Summary
Palo Alto's Unit 42 revisits the phishing trends they observed over the past year, gaining deeper insight into the various COVID-related topics that attackers might try to exploit. Attackers continued to change their tactics to adapt to the latest pandemic trends.
Threat Type
Phishing
Overview
Palo Alto's Unit 42 revisits the phishing trends they observed over the past year, gaining deeper insight into the various COVID-related topics that attackers might try to exploit.Attackers continued to change
Summary
Four new vulnerabilities for SolarWinds' Orion platform have been disclosed. One vulnerability is rated as Critical, two are rated as High, and one is rated as medium.
Threat Type
Vulnerability
Overview
SolarWinds released details on four new disclosed vulnerabilities. The first vulnerability, rated as critical, if successfully exploited could allow for remote code execution. This vulnerability requires an authenticated user in order to exploit this vulnerability. The second and third vulnerabilitie
Summary
The Mozilla Foundation has issued three High-rated security advisories that address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird.
Threat Type
Vulnerability
Overview
The Mozilla Foundation has released Firefox 87, Firefox ESR 78.9, and Thunderbird 78.9 to cover multiple vulnerabilities. All three advisories have been rated as High. The potential impact from successful exploitation of the most serious vulnerability is the remote execution of arbitrary code. For further details, pl
Summary
Cisco has published thirty-eight Security Advisories. Of the advisories, one is rated as Critical, eighteen are rated as High and nineteen are rated as Medium.
Threat Type
Vulnerability
Overview
Cisco has published thirty-eight Security Advisories. Of the advisories, one is rated as Critical, eighteen are rated as High and nineteen are rated as Medium. For all advisories listed below, it is noted that Cisco's Product Security Incident Response Team (PSIRT) is "not aware of any public announcements o
Summary
Microsoft has finally fixed a vulnerability initially disclosed by a Tenable researcher back in January 2021.
Threat Type
Vulnerability
Overview
A component of Microsoft's Sysinternals utility was found in January 2021 to be vulnerable to privilege escalation. According to the release notes from Microsoft: "This update to PsExec mitigates named pipe squatting attacks that can be leveraged by an attacker to intercept credentials or elevate to System privilege. the -i command line switch is now necess
Summary
In mid-February, several vulnerabilities were attacked, according to researchers with Unit 42 of Palo Alto Networks. As of this writing, the attacks are ongoing. Unit 42 provides information about these attacks and the malware discovered during analysis.
Threat Type
Malware
Overview
Threat actors have been busy with exploits against several vulnerabilities, some of which are rated as critical. Among the vulnerabilities being exploited are VisualDoor, CVE-2020-25506, CVE-2021-27561, CVE-2021-27562, C
Summary
PAM update 4103.23203 contains 1 new event, 1 new moderate event response, and 1 new aggressive event response. The new events relate to the vulnerability, CVE-2021-22986, in certain F5 products.
Threat Type
Vulnerability
Overview
PAM update 4103.23203 contains 1 new event, 1 new moderate event response, and 1 new aggressive event response. The new events relate to the vulnerability, CVE-2021-22986, in certain F5 products. This content update is compatible with IBM QRadar Network Security Firmware v
Summary
A variety of threat actors have been exploiting the ProxyLogon vulnerability in order to carry out malicious activities. Sophos identified the operators of the Black KingDom ransomware also taking advantage of this exploit in a recent campaign.
Threat Type
Ransomware
Overview
Sophos published a blog post analyzing Black KingDom's use of the ProxyLogon exploit to distribute its ransomware payloads. After exploiting ProxyLogon ( CVE-2021-27065 ) on vulnerable on-premise versions of Microsoft Exchange
Summary
The ICS-CERT has published four advisories that affect Weintek EasyWeb cMT, GE MU320E, GE Reason DR60, and Ovarro TBox.
Threat Type
Vulnerability
Overview
The ICS-CERT has published four advisories that affect Weintek EasyWeb cMT, GE MU320E, GE Reason DR60, and Ovarro TBox. Further information is available from the advisories, which are summarized below.
ICS Advisory ICSA-21-082-01 - Weintek EasyWeb cMT
CVE-2021-27446 - The Weintek cMT product line is vulnerable to Code Injection, which may allow an
Summary
Necro, a classic botnet family, first discovered in 2015, was written in Python. On March 2nd, Netlab 360 discovered two samples of a new variant of Necro. Keksec, also known as Kek Security is the threat actor group responsible for the botnet. The botnet has been found on both Windows and Linux systems.
Threat Type
Malware, Botnet, Cryptomining
Overview
Necro, a classic botnet family first discovered in 2015, was written in Python. On March 2nd, Netlab 360 discovered two samples of a new variant of
Summary
PAM update 4103.18182 contains 7 new events, 0 new moderate event responses, and 0 new aggressive event responses.
Threat Type
Vulnerability
Overview
PAM update 4103.18182 contains 7 new events, 0 new moderate event responses, and 0 new aggressive event responses. This content update is compatible with IBM QRadar Network Security Firmware version 5.4 or later, IBM QRadar Network Security for VMware firmware version 5.4 or later, IBM Security Network IPS GV-Series Virtual Appliances, IBM Security Net