Threat Advisory

September 25, 2020

Rewterz Threat Advisory – Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities

Severity High Analysis Summary CVE-2020-3421, CVE-2020-3480 Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the […]
September 25, 2020

Rewterz Threat Alert – GADOLINIUM Using Cloud Services and Open Source Tools

Severity Medium Analysis Summary Recently, the threat actor GADOLINIUM started using cloud services and open source tools to enhance weaponization of their malware payload, in order […]
September 25, 2020

Rewterz Threat Alert – CVE-2020-1472 – Attackers Exploiting ‘ZeroLogon’ Windows Flaw – IoCs and PoC

Severity High Analysis Summary Microsoft reported that attackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the access to […]
September 25, 2020

Rewterz Threat Alert – MoDi RAT Spreading Via Email

Severity Medium Analysis Summary Researchers discovered a unique reflective loader attack. The email, possibly part of a malspam campaign, is delivered to the potential victim’s inbox […]
September 24, 2020

Rewterz Threat Advisory – Multiple vulnerabilities in IBM Security Secret Server

Severity Low Analysis Summary CVE-2020-4340 IBM Security Secret Server could allow a remote attacker to bypass security restrictions, caused by improper input validation.  CVE-2019-11358 jQuery, as […]
September 24, 2020

Rewterz Threat Alert – Mispadu Banking Trojan Resurfaces

Severity Medium Analysis Summary Recent spam campaigns leading to URSA/Mispadu banking trojan detected by researchers have been uncovered. Mispadu malware steals credentials from users’ systems. This […]
September 24, 2020

Rewterz Threat Advisory- Update: CVE-2020-1472 – NETLOGON Vulnerability Exploited in the Wild – IoCs

Severity High Analysis Summary A common and trending NETLOGON Vulnerability CVE-2020-1472 was reported earlier this month. When we explored this vulnerability, we came to conclusion that the attacker […]
September 24, 2020

Rewterz Threat Alert – New Ransomware Actor OldGremlin Hits Multiple Organizations

Severity High Analysis Summary A new ransomware group has been targeting large corporate networks using self-made backdoors and file-encrypting malware for the initial and final stages […]
September 23, 2020

Rewterz Threat Alert – APT41 Intrusion Activities – IoCs

Severity High Analysis Summary APT41 intrusion activities originating from China are being detected again. Earlier this year, APT41 launched a global intrusion campaign using multiple exploits. […]
September 23, 2020

Rewterz Threat Alert – APT28 Delivers Zebrocy Malware Campaign Using NATO Theme as Lure

Severity Medium Analysis Summary Researchers disseminated a Warning to its government customers about a new APT28 (aka Sofacy, Sednit, Fancy Bear, STRONTIUM, etc.) campaign targeting government bodies […]
September 23, 2020

Rewterz Threat Advisory – Security Updates for Mozilla Firefox

Severity High Analysis Summary CVE-2020-15674 Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the […]
September 22, 2020

Rewterz Threat Advisory – CVE-2020-3977 – VMware Horizon DaaS broken authentication vulnerability

Severity Medium Analysis Summary Horizon DaaS contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation […]
September 22, 2020

Rewterz Threat Advisory – CVE-2020-12811 – FortiManager and FortiAnalyzer cross-site scripting

Severity Medium Analysis Summary FortiManager and FortiAnalyzer are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability […]
September 22, 2020

Rewterz Threat Alert – Dridex Banking Trojan – IoCs

Severity Medium Analysis Summary This Dridex campaign spoofs FedEx. FedEx Corporation, short for Federal Express, is an American multinational delivery services company headquartered in Memphis, Tennessee. […]
September 22, 2020

Rewterz Threat Alert – Emotet Distribution in Password-Protected Zip-Files

Severity High Analysis Summary Emotet is a banking trojan usually distributed via email spam. The malicious word documents are now increasingly delivered within a password-protected zip-file. […]
September 21, 2020

Rewterz Threat Advisory – CVE-2020-16202 – Advantech WebAccess Node privilege escalation

Severity High Analysis Summary Advantech WebAccess Node could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect permissions set for […]
September 21, 2020

Rewterz Threat Advisory – CVE-2020-8247 – Citrix Application Delivery Controller privilege escalation

Severity High Analysis Summary Citrix Application Delivery Controller, Citrix Gateway and Citrix SD-WAN WANOP appliance models could allow a remote authenticated attacker to execute arbitrary commands […]
September 18, 2020

Rewterz Threat Alert – Phishing Emails Targeting Banks in Pakistan

Severity High Analysis Summary Our SOC analysts have discovered and analyzed a new phishing campaign targeting banks in Pakistan. These phishing emails successfully bypassed the email […]
September 18, 2020

Rewterz Threat Advisory – Fortinet FortiOS SSL VPN portal cross-site scripting Vulnerability

Severity Medium Analysis Summary Fortinet FortiOS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the SSL VPN portal. A remote authenticated […]
September 18, 2020

Rewterz Threat Advisory – Linux Kernel vgacon_scrolldelta information disclosure

Severity High Analysis Summary Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in vgacon_scrolldelta. By running a specially […]
September 17, 2020

Rewterz Threat Alert – Recent Wave of Sophisticated Malware Infecting Public Facing Websites

Severity High Analysis Summary Recently, different threat intelligence forums have been reporting a number of public facing Pakistani websites being infected with sophisticated malware. These sophisticated […]
September 17, 2020

Rewterz Threat Alert – Malware Leveraging XML-RPC Vulnerability to Exploit WordPress Sites

Severity Medium Analysis Summary XML-RPC on WordPress, which is enabled by default, is actually an API that provides third-party applications and services the ability to interact […]
September 17, 2020

Rewterz Threat Alert – WordPress Plugin Remote Code Execution Flaw Exploited in the Wild

Severity High Analysis Summary A Zero-Day Vulnerability is reported in File Manager Plugin for WordPress, a plugin with more than 700,000 active installations; out of which […]
September 17, 2020

Rewterz Threat Alert – Trickbot IOCs

Severity High Analysis Summary TrickBot is a banking Trojan which targets sensitive information and acts as a dropper for other malware. Trickbot is usually spread via […]

Talk with an Expert

Provide your details to speak with a security expert.
Request a meeting