US-CERT Bulletin (SB22-206):Vulnerability Summary for the Week of July 18, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
U.S. increased rewards for info on North Korea-linked threat actors to $10 million
The U.S. State Department increased rewards for information on any North Korea-linked threat actors to $10 million. In April 2020,...
Threat actors leverages DLL-SideLoading to spread Qakbot malware
Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble...
Laurel – Transform Linux Audit Logs For SIEM Usage
LAUREL is an event post-processing plugin for auditd(8) to improve its usability in modern security monitoring setups. Why? TLDR: Instead...
Cobalt Stike Beacon Detected – 193[.]201[.]9[.]123:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 175[.]178[.]86[.]45:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 23[.]29[.]115[.]175:4443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 124[.]221[.]234[.]135:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 159[.]65[.]188[.]162:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 1[.]12[.]63[.]155:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 110[.]40[.]227[.]251:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 124[.]223[.]171[.]188:2222
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 49[.]232[.]172[.]165:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Lightning Framework, modular Linux malware
Researchers at Intezer have published a technical analysis of Lightning Framework, a previously undocumented and undetected Linux threat. Lightning is...
Node.js amplify-category-api-e2e-core module code execution |
NAME Node.js amplify-category-api-e2e-core module code execution Platforms Affected:Node.js amplify-category-api-e2e-coreRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js amplify-category-api-e2e-core module could allow a remote attacker...
Node.js employers-routes module code execution |
NAME Node.js employers-routes module code execution Platforms Affected:Node.js employers-routesRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js employers-routes module could allow a remote attacker...
Node.js owncloud-guests module code execution |
NAME Node.js owncloud-guests module code execution Platforms Affected:Node.js owncloud-guestsRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js owncloud-guests module could allow a remote attacker...
Apple iOS, iPadOS, and tvOS buffer overflow | CVE-2022-32788
NAME Apple iOS, iPadOS, and tvOS buffer overflow Platforms Affected:Apple iOS 15.5 Apple iPadOS 15.5 Apple tvOS 15.5Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access...
Node.js dependencies-zksync module code execution |
NAME Node.js dependencies-zksync module code execution Platforms Affected:Node.js dependencies-zksyncRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js dependencies-zksync module could allow a remote attacker...
Node.js defi-interfaces module code execution |
NAME Node.js defi-interfaces module code execution Platforms Affected:Node.js defi-interfacesRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js defi-interfaces module could allow a remote attacker...
Skyhigh Secure Web Gateway security bypass | CVE-2022-2310
NAME Skyhigh Secure Web Gateway security bypass Platforms Affected:Trellix Skyhigh Secure Web Gateway 11.0 Trellix Skyhigh Secure Web Gateway 11.2.0...
Node.js wm-accounts-auth module code execution |
NAME Node.js wm-accounts-auth module code execution Platforms Affected:Node.js wm-accounts-authRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js wm-accounts-auth module could allow a remote attacker...
Node.js @acrontum/filesystem-template module command execution | CVE-2022-21186
NAME Node.js @acrontum/filesystem-template module command execution Platforms Affected:Node.js @acrontum/filesystem-template 0.0.1Risk Level:9.8Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION Node.js @acrontum/filesystem-template module could allow...
WAVLINK WN535K2 and WN535K3 command execution | CVE-2022-2486
NAME WAVLINK WN535K2 and WN535K3 command execution Platforms Affected:Wavlink WN535K2 Wavlink WN535K3Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION WAVLINK WN535K2 and WN535K3 could...
