VenomRAT is a remote access tool discovered by 2020, and it is used by threat actors to control the infected systems remotely.

CloudSEK’s Threat Intelligence Research team analyzed the profile of the ransomware group named 54bb47h (Sabbath)

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a Russian cybercrime forum frequented by Ransomware groups, regarding eight vulnerabilities targeting Samba packages affecting Active Directory domains.

Grafana recently released an advisory and patch for a critical path traversal vulnerability which leads to an unauthenticated Local File inclusion. This vulnerability affects Grafana versions v8.0.0-beta1 through v8.3.0, however, the Grafana Cloud remains unaffected.

The Log4Shell vulnerability, tracked as CVE-2021-4428, has the highest severity of CVSS 10, as it enables unauthenticated remote code execution and is already being exploited in the wild.

Recently, our research team discovered an interesting post, on a Russian-language cybercrime forum, of a threat actor advertising a phishing toolkit. In the actor’s first post related to the phishing service, they were only selling monthly subscription packages. However, through a reliable source, we have gathered other details about this phishing campaign, including the tactics, techniques, and procedures (TTPs) used.

Log4J vulnerability is now being exploited by notorious ransomware groups such as Khonsari and Conti. Log4Shell had 3 high priority security patches in the last week alone, leading to increased threat severity.

Our Research team analysed the profile of the ransomware group dubbed BlackCat. This group doesn’t have an online presence apart from an exclusive Onion site, where they post their activities, updates, and targeted victims.