Threat Advisory

March 6, 2023

Rewterz Threat Advisory – CVE-2023-27290 – IBM Observability with Instana missing Vulnerability

Severity High Analysis Summary CVE-2023-27290 Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently […]
March 5, 2023

Rewterz Threat Alert – SmokeLoader Malware – Active IOCs

Severity Medium Analysis Summary Smoke Loader – a malicious bot application – can be used to load additional malware. Smoke Loader has been spotted in the […]
March 5, 2023

Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs

Severity Medium Analysis Summary Cobalt Strike first appeared in 2012 in response to alleged flaws in the Metasploit Framework, an existing red team (penetration testing) tool. […]
March 5, 2023

Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs

Severity High Analysis Summary The STOP/DJVU ransomware initially made headlines in 2018 and has since been attacking individuals all around the world. It’s widespread on torrent […]
March 3, 2023

Rewterz Threat Advisory – ICS: Mitsubishi Electric Products Vulnerability

Severity High Analysis Summary CVE-2023-0457 Mitsubishi Electric products could allow a remote attacker to obtain sensitive information, caused by plaintext storage of a password. By sniffing […]
March 3, 2023

Rewterz Threat Alert – Cloud Atlas APT Threat Actors aka Inception – Active IOCs

Severity High Analysis Summary Cloud Atlas is a sophisticated Advanced Persistent Threat (APT) group that has been active since at least 2014. Also known as “Inception”, […]
March 3, 2023

Rewterz Threat Alert – APT-C-35 aka Donot Team – Active IOCs

Severity High Analysis Summary APT-C-35 (also known as “Donot APT Group”) is a cyber espionage group that has been active since at least 2013. The group […]
March 3, 2023

Rewterz Threat Advisory – Multiple IBM Products Vulnerabilities

Severity Medium Analysis Summary CVE-2023-24975 CVSS:5.4 IBM Spectrum Symphony is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This […]
March 3, 2023

Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities

Severity Medium Analysis Summary CVE-2023-20088 CVSS:5.3 Cisco Finesse Reverse Proxy VPN-less is vulnerable to a denial of service, caused by improper IP address filtering by the […]
March 3, 2023

Rewterz Threat Advisory – Multiple GitLab Community and Enterprise Edition Vulnerabilities

Severity Medium Analysis Summary CVE-2023-1084 CVSS:2.7 GitLab Community and Enterprise Edition could allow a remote authenticated attacker to gain elevated privileges on the system, caused by […]
March 3, 2023

Rewterz Threat Alert – Mekotio Banking Trojan aka Melcoz – Active IOCs

Severity Medium Analysis Summary Mekotio is a banking trojan that targets users in Latin America and Europe. It is primarily distributed via phishing emails and infected […]
March 3, 2023

Rewterz Threat Advisory – CVE-2023-1118 – Linux Kernel Vulnerability

Severity Medium Analysis Summary CVE-2023-1118 Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in drivers/media/rc/ene_ir.c. By sending a specially-crafted request, […]
March 3, 2023

Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs

Severity High Analysis Summary The STOP/DJVU ransomware initially made headlines in 2018 and has since been attacking individuals all around the world. It’s widespread on torrent […]
March 3, 2023

Rewterz Threat Advisory – Multiple Sophos Connect Vulnerabilities

Severity Medium Analysis Summary CVE-2022-4901 CVSS:3.3 Sophos Connect is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. By persuading a victim to load […]
March 2, 2023

Rewterz Threat Advisory – Multiple Sophos Connect Vulnerabilities

Severity Medium Analysis Summary CVE-2022-4901 CVSS:3.3 Sophos Connect is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. By persuading a victim to load […]
March 2, 2023

Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs

Severity Medium Analysis Summary Since 2019, Guloader has been in operation as a downloader. GuLoader spreads through spam campaigns with malicious archived attachments. GuLoader downloads the […]
March 2, 2023

Rewterz Threat Advisory –ICS: Multiple Hitachi Products Vulnerability

Severity Medium Analysis Summary CVE-2020-36652 Multiple Hitachi products could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect default permissions vulnerability. By […]
March 2, 2023

Rewterz Threat Advisory –ICS: Multiple Hitachi Products Vulnerabilities

Severity Medium Analysis Summary CVE-2022-4895 CVSS:8.6 Multiple Hitachi products are vulnerable to a man-in-the-middle attack, caused by improper certificate validation vulnerability. An attacker could exploit this […]
March 2, 2023

Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities

Severity Medium Analysis Summary CVE-2023-1079 CVSS:4.6 Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw flaw in the asus_kbd_backlight_set function. By […]
March 2, 2023

Rewterz Threat Alert – APT-C-35 aka Donot APT Group – Active IOCs

Severity High Analysis Summary APT-C-35 (also known as “Donot APT Group”) is a cyber espionage group that has been active since at least 2013. The group […]
March 2, 2023

Rewterz Threat Advisory – Dell PowerScale nodes and OneFS Vulnerabilities

Severity Medium Analysis Summary CVE-2023-23689 CVSS:5.3 Dell PowerScale nodes is vulnerable to a denial of service, caused by an uncontrolled resource consumption vulnerability. By sending a […]
March 2, 2023

Rewterz Threat Advisory – Multiple Cisco Unified Intelligence Center Vulnerabilities

Severity Medium Analysis Summary CVE-2023-20062 CVSS:5 Cisco Unified Intelligence Center is vulnerable to server-side request forgery, caused by improper input validation for specific HTTP requests. By […]
March 2, 2023

Rewterz Threat Advisory – Cisco IP Phone 6800, 7800, and 8800 Series Vulnerabilities

Severity High Analysis Summary CVE-2023-20078 CVSS:9.8 Cisco IP Phone 6800, 7800, and 8800 Series could allow a remote attacker to execute arbitrary commands on the system, […]
March 1, 2023

Rewterz Threat Alert – China’s Threat Actor Group BlackFly Targets Materials Sector – Active IOCs

Severity Medium Analysis Summary The Blackfly espionage group, also known as APT41, Winnti Group, or Bronze Atlas, is a sophisticated threat actor group that has been […]

Talk with an Expert

Provide your details to speak with a security expert.
Request a meeting