| ID | Votes | Profile Description |
|---|---|---|
| Log4Shell | 11 | Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Lockbit | Unspecified | 1 | LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
| Atomsilo | Unspecified | 1 | AtomSilo is a type of malware that has been linked to several other ransomware families including LockFile, Rook, Night Sky, and Pandora. This connection was revealed through the analysis of Cobalt Strike Beacon samples loaded by HUI Loader. CTU analysis suggests that these five ransomware families |
| KEYPLUG | Unspecified | 1 | KeyPlug is a modular backdoor malware, written in C++, that has been used extensively by the APT41 group to target systems globally. Notably, between June and December 2021, it was heavily deployed against state government victims, exploiting Windows systems with significant effect. KeyPlug supports |
| Pandora Ransomware | Unspecified | 1 | Pandora ransomware is a type of malware that has been connected to several other malicious software strains, including AtomSilo, Night Sky, and Rook. Researchers from CTU identified code overlap between the updated HUI Loader samples and Pandora ransomware, suggesting a common origin or shared devel |
| Rook | Unspecified | 1 | Rook is a malicious software (malware) linked to several ransomware activities, including LockFile, AtomSilo, Night Sky, and Pandora. These activities are associated with the deployment of HUI Loader, which has been used in loading Cobalt Strike Beacon. A CTU analysis revealed that these five ransom |
| Cobalt Strike Beacon | Unspecified | 1 | Cobalt Strike Beacon is a type of malware known for its harmful capabilities, including stealing personal information, disrupting operations, and potentially holding data hostage for ransom. The malware has been loaded by HUI Loader through various files such as mpc.tmp, dlp.ini, vmtools.ini, and an |
| Lockfile | Unspecified | 1 | LockFile is a type of malicious software, or malware, that has been linked to ransomware activity. This harmful program can infiltrate your system via suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold your data for ransom. Analysis of the PlugX |
| Night Sky | Unspecified | 1 | Night Sky is a potent form of malware that has been linked to several significant ransomware activities, including LockFile, AtomSilo, Rook, and Pandora. Analysis of the Cobalt Strike Beacon samples loaded by HUI Loader has revealed a connection between AtomSilo, Night Sky, and Pandora ransomware, s |
| Ninerat | Unspecified | 1 | NineRAT is a malware strain developed by the Lazarus group, and it was first used in Operation Blacksmith in March 2022 against a South American agricultural organization. The malware was initially built around May 2022 and was later observed being utilized in September against a European manufactur |
| keyplug.linux | Unspecified | 1 | Keyplug.linux is a malicious software (malware) that has been utilized by APT41, a highly adaptable and resourceful threat actor. This malware is known for its capacity to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's kno |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| APT41 | Unspecified | 2 | APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4 |
| APT40 | Unspecified | 2 | APT40, a Chinese cyber espionage group suspected to be linked to the People's Republic of China (PRC) Ministry of State Security, has been identified as a significant threat actor. The group typically targets countries strategically important to China's Belt and Road Initiative. Over the years, APT4 |
| Lazarus Group | Unspecified | 1 | The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large- |
| Phosphorus | Unspecified | 1 | Phosphorus, also known as APT35 or Charming Kitten, is a notorious Iranian cyberespionage group linked to the Islamic Revolutionary Guard Corps (IRGC). This threat actor has been involved in a series of malicious activities, employing novel tactics and tools. A significant discovery was made by the |
| Alphv | Unspecified | 1 | AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car |
| Unc3886 | Unspecified | 1 | UNC3886 is a threat actor with suspected links to China, known for its cyber espionage operations targeting global strategic organizations. Since 2021, this advanced persistent threat (APT) group has been exploiting a VMware zero-day vulnerability, identified as CVE-2023-34048. The cybersecurity ind |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2021-34473 | Unspecified | 3 | CVE-2021-34473 is a significant software vulnerability that was discovered in Microsoft Exchange Server. This flaw, along with two others (CVE-2021-31207 and CVE-2021-34523), forms a chain of vulnerabilities known as ProxyShell. These vulnerabilities can be exploited together by remote attackers to |
| CVE-2021-26084 | Unspecified | 3 | CVE-2021-26084 is a critical vulnerability related to Atlassian's Confluence software. The flaw in the software design or implementation was first exploited as a zero-day, before its public disclosure in June 2022. It allowed remote attackers to execute code on a Confluence Server via injection atta |
| CVE-2021-44207 | Unspecified | 2 | CVE-2021-44207 is a significant software vulnerability that was exploited by APT41, a prolific Chinese state-sponsored espionage group known for targeting both public and private sector organizations. This flaw in the USAHerds web application's design or implementation mirrors a previously reported |
| CVE-2021-31207 | Unspecified | 2 | CVE-2021-31207 is a significant software vulnerability that affects Atlassian Confluence and Microsoft Exchange. It was discovered that Advanced Persistent Threat group APT40 rapidly exploits this flaw, along with other public vulnerabilities in widely used software like Log4J (CVE-2021-44228) and M |
| CVE-2021-34523 | Unspecified | 2 | None |
| Proxyshell | Unspecified | 2 | ProxyShell is a critical vulnerability affecting Microsoft Exchange email servers. Identified as CVE-2021-34473, it is a flaw in software design or implementation that can be exploited by attackers to gain unauthorized access to systems. The vulnerability was actively exploited by threat actors, cau |
| CVE-2022-22965 | Unspecified | 1 | None |
| CVE-2019-19781 | Unspecified | 1 | CVE-2019-19781, also known as the Citrix Directory Traversal Bug, is a software vulnerability that lies in the design or implementation of the software. This flaw allows an attacker to potentially gain unauthorized access to sensitive data or even execute arbitrary code on the compromised system. De |
| CVE-2021-35464 | Unspecified | 1 | None |
| CVE-2017-7504 | Unspecified | 1 | CVE-2017-7504 is a significant software vulnerability identified in the JBoss MQ Java Message Service (JMS). This flaw, rooted in software design and implementation, allows for deserialization attacks when exploited on an internet-exposed server. The vulnerability has been abused by malicious actors |
| CVE-2021-22941 | Unspecified | 1 | CVE-2021-22941 is a significant software vulnerability identified in Citrix ShareFile, which allows for remote code execution (RCE). This flaw was exploited by the threat actor group known as GOLD MELODY, also referred to as PROPHET SPIDER. The group has been linked to various attacks exploiting sec |
| CVE-2021-22205 | Unspecified | 1 | CVE-2021-22205 is a significant vulnerability in GitLab, a flaw in software design or implementation that allows for remote code execution. This vulnerability has been assigned the highest severity score (CVSS score: 10.0) due to its potential impact. The bug, which is now two years old, continues t |
| CVE-2020-14750 | Unspecified | 1 | None |
| CVE-2020-14882 | Unspecified | 1 | None |
| CVE-2023-2868 | Unspecified | 1 | CVE-2023-2868 is a significant software vulnerability that was identified in the Barracuda Email Security Gateway (ESG) appliances. This flaw, specifically a remote command injection vulnerability, was disclosed by Barracuda on May 30th, 2023. The vulnerability had been exploited as early as October |
| CVE-2023-46604 | Unspecified | 1 | CVE-2023-46604 is a critical vulnerability identified in Apache ActiveMQ, specifically affecting versions prior to 5.15.16, 5.16.7, 5.17.6, and 5.18.3. This flaw, which lies within the Java OpenWire protocol marshaller, allows for Remote Code Execution (RCE) and has been assigned a maximum severity |
| CVE-2024-4577 | Unspecified | 1 | None |
| Proxylogon Cve-2021-26855 | Unspecified | 1 | None |
| Proxynotshell | Unspecified | 1 | ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t |
| CVE-2023-28771 | Unspecified | 1 | CVE-2023-28771 is a software vulnerability, specifically a command injection flaw, in Zyxel ZyWALL firewalls. The vulnerability was detected by FortiGuard Labs in June 2023 when it was being exploited by several Distributed Denial of Service (DDoS) botnets. It's worth noting that this vulnerability |
| CVE-2022-41328 | Unspecified | 1 | CVE-2022-41328 is a significant software vulnerability discovered in Fortinet's FortiOS. It was heavily targeted by China-nexus intrusion sets, particularly UNC3886, who exploited the vulnerability to deploy custom malware families on Fortinet and VMware systems. This exploitation occurred in Septem |
| CVE-2022-1388 | Unspecified | 1 | CVE-2022-1388 is a critical vulnerability identified in the F5 BIG-IP iControl REST interface, which allows for an authentication bypass. This flaw in software design or implementation enables unauthorized users to gain access and control over the system without needing to authenticate their identit |
| CVE-2022-22954 | Unspecified | 1 | CVE-2022-22954 is a significant software vulnerability that affects VMware's Workspace One Access and Identity Manager. This flaw in the software design or implementation allows for remote code execution, providing an attacker with the ability to execute arbitrary commands on the affected system. Ov |
| CVE-2022-24990 | Unspecified | 1 | None |
| CVE-2021-20038 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| Securityaffairs | 16 days ago | Cybersecurity agencies warn of China-linked APT40 's capabilities |
| CISA | 18 days ago | People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action | CISA |
| Securityaffairs | a month ago | ExCobalt Cybercrime group targets Russian organizations in multiple sectors |
| DARKReading | a month ago | TellYouthePass Ransomware Group Exploits Critical PHP Flaw |
| InfoSecurity-magazine | 3 months ago | Log4J Still Among Top Exploited Vulnerabilities, Cato Finds |
| DARKReading | 4 months ago | Getting Security Remediation on the Boardroom Agenda |
| CERT-EU | 5 months ago | What cyber threats face the education sector? |
| CERT-EU | 5 months ago | Cybersecurity crisis in schools - Help Net Security |
| CERT-EU | 5 months ago | Trustwave reveals cybersecurity threats targeting education sector |
| CERT-EU | 5 months ago | How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity |
| CERT-EU | 5 months ago | Sensor Intel Series: Top CVEs in December 2023 |
| BankInfoSecurity | 6 months ago | FritzFrog Botnet Exploits Log4Shell |
| Securityaffairs | 6 months ago | Experts created a PoC for Apache OFBiz flaw CVE-2023-51467 |
| CERT-EU | 6 months ago | New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems |
| CERT-EU | 7 months ago | December 2023's Most Wanted Malware : The Resurgence of Qbot and FakeUpdates – Global Security Mag Online |
| CERT-EU | 7 months ago | Above 30% Apps at Risk with Vulnerable Log4j Versions |
| CERT-EU | 7 months ago | Breaking Cyber News From Cyberint - Cyberint |
| CERT-EU | 7 months ago | A Log4Shell Retrospective - Overblown and Exaggerated - Cyber Security Review |
| MITRE | 7 months ago | RaaS AvosLocker Incident Response Analysis |
| MITRE | 7 months ago | Avos ransomware group expands with new attack arsenal |