Threat Intelligence

CloudSEK’s Threat Intelligence Research team analyzed the profile of the Night Sky ransomware group. This group doesn’t have a significant online presence, apart from their exclusive Onion website, where they post their activities and updates.

CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.

The threat actor group, TeamTNT, compromised multiple cloud instances and containerized environments.The target list includes Docker, Redis server, AWS, and Kubernetes.

A new critical vulnerability on the very popular Apache Commons Text library reported and tracked as CVE-2022-42889, named Text4Shell. The vulnerability affects the StringSubstitutor interpolator class which allows for string lookups leading to Remote Code Execution.

CloudSEK threat intelligence advisory on an ongoing North Korean campaign targeting security researchers to spread weaponized files.

Microsoft has issued an advisory revealing a critical in-the-wild exploited Office and Windows HTML Remote Code Execution Vulnerability (CVE-2023-36884).

CloudSEK’s contextual AI digital risk platform XVigil discovered a post made by a hacktivist group “Mysterious Team Bangladesh” claiming to have conducted a DDoS attack on Multiple UAE government websites.

BeVigil has detected leaked Slack webhooks in one of the applications being monitored. Exposed webhooks can be leveraged to access sensitive data and also propagate phishing messages.