ID | Votes | Profile Description |
---|---|---|
Proxyshell | 7 | ProxyShell is a critical vulnerability affecting Microsoft Exchange email servers. Identified as CVE-2021-34473, it is a flaw in software design or implementation that can be exploited by attackers to gain unauthorized access to systems. The vulnerability was actively exploited by threat actors, cau |
ID | Type | Votes | Profile Description |
---|---|---|---|
Hive | Unspecified | 2 | Hive is a malicious software, or malware, that infiltrates systems to exploit and damage them. This malware has been associated with Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive to crack passwords offline. The Hive operation was primarily involved in port scanning, credential thef |
ID | Type | Votes | Profile Description |
---|---|---|---|
APT40 | Unspecified | 2 | APT40, a Chinese cyber espionage group suspected to be linked to the People's Republic of China (PRC) Ministry of State Security, has been identified as a significant threat actor. The group typically targets countries strategically important to China's Belt and Road Initiative. Over the years, APT4 |
Alphv | Unspecified | 1 | AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car |
Blackbyte | Unspecified | 1 | BlackByte, a threat actor known for its malicious activities, has been on the radar of cybersecurity agencies since its emergence in July 2021. Notorious for targeting critical infrastructure, BlackByte attracted the attention of the Federal Bureau of Investigation (FBI) and the US Secret Service (U |
Cadet Blizzard | Unspecified | 1 | Cadet Blizzard, a threat actor group associated with Russia's GRU military intelligence unit, has been identified by Microsoft as the perpetrator of destructive cyber attacks in Ukraine using wiper malware. The group has been active since at least 2020 and has recently gained some success, according |
Charming Kitten | Unspecified | 1 | Charming Kitten, an Iranian Advanced Persistent Threat (APT) group, also known as ITG18, Phosphorous, and TA453, is a significant cybersecurity threat. This threat actor has been associated with numerous malicious activities, exhibiting advanced and sophisticated social-engineering efforts. The grou |
ID | Type | Votes | Profile Description |
---|---|---|---|
CVE-2021-31207 | Unspecified | 5 | CVE-2021-31207 is a significant software vulnerability that affects Atlassian Confluence and Microsoft Exchange. It was discovered that Advanced Persistent Threat group APT40 rapidly exploits this flaw, along with other public vulnerabilities in widely used software like Log4J (CVE-2021-44228) and M |
CVE-2021-34523 | Unspecified | 3 | None |
CVE-2021-44228 | Unspecified | 3 | CVE-2021-44228, also known as the Log4j vulnerability, is a software flaw found in Apache Log4j, a widely used logging utility. Despite multiple attempts by Advanced Persistent Threat (APT) actors to exploit this vulnerability in the ServiceDesk system, these efforts were unsuccessful. However, it b |
Log4Shell | Unspecified | 2 | Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent |
Follina | Unspecified | 2 | Follina, also known as CVE-2022-30190, is a notable software vulnerability that was discovered and exploited in the first half of 2022. This flaw, found in the Microsoft Windows Support Diagnostic Tool (MSDT), was weaponized by TA413, a cyber threat actor group with suspected ties to China. The grou |
Proxylogon | Unspecified | 2 | ProxyLogon is a notable software vulnerability that surfaced in the cybersecurity landscape. It was part of an exploit chain, including CVE-2021-26855, a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server. This flaw allowed attackers to bypass authentication mechanisms and |
Proxyshell Cve-2021-34473 | Unspecified | 2 | ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) is a set of three chained vulnerabilities that perform unauthenticated remote code execution (RCE) in Microsoft Exchange. Identified as a significant flaw in software design or implementation, it allows unauthorized users to execute arbitra |
CVE-2021-40539 | Unspecified | 1 | None |
CVE-2018-13379 | Unspecified | 1 | CVE-2018-13379 is a critical vulnerability that affects FortiOS and Fortiguard, presenting a flaw in their software design or implementation. This specific vulnerability, which can expose sensitive credentials, has been frequently exploited, making the top 15 most routinely exploited list in both 20 |
Proxylogon Cve | Unspecified | 1 | None |
Proxyshell Cve | Unspecified | 1 | None |
Proxynotshell | Unspecified | 1 | ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t |
CVE-2021-26084 | Unspecified | 1 | CVE-2021-26084 is a critical vulnerability related to Atlassian's Confluence software. The flaw in the software design or implementation was first exploited as a zero-day, before its public disclosure in June 2022. It allowed remote attackers to execute code on a Confluence Server via injection atta |
CVE-2022-41040 | Unspecified | 1 | CVE-2022-41040 is a software vulnerability that was discovered in late September 2022, along with another flaw, CVE-2022-41082. These two zero-day vulnerabilities were collectively known as ProxyNotShell. The vulnerabilities were exploited to compromise Microsoft Exchange through the proxy mechanism |
Source | CreatedAt | Title |
---|---|---|
Securityaffairs | 17 days ago | Cybersecurity agencies warn of China-linked APT40 's capabilities |
CISA | 18 days ago | People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action | CISA |
BankInfoSecurity | 2 months ago | Active Chinese Cyberespionage Campaign Rifling Email Servers |
Unit42 | 2 months ago | Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia |
Securityaffairs | 2 months ago | A malware campaign exploits Microsoft Exchange Server flaws |
CERT-EU | 5 months ago | Sensor Intel Series: Top CVEs in December 2023 |
CERT-EU | 7 months ago | ProxyShell-targeting Babuk Tortilla ransomware decrypted after hacker’s arrest | #ransomware | #cybercrime | National Cyber Security Consulting |
MITRE | 7 months ago | RaaS AvosLocker Incident Response Analysis |
MITRE | 7 months ago | Ransomware Spotlight: AvosLocker |
CERT-EU | 8 months ago | GitHub - kh4sh3i/ProxyShell: CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability |
CERT-EU | 8 months ago | Sensor Intel Series: Top CVEs in October 2023 |
CERT-EU | 8 months ago | CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations |
CERT-EU | 10 months ago | What we know about BlackCat and the MGM hack |
CERT-EU | 10 months ago | Sensor Intel Series: Top CVEs in August 2023 | F5 Labs |
Securityaffairs | 10 months ago | Earth Lusca expands its arsenal with SprySOCKS Linux malware |
Trend Micro | 10 months ago | Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement |
DARKReading | 10 months ago | Iran's Charming Kitten Pounces on Israeli Exchange Servers |
CERT-EU | a year ago | From Caribbean shores to your devices: analyzing Cuba ransomware – GIXtools |
Securelist | a year ago | Analysis of Cuba ransomware gang activity and tooling |
CERT-EU | a year ago | Qualys Top 20 Exploited Vulnerabilities | Qualys Security Blog |