ID | Votes | Profile Description |
---|---|---|
Follina | 9 | Follina, also known as CVE-2022-30190, is a notable software vulnerability that was discovered and exploited in the first half of 2022. This flaw, found in the Microsoft Windows Support Diagnostic Tool (MSDT), was weaponized by TA413, a cyber threat actor group with suspected ties to China. The grou |
ID | Type | Votes | Profile Description |
---|---|---|---|
Lokibot | Unspecified | 2 | LokiBot is a malicious software, or malware, that was first reported on October 24, 2020. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, LokiBot steals personal information |
QakBot | Unspecified | 1 | Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e |
Qbot | Unspecified | 1 | Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs |
Lowzero | Unspecified | 1 | Lowzero is a custom backdoor malware introduced by TA413, a deviation from their usual practice of using well-known or open-source tools. Throughout the first half of 2022, TA413 exploited various vulnerabilities, including a patched zero-day vulnerability in Sophos Firewall product (CVE-2022-1040), |
Stealth Soldier | Unspecified | 1 | Stealth Soldier is a previously undisclosed modular backdoor malware identified by Check Point researchers in an ongoing espionage operation against targets in North Africa, as reported on June 8, 2023. The malware exhibits multi-stage infection capabilities and is being used for surveillance and es |
Woody RAT | Unspecified | 1 | Woody Rat is a malware that has been in the wild for at least a year, as identified by the Malwarebytes Threat Intelligence team. It is weaponized through a Microsoft Office document named Памятка.docx, exploiting the Follina (CVE-2022-30190) vulnerability to infiltrate systems. This malicious softw |
ID | Type | Votes | Profile Description |
---|---|---|---|
APT28 | Unspecified | 2 | APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the |
Ta413 | Unspecified | 1 | TA413, also known as LuckyCat, is a threat actor suspected of conducting cyber espionage on behalf of the Chinese state. In the first half of 2022, TA413 targeted Tibetan individuals, organizations, and the exiled Tibetan government. The group exploited a now-patched zero-day vulnerability in the So |
ID | Type | Votes | Profile Description |
---|---|---|---|
Proxyshell | Unspecified | 3 | ProxyShell is a critical vulnerability affecting Microsoft Exchange email servers. Identified as CVE-2021-34473, it is a flaw in software design or implementation that can be exploited by attackers to gain unauthorized access to systems. The vulnerability was actively exploited by threat actors, cau |
Log4Shell | Unspecified | 3 | Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent |
CVE-2022-24682 | Unspecified | 1 | None |
CVE-2022-1040 | Unspecified | 1 | None |
CVE-2021-34527 | Unspecified | 1 | CVE-2021-34527, also known as PrintNightmare, is a software vulnerability that involves a flaw in software design or implementation. The exploitation process begins when a user clicks on a link which downloads a ZIP archive containing a malicious JScript (JS) downloader titled 'Stolen Images Evidenc |
Printnightmare Cve-2021-34527 | Unspecified | 1 | PrintNightmare (CVE-2021-34527) is a significant software vulnerability that was identified and reported in 2021. It is a flaw in the design or implementation of Microsoft's Windows Print Spooler service, which can be exploited for local and Windows Active Domain privilege escalation. This allows at |
Printnightmare | Unspecified | 1 | PrintNightmare (CVE-2021-34527) is a significant vulnerability in the Windows Print Spooler service that allows an attacker to escalate privileges either locally or remotely by loading a malicious DLL which will be executed as SYSTEM. This flaw, potentially a new zero-day Microsoft vulnerability, en |
CVE-2020-12641 | Unspecified | 1 | CVE-2020-12641 is a significant vulnerability discovered in the Roundcube Webmail application. It is an issue that arises from a flaw in the software's design or implementation, which allows for Command Injection and Cross-Site Scripting (XSS) attacks (CVE-2020-35730). The exploitation of this vulne |
Proxynotshell | Unspecified | 1 | ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t |
Source | CreatedAt | Title |
---|---|---|
Securityaffairs | 3 months ago | NATO and the EU formally condemned APT28 cyber espionage |
MITRE | 7 months ago | Woody RAT: A new feature-rich malware spotted in the wild |
Securityaffairs | 8 months ago | Russia's APT8 exploited Outlook 0day to target EU NATO members |
Securityaffairs | 8 months ago | Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts |
CERT-EU | 9 months ago | Several French critical networks subjected to Russian APT attacks |
CERT-EU | 9 months ago | How APT28 Infiltrates Networks in French Universities & Nuclear Plants Without Detection |
Securityaffairs | 9 months ago | ANSSI warns of Russia-linked APT28 attacks on French entities |
CERT-EU | 10 months ago | The Hidden Dangers of Remote Code Execution (RCE) Exploits in Word Documents |
CERT-EU | 10 months ago | LokiBot Information Stealer Packs Fresh Infection Strategies |
CERT-EU | a year ago | Malspam attacks up, new sectors targeted – report |
CERT-EU | a year ago | nao-sec.org |
CERT-EU | a year ago | GroundPeony Group Exploiting Zero-day Flaw to Attack Government Agencies |
CERT-EU | a year ago | GroundPeony Group Exploiting Zero-day Flaw to Attack Government Agencies | IT Security News |
CERT-EU | a year ago | Uncovering the internet's most enduring threat: The Email Threat Landscape |
Malwarebytes | a year ago | 2022's most routinely exploited vulnerabilities—history repeats |
BankInfoSecurity | a year ago | Patching Conundrum: 5-Year Old Flaw Again Tops Most-Hit List |
CERT-EU | a year ago | Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities |
CERT-EU | a year ago | FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022 |
CERT-EU | a year ago | Most exploited cyber vulnerabilities of 2022 revealed |
BankInfoSecurity | a year ago | Patching Conundrum: 4-Year Old Flaw Again Tops Most-Hit List |