ذكاء التهديدات

CloudSEK Threat Intelligence Advisory on T-RAT, uses Telegram as its Command & Control channel, capable of keylogging, screen capture, etc.

Unauthorized third party accessed user data of the online bidding, auctioning forum, through a security breach, confirmed by LiveAuctioneers in a statement.

XVigil identified a suspicious domain that was sending phishing emails to the vendors of a real estate entity. A deep-dive analysis of the domain exposed a full-fledged campaign, where the threat actors were impersonating the Ministry of Human Resources of the UAE government.

A website called Zoom Leaks advertises itself as a public forum used to share session codes, on the popular live conference software zoom.

Web shell access to Zimbra powered Webmail service of Bamboozle shared over cybercrime forum. Possible ZCS vulnerability exploited to gain access.

Threat actors discussing the exploit for CVE-2022-26809, an RCE present in the Windows RPC runtime.

XVigil discovered a new operation named #OpBRICS launched by the threat actor group Your Data is Ours (YDIO) against the following five major emerging economies:

Jira released an advisory about the newly identified path traversal and read file vulnerability, CVE-2021-26086, in the Jira Software Server. Threat actors could exploit this vulnerability to poison the server logs, thereby causing remote code execution and/ or exfiltration of sensitive files and information.