Threat Intelligence

Apache CVE-2021-41773 Scanning Tool Shared on Cybercrime Forum

CloudSEK’s Threat Intelligence team discovered a post, on a cybercrime forum, advertising a scanning tool for the path traversal and file disclosure vulnerability, CVE-2021-41773, in Apache HTTP Server.

October 19, 2021

Azure Cosmos DB Jupyter Notebook ChaosDB Vulnerability Threat Intel Advisory

A security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook instance, referred to as ChaosDB, that allows a user to gain access to another user’s data.

October 11, 2021

Jira Software Server CVE-2021-26086 Vulnerability Actively Exploited in the Wild

Jira released an advisory about the newly identified path traversal and read file vulnerability, CVE-2021-26086, in the Jira Software Server. Threat actors could exploit this vulnerability to poison the server logs, thereby causing remote code execution and/ or exfiltration of sensitive files and information.

October 8, 2021

Apache HTTP Server Project CVE-2021-41773 Vulnerability Actively Exploited in the Wild

The vulnerability tracked as CVE-2021-41773 is a path traversal and file disclosure vulnerability in Apache HTTP Server. The vulnerability has been exploited in the wild as a zero-day.

October 6, 2021

Zoho ManageEngine CVE-2021-40539 Vulnerability Actively Exploited in the Wild

CISA recently released an advisory about the active exploitation of a newly identified vulnerability, CVE-2021-40539, in ManageEngine ADSelfService Plus

September 23, 2021

Python-based Slycer Ransomware as a Service for Sale on Cybercrime Forum

A post on a cybercrime forum is advertising Slycer Ransomware, a Python-based malware that encrypts files and sends its decryption key to the attacker

September 22, 2021

Trident Campaign: Microsoft Office RCE Zero-day Exploitation Techniques and Mitigation Measures

Following several attacks targeting the RCE flaw in MSHTML, CloudSEK Threat Intelligence Research team shares the TTPs and IOCs of the attack sequence

September 13, 2021

Microsoft MSHTML Remote Code Execution Vulnerability Threat Intel Advisory

Researchers detected the vulnerability CVE-2021-40444 that targets a remote code execution flaw in MSHTML used to render web content inside Office documents

September 9, 2021

Over 21 Million User Records from Microsoft for Sale on Cybercrime Forum

A post on a cybercrime forum, advertising 21 million user records of Microsoft coincides with the corporate giant’s latest advisory on a Cosmos DB vulnerability.

September 1, 2021

30 Million Records from Alleged T-Mobile Breach for Sale

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post on a cybercrime forum, advertising the PII records of 30 million T-Mobile users, including their SSN, driver’s license, and date of DoB.

August 30, 2021

Darkweb Mentions