Threat Advisory: High Severity OpenSSL Vulnerabilities
In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer
Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server
Even organizations that use Exchange Online may still be affected if they run a hybrid server.
Avos ransomware group expands with new attack arsenal
By Flavio Costa, * In a recent customer engagement, we observed a month-long AvosLocker campaign. * The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. * The initial ingress point in this incident was a pa
Threat Advisory: Atlassian Confluence zero-day vulnerability under active exploitation
Cisco Talos is monitoring reports of an actively exploited zero-day vulnerability in Confluence Data Center and Server. Confluence is a Java-based corporate Wiki employed by numerous enterprises. At this time, it is confirmed that all supported versions of Confluence are affecte
Threat Advisory: Zero-day vulnerability in Microsoft diagnostic tool MSDT could lead to code execution
A recently discovered zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) made headlines over the past few days. CVE-2022-30190, also known under the name "Follina," exists when MSDT is called using the URL protocol from an application, such
Threat Advisory: Critical F5 BIG-IP Vulnerability
Summary A recently disclosed vulnerability in F5 Networks' BIG-IP could allow an unauthenticated attacker to access the BIG-IP system to execute arbitrary system commands, create and delete files, disable services and could lead to additional malicious activity. This vulner
Mustang Panda deploys a new wave of malware targeting Europe
* In February 2022, corresponding roughly with the start of the Russian Invasion of Ukraine, Cisco Talos began observing the China-based threat actor Mustang Panda conducting phishing campaigns against European entities, including Russian organizations. Some phishing messages co
TeamTNT Targeting AWS, Alibaba
By Darin Smith. * TeamTNT is actively modifying its scripts after they were made public by security researchers. * These scripts primarily target Amazon Web Services, but can also run in on-premise, container, or other forms of Linux instances. * The group's payloads inc
Threat Advisory: Spring4Shell
UPDATE, APRIL 4, 2022: The Kenna Risk Score for CVE-2022-22965 is currently at maximum 100. This is an exceptionally rare score, of which only 415 out of 184,000 CVEs (or 0.22 percent) have achieved, reflecting the severity and potential effects of this vulnerability. To get a r