Category: Reports

Threat Intel Roundup: QakBot, Ignition, RICHIESTA DI PAGAMENTO

Threat Intel Roundup: QakBot, Ignition, RICHIESTA DI PAGAMENTO

Week in Overview(28 Aug-5 Sep) Technical Summary Apache Ignition Unauthenticated Remote Code Execution Vulnerability CVE-2023-37895 Apache Jackrabbit RMI #RCE Exploitation of MinIO Storage System Vulnerabilities Phishing Campaign Targeting Italian Audience – RICHIESTA DI PAGAMENTO 04/09/2023 QakBot Takedown – Bot Connections to Active C2s Key Findings it is crucial for organizations and individuals to prioritize remediation

More
Threat Intel Roundup: XWiki, cl0p, HTML Smuggling

Threat Intel Roundup: XWiki, cl0p, HTML Smuggling

Week in Overview(21 Aug-28 Aug) Technical Summary XWiki Remote Code Execution (CVE-2023-35150) The XWiki vulnerability (CVE-2023-35150) involves improper input validation within the “Invitation Application.” Authenticated attackers can exploit this flaw by manipulating requests, leading to arbitrary code execution. XWiki’s scripting feature, used to create web applications, includes an “Invitation Application” facilitating email notifications for user

More
Threat Intel Roundup: Winrar, Discord, USDC Holdings

Threat Intel Roundup: Winrar, Discord, USDC Holdings

Week in Overview(14 Aug-21 Aug) Technical Summary WinRAR CVE-2023-40477 RCE CVE-2023-40477 is a Remote Code Execution (RCE) vulnerability in WinRAR, a popular Windows file archiver utility. This high-severity flaw is attributed to inadequate validation of user-supplied data in the processing of recovery volumes. Attackers exploit this vulnerability by crafting specially designed RAR archive files. When

More
Threat Intel Roundup: Exchange, LOCKBIT, TA558, GhostRAT

Threat Intel Roundup: Exchange, LOCKBIT, TA558, GhostRAT

Technical Summary Vulnerabilities in CODESYS V3 SDK Could Lead to OT Environments Being Exploited Using RCE & DoS Attacks: Multiple high-severity vulnerabilities have been identified within the CODESYS V3 software development kit (SDK), used to program programmable logic controllers (PLCs). These vulnerabilities affect versions prior to 3.5.19.0. Exploitation could result in remote code execution (RCE)

More