute arbitrary commands via the SAML server

7/07/2021

REvil ransomware gang has targeted several Managed Service Providers (MSPs) that are using the remote monitoring and management solution, Kaseya VSA via a supply chain attack. The attackers are exploiting a vulnerability present in Kaseya VSA and delivering payload by manipulating the patch distribution process.

7/06/2021

Cisco fixes multiple critical flaws in SD-WAN vManage and HyperFlex HX software. If not patched, these vulnerabilities in Cisco networking device could allow unauthenticated attacker to perform command injection attacks, execute arbitrary code, gain access to sensitive information, escalate privileges, send unauthorized messages ,create new administrative level user accounts, executing commands as root user on affected systems.

4/19/2021

Android fake application is capable of spreading itself via WhatsApp messages. If the user downloads the fake application and grants appropriate permissions, the malware is capable of automatically replying to victim’s incoming WhatsApp messages with a payload.

4/15/2021

Microsoft released patches to fix critical and high Remote Code Execution vulnerabilities, CVE2021-28480, CVE-2021-28481 CVE-2021-28482 & CVE-2021- 28483 in Microsoft Exchange Server.

3/08/2021

Pop-ups are generated by websites to offer users additional information or guidance, such as how to fill in a form or how to apply a discount code. However, some can be unwanted or even harmful - these are usually fake pop-ups.

3/04/2021

The actively exploited vulnerability tracked as (CVE-2021-21972) allows attacker to upload files and execute commands without any authorized privileges.

2/18/2021

Adobe patches multiple critical and important vulnerabilities including zero day CVE-2021-21017 for Adobe Acrobat and Reader for Windows and macOS. Successful exploitation could lead to arbitrary code execution in the context of the current user.

2/15/2021

Microsoft has fixed two critical remote-code execution flaws in the TCP/IP implementation in Windows that could be exploited by network-based attackers to either gain control of a target system or cause a denial-of-service

2/11/2021

One of the patched and actively exploited zero-day, tracked as 'CVE-2021-1732 - Windows Win32k Elevation of Privilege Vulnerability' allows an attacker or malicious program to elevate their privileges to administrative privileges.

11/03/2020

Google Drive has become a new lure for scammers to phish unaware victims. A flaw in Google Drive is being exploited to send out seemingly legitimate emails and push notifications from Google that, if opened, redirects to malicious websites.

11/03/2020

According to Oracle, the attack is “low” in complexity, requires no privileges and no user interaction and can be exploited by attackers with network access via HTTP.

10/23/2020

Microsoft recently published a security patch addressing a remote code execution vulnerability in the IPv6 stack, known as CVE-2020- 16898 or "Bad Neighbor". The issue is caused by an improper handling of Router Advertisement messages, which are part of the Neighbor Discovery protocol.

10/20/2020

Nearly 800,000 VPNs around the world need urgent patching after vendor (Dell SonicWall) issued a security update for a critical flaw last week.

10/15/2020

Kraken Attack operators injects malicious payload into legitimate Microsoft Windows Error Reporting (WER) Service to evade detection.

9/29/2020

A new malware family called Mozi, using several known malware families code– Gafgyt, Mirai and IoT Reaper have been brought together to form a peer-to-peer (P2P) botnet capable of DDoS attacks, data exfiltration and command or payload execution. 

9/21/2020

Hackers are launching brute-force attacks on MSSQL servers to install a new crypto-mining malware MrbMiner.

9/20/2020

The vulnerability, dubbed as “Zerologon,” is a critical severity, privilege-escalation vulnerability (CVE-2020-1472) assigned a CVSS score of 10 out of 10. The flaw was addressed in Microsoft’s August 2020 security updates.

9/14/2020

Visa detected an advanced and unique E-skimming JavaScript based malware kit that is able to steal payment card data from ecommerce sites and uses anti-detection techniques to hide from security scanners.

9/09/2020

Cryptojacking worm Cetus infects unsecured Docker daemons with XMRig cryptominer payload to mine monero.

9/01/2020

FitzFrog botnet written in GOlang is using secure and encrypted Peer-to-Peer communication protocol to distribute malware and take control of device nodes. Encrypted communication makes the botnet difficult to detect and enables it to propagate across multiple infected SSH servers.

8/11/2020

A high severity vulnerability, CVE 2020-13699, in TeamViewer could allow for offline password cracking when visiting malicious website.

7/31/2020

The new “BootHole” vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack.

7/30/2020

The stealthier and most sophisticated modular variant of Valak malware appears to be an emerging threat due to an increased volume of campaign activity to steal sensitive information and deploy additional malware.

7/20/2020

TrickBot, initially developed as banking malware is now constantly evolving and aggregates powerful techniques to attack variety of organizations. TrickBot is often used with other malware in multistage attacks.

7/20/2020

Fraudsters are sending Fake MUDRA Loan Approval Letters asking people to pay loan processing fees via Whatsapp, SMS, email for loan payment.

7/20/2020

Microsoft has just released emergency security patches for two critical security holes in the Windows Codecs Library.

7/20/2020

A variant of the CryptoMix, Clop ransomware is spreading via executables with legitimate digital signatures and is targeting entire networks instead of individual users.

7/20/2020

The Evil Corp group targets victims with WastedLocker Ransomware; uses multiple unknown distribution methods including SocGholish. SocGholish is a fake update framework, which is delivered to the victim in a zipped file via compromised websites.


Download the Security Alert Brochure