Threat Advisory
January 22, 2021
Severity High Analysis Summary CVE-2020-17532 Apache ServiceComb could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when […]
January 22, 2021
Severity Medium Analysis Summary Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then […]
January 22, 2021
Severity Medium Analysis Summary CVE-2021-20586 These robot controllers may allow an attacker to cause a denial-of-service of the execution of the robot program and the Ethernet […]
January 22, 2021
Severity Medium Analysis Summary CVE-2020-27288 An untrusted pointer dereference has been identified in the way the application processes project files, allowing an attacker to craft a […]
January 21, 2021
Severity Medium Analysis Summary Classic Phish Password Expiration is common way to get people to click through, it is recommended to always check the sender. This […]
January 21, 2021
Severity High Analysis Summary Emotet has recently found in increased cyber activities after a short period of dormancy. Fresher IoCs are being retrieved everyday. Emotet is […]
January 21, 2021
Severity Medium Analysis Summary CVE-2021-1301 Cisco SD-WAN is vulnerable to a denial of service, caused by insufficient input validation of user-supplied input that is read by […]
January 21, 2021
Severity High Analysis Summary CVE-2021-1272 Cisco Data Center Network Manager (DCNM) is vulnerable to server-side request forgery, caused by improper validation of parameters in a specific […]
January 20, 2021
Severity High Analysis Summary CVE-2021-0221 In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic […]
January 20, 2021
Severity Medium Analysis Summary CVE-2020-35929 Kaspersky TinyCheck could allow a remote attacker to obtain sensitive information, caused by the use of hard-coded credentials to the backend […]
January 20, 2021
Severity High Analysis Summary PatchWork, (also known as Mahabusa, White Elephant, hangOver, VICEROY TIGER, The Dropping Elephant) is an APT that mainly conducts cyber espionage activities […]
January 19, 2021
Severity High Analysis Summary Fresh IoCs have been retrieved from a campaign distributing the GandCrab ransomware. GandCrab campaigns typically involve emails designed to deceive a potential […]
January 19, 2021
Severity High Analysis Summary CVE-2020-28391 Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use […]
January 19, 2021
Severity Medium Analysis Summary Windows utility developer IObit was recently hacked to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members. […]
January 19, 2021
Severity Medium Analysis Summary CVE-2020-11997 Apache Guacamole could allow a remote authenticated attacker to obtain sensitive information, caused by inconsistent restriction of connection history. By sending […]
January 19, 2021
Severity High Analysis Summary CVE-2020-27873 Multiple NETGEAR Routers could allow a remote attacker to obtain sensitive information, caused by improper access control by the SOAP API […]
January 18, 2021
Severity High Analysis Summary The APT group known as StrongPity is back with a new campaign targeting users in different regions. The group has previously targeted […]
January 18, 2021
Severity High Analysis Summary CVE-2021-24122 Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when serving resources from a network […]
January 18, 2021
Severity High Analysis Summary TrickBot is a banking Trojan which targets sensitive information and acts as a dropper for other malware. Trickbot is usually spread via […]
January 15, 2021
Severity High Analysis Summary FormBook is an information-stealer malware that has been active since 2016. The info-stealer malware’s capabilities include stealing credentials, capturing screenshots of victim’s […]
January 15, 2021
Severity Medium Analysis Summary A new phishing campaign is detected in the wild that was spreading a fresh variant of the Ursnif Trojan via an attached […]
January 15, 2021
Severity High Analysis Summary A new malicious campaign is discovered targeting verticals in the governmental monetary and financial sectors in Asia. This campaign poses as a […]
January 14, 2021
Severity Medium Analysis Summary As remote work continues, remote collaboration platforms are being targeted by cyber criminals. Meanwhile, other platforms are being used on smartphones to […]
January 14, 2021
Severity High Analysis Summary Researchers have discovered a small cluster of Trojanized versions of Android apps, mainly marketed to people who live in Pakistan. Someone has […]