VTA-00420 – Leveraging Follina (CVE-2022-30190) To Deploy Rozena Backdoor A recently discovered phishing campaign is using the security hole known as Follina to distribute an unauthorised backdoor on Windows systems by using document that exploited CVE-2022-30190. Rozena is a backdoor malware … Read More
VTA
New IIS Web Server Backdoor: SessionManager
VTA-00419 – New IIS Web Server Backdoor: SessionManager Following the ProxyLogon-type vulnerability within Microsoft Exchange servers, many backdoors were attempted to be deployed into IIS web servers, and one of such backdoors was discovered in early 2022 dubbed as SessionManager. This … Read More
Matanbuchus Delivering Cobalt Strike Beacons Via Spam Campaigns
VTA-00418 – Matanbuchus Delivering Cobalt Strike Beacons Via Spam Campaigns Matanbuchus is a Malware-as-a-service(Maas), where it is engineered to download and execute second-stage executables from command-and-control (C&C) servers on infected systems without detection. The spam emails containing the Matanbuchus come … Read More
SMSSpy Campaign to Steal Malaysian Banking User Credential
VTA-00417 – SMSSpy Campaign to Steal Malaysian Banking User Credential Recently, Malaysian cybercriminals are using two separate campaigns to steal financial details from victims. In one campaign, they are trying to leverage on the Law Enforcement Agencies(LEA) where the target … Read More
CVE-2022-30190 – New Microsoft Office Zero-Day Code Execution Exploit in the Wild
VTA-00416 – CVE-2022-30190 – New Microsoft Office Zero-Day Code Execution Exploit in the Wild Recently, the discovery of a Word document that was uploaded to VirusTotal shed light upon a new zero-day vulnerability in Microsoft Office named ‘Follina’ that may … Read More
Threat Actors Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility
VTA-00415 – Threat Actors Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility Recently, Microsoft observed a malicious campaign that targeting SQL servers leveraging on a built-in PowerShell binary to achieve persistence on compromised systems. The attackers start by initiating brute-force attack as … Read More
AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection
VTA-00414 – AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection Recently, there is a new variant of AvosLocker ransomware that makes use of a legitimate driver file to disable antivirus solutions to evade detection after breaching target networks … Read More
Remote Code Execution (RCE) Vulnerability in WordPress’s Elementor Plugin
VTA-00413 – Remote Code Execution (RCE) Vulnerability in WordPress’s Elementor Plugin WordPress’ plugin Elementor, has recently released an important security fix to patch the vulnerability which allows authenticated users to have escalated privileges and achieve administrative rights, which was tracked … Read More
NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation
VTA-00412 – NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation Recently, NGINX has issued mitigations to address security weaknesses in its Lightweight Directory Access Protocol (LDAP) Reference Implementation. The reference implementation which uses LDAP to authenticate users, is impacted only … Read More