Log4J vulnerability is now being exploited by notorious ransomware groups such as Khonsari and Conti. Log4Shell had 3 high priority security patches in the last week alone, leading to increased threat severity.
Recently, our research team discovered an interesting post, on a Russian-language cybercrime forum, of a threat actor advertising a phishing toolkit. In the actor’s first post related to the phishing service, they were only selling monthly subscription packages. However, through a reliable source, we have gathered other details about this phishing campaign, including the tactics, techniques, and procedures (TTPs) used.
The Log4Shell vulnerability, tracked as CVE-2021-4428, has the highest severity of CVSS 10, as it enables unauthenticated remote code execution and is already being exploited in the wild.
Grafana recently released an advisory and patch for a critical path traversal vulnerability which leads to an unauthenticated Local File inclusion. This vulnerability affects Grafana versions v8.0.0-beta1 through v8.3.0, however, the Grafana Cloud remains unaffected.
CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a Russian cybercrime forum frequented by Ransomware groups, regarding eight vulnerabilities targeting Samba packages affecting Active Directory domains.
CloudSEK’s Threat Intelligence Research team analyzed the profile of the ransomware group named 54bb47h (Sabbath)
VenomRAT is a remote access tool discovered by 2020, and it is used by threat actors to control the infected systems remotely.
Sign up for our Daily Cyber Brief, and be the first to receive the latest cyber news and threat alerts, from across the world.
Product and Modules