ذكاء التهديدات

CloudSEK’s Threat Intelligence team discovered a post, on a cybercrime forum, advertising a scanning tool for the path traversal and file disclosure vulnerability, CVE-2021-41773, in Apache HTTP Server.

Critical RCE vulnerability affecting Citrix ADC and Citrix Gateway. APT 5 has been observed exploiting this vulnerability in the wild as per Citrix and NSA. Threat actors on the cybercrime forums were looking to buy the exploits for this vulnerability to perform arbitrary code execution.

CloudSEK threat intelligence advisory on Xanthe cryptomining botnet that targets Linux systems, compromises misconfigured Docker server APIs.

The leaked database contains sensitive information, such as name, mobile number, address, user ID among other details, of registered IndiaMart suppliers.

CISA recently released an advisory about the active exploitation of a newly identified vulnerability, CVE-2021-40539, in ManageEngine ADSelfService Plus

CloudSEK’s Threat Intelligence Team discovered an URL, wherein an open redirection vulnerability was exploited to direct the victim to a login page of an entity belonging to the government of Qatar.

XVigil identified a post, advertising 170 SonicVPN accesses for USD 2,000. Threat actors have been targeting SonicVPN frequently, which puts these accesses at a high risk of being exploited.

Our Research team analysed the profile of the ransomware group dubbed BlackCat. This group doesn’t have an online presence apart from an exclusive Onion site, where they post their activities, updates, and targeted victims.