April 25, 2024

April 25, 2024

Multi-Step Hijacking Campaign Targets Systems Using Cobalt Strike and SSLoad – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 25, 2024

CVE-2024-20358 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Vulnerability

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 25, 2024

Two Cisco Zero-Day Vulnerabilities Used for Espionage by State-Sponsored Threat Actors – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 25, 2024

Multi-Step Hijacking Campaign Targets Systems Using Cobalt Strike and SSLoad – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 25, 2024

CVE-2024-20358 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Vulnerability

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 25, 2024

Two Cisco Zero-Day Vulnerabilities Used for Espionage by State-Sponsored Threat Actors – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

Rewterz Threat Alert – Maze ransomware – IOCs

December 23, 2019

Rewterz Threat Advisory – CVE-2019-19781 – Citrix Application Delivery Controller and Citrix Gateway RCE Vulnerability

December 24, 2019

Rewterz Threat Alert – OilRig targets LANDesk Agent users via PowDesk

December 24, 2019

Severity

High

Analysis Summary

New PowerShell-based malware resembles QUADAGENT. PowDesk checks for the presence of LANDesk Agent folder and service before C&C beacon.

Oilrig keep focusing on the IT supply chain domain, now via LANDesk agent.

Impact

Exposure of sensitive information

Indicators of Compromise

SHA-256

8406ca490c60ec41569b35f31f1860ff4663bba44d1daac64760ecdfe694203d

URL

http[:]//lcepos[.]com/php/reclaimlandesk[.]php

Remediation

Block all threat indicators at your respective controls.
Always be suspicious about emails sent by unknown senders.
Never click on the links/attachment sent by unknown senders.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Multi-Step Hijacking Campaign Targets Systems Using Cobalt Strike and SSLoad – Active IOCs

CVE-2024-20358 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Vulnerability

Two Cisco Zero-Day Vulnerabilities Used for Espionage by State-Sponsored Threat Actors – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Multi-Step Hijacking Campaign Targets Systems Using Cobalt Strike and SSLoad – Active IOCs

CVE-2024-20358 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Vulnerability

Two Cisco Zero-Day Vulnerabilities Used for Espionage by State-Sponsored Threat Actors – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Maze ransomware – IOCs

Rewterz Threat Advisory – CVE-2019-19781 – Citrix Application Delivery Controller and Citrix Gateway RCE Vulnerability