Category: Reports

Threat Intel Roundup: Gitlab, Juniper, MageCart, SystemBC

Week in Overview(5 Dec-12 Dec) – 2024 Technical Summary 🚨 Vulnerability of the Week Juniper Networks has addressed a critical pre-authentication remote code execution (RCE) vulnerability, identified as CVE-2024-21591, in Junos OS on SRX firewalls and EX switches. This vulnerability could allow an unauthenticated, network-based threat actor to execute a range of attacks, including denial-of-service

More
Threat Intel Roundup: Lazarus, Lumma, Superset, RocketMQ

Threat Intel Roundup: Lazarus, Lumma, Superset, RocketMQ

Week in Overview(5 Sep-12 Sep) Technical Summary Key Findings it is crucial for organizations and individuals to prioritize remediation and patching efforts to safeguard their systems and data. The following key findings highlight the importance of proactive measures to mitigate risks associated with various vulnerabilities and threats: 🚨 Vulnerability of the Week Apache Superset CVE-2023-39476

More
Threat Intel Roundup: QakBot, Ignition, RICHIESTA DI PAGAMENTO

Threat Intel Roundup: QakBot, Ignition, RICHIESTA DI PAGAMENTO

Week in Overview(28 Aug-5 Sep) Technical Summary Apache Ignition Unauthenticated Remote Code Execution Vulnerability CVE-2023-37895 Apache Jackrabbit RMI #RCE Exploitation of MinIO Storage System Vulnerabilities Phishing Campaign Targeting Italian Audience – RICHIESTA DI PAGAMENTO 04/09/2023 QakBot Takedown – Bot Connections to Active C2s Key Findings it is crucial for organizations and individuals to prioritize remediation

More
Threat Intel Roundup: XWiki, cl0p, HTML Smuggling

Threat Intel Roundup: XWiki, cl0p, HTML Smuggling

Week in Overview(21 Aug-28 Aug) Technical Summary XWiki Remote Code Execution (CVE-2023-35150) The XWiki vulnerability (CVE-2023-35150) involves improper input validation within the “Invitation Application.” Authenticated attackers can exploit this flaw by manipulating requests, leading to arbitrary code execution. XWiki’s scripting feature, used to create web applications, includes an “Invitation Application” facilitating email notifications for user

More