Threat Advisory

June 21, 2021

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

Severity Medium Analysis Summary A new Agent Tesla campaign is seen targeting victims with malspam. AgentTesla is known for stealing data from different applications on victim […]
June 21, 2021

Rewterz Threat Alert – Nanocore Rat – Active IOCs

Severity Medium Analysis Summary The NanoCore remote access Trojan (RAT) was first discovered in 2013 when it was being sold in underground forums. The malware has […]
June 21, 2021

Rewterz Threat Alert – DarkSide Ransomware Targets Energy and Food Sectors – Active IOCs

Severity High Analysis Summary We’ve recently observed the emergence of a new ransomware operation named DarkSide threat actor, once again thrusting the group’s name into the […]
June 21, 2021

Rewterz Threat Alert – New Molerats Malware Targets Governments in the Middle East – Active IOCs

Severity Medium Analysis Summary A malware called LastConn distributed by TA402, a threat actor also known as Molerats. The malware targeted government institutions in the Middle East and global government […]
June 21, 2021

Rewterz Threat Advisory – CVE-2021- 21552 – Dell Wyse Windows Embedded System Security Update for an Improper Authorization Vulnerability

Severity Medium Analysis Summary CVE-2021- 21552 Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. An authenticated malicious user […]
June 21, 2021

Rewterz Threat Alert – Ferocious Kitten APT Group Targeting Iran – Active IOCs

Severity High Analysis Summary Ferocious Kitten is an APT group that has been active since at least 2015 and has been targeting Persian-speaking individuals who appear […]
June 21, 2021

Rewterz Threat Alert – Lokibot Malware – Active IOCs

Severity Medium Analysis Summary Loki Bot is a commodity malware sold on underground sites which are designed to steal private data from infected machines, and then […]
June 21, 2021

Rewterz Threat Alert – DanaBot Trojan – Active IOCs

Severity High Analysis Summary New fourth version of the DanaBot banking trojan has surfaced after months of inactivity. This most recent variant comes packed mostly with […]
June 21, 2021

Rewterz Threat Advisory – CVE-2021-21997 – VMware Tools for Windows

Severity Low Analysis Summary CVE-2021-21997 VMware Tools for Windows is vulnerable to a denial of service, caused by a flaw in the VM3DMP driver. By sending […]
June 18, 2021

Rewterz Threat Alert – SmokeLoader Malware – Active IOCs

Severity Medium Analysis Summary Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious […]
June 18, 2021

Rewterz Threat Advisory – CVE-2020-36282 – IBM QRadar SIEM Vulnerability

Severity Medium Analysis Summary CVE-2020-36282 JMS Client for RabbitMQ could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization […]
June 18, 2021

Rewterz Threat Advisory –Black Kingdom Ransomware – Active IOCs

Severity Medium Analysis Summary Black Kingdom ransomware has been recently observed exploiting a Microsoft Exchange vulnerability. The complexity and sophistication of the Black Kingdom family cannot […]
June 18, 2021

Rewterz Threat Advisory –Multiple Google Chrome Vulnerabilities

Severity High Analysis Summary CVE-2021-30554 Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebGL. By […]
June 18, 2021

Rewterz Threat Advisory – CVE-2021-26089 – Fortinet FortiClient Zero-Day Vulnerability

Severity High Analysis Summary CVE-2021-26089 This vulnerability allows attackers to escalate privileges on affected installations of Fortinet FortiClient on Apple macOS. An attacker must first obtain […]
June 18, 2021

Rewterz Threat Advisory – CVE-2020-11978 – Apache Airflow Command Injection

Severity Medium Analysis Summary CVE-2020-11978 A command injection vulnerability exists in Apache Airflow. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary […]
June 18, 2021

Rewterz Threat Advisory – ICS: Siemens JT2Go Vulnerability

Severity High Analysis Summary CVE-2021-27390 This Zero-Day vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to […]
June 18, 2021

Rewterz Threat Advisory – ICS: Advantech WebAccess/SCADA

Severity High Analysis Summary CVE-2021-32956 The affected product is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result […]
June 18, 2021

Rewterz Threat Advisory – ICS: Schneider Electric Enerlin’X Com’X 510

Severity High Analysis Summary CVE-2021-22769 This vulnerability may allow disclosure of device configuration information to any authenticated user when a specially crafted request is sent to […]
June 18, 2021

Rewterz Threat Alert – Nanocore Rat – Active IOCs

Severity Medium Analysis Summary The NanoCore remote access Trojan (RAT) was first discovered in 2013 when it was being sold in underground forums. The malware has […]
June 18, 2021

Rewterz Threat Advisory – Microsoft 3D Viewer Zero-Day Vulnerability

Severity Medium Analysis Summary This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Viewer. User interaction is required to exploit […]
June 18, 2021

Rewterz Threat Advisory – CVE-2021-31521 – Trend Micro InterScan Web Security Virtual Appliance Vulnerability

Severity Medium Analysis Summary CVE-2021-31521 Trend Micro InterScan Web Security Virtual Appliance is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the […]
June 18, 2021

Rewterz Threat Alert – Lokibot Malware – Active IOCs

Severity Medium Analysis Summary LokiBot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit […]
June 17, 2021

Rewterz Threat Alert – Gootloader – Active IOCs

Severity High Analysis Summary Gootloader, the multi-payload malware platform, is actively targeting entities in the US, Germany, and South Korea. The infection chain begins with social […]
June 17, 2021

Rewterz Threat Alert – Darkside Ransomware – Active IOCs

Severity High Analysis Summary The Darkside ransomware group announced their RaaS (Ransomware-as-a-Service) in August of 2020 via a “press release. DarkSide states that they only target […]

Talk with an Expert

Provide your details to speak with a security expert.
Request a meeting