VTA

LockFile Ransomware Hijacks Windows Domain

“Bleed You” Campaign Exploiting RCE Vulnerability in Windows Internet Key Exchange (CVE-2022-34721)

Posted by CODEREDASM on November 29, 2022 | Featured | No Comments

VTA-00427 – “Bleed You” Campaign Exploiting RCE Vulnerability in Windows Internet Key Exchange (CVE-2022-34721) The cybersecurity researcher from CYFIRMA discovered several exploits that are currently in use that target the Windows Internet Key Exchange (IKE) Protocol Extensions and more than … Read More

Cryptocurrency Users Targeted By New Laplas Clipper Malware via SmokeLoader

Posted by CODEREDASM on November 11, 2022 | Featured | No Comments

VTA-00426 – Cryptocurrency Users Targeted By New Laplas Clipper Malware via SmokeLoader Cryptocurrency users are being targeted by the New Laplas Clipper which is being delivered using Smoke Loader. SmokeLoader’s purpose is to download and load other malware into the … Read More

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

Posted by CODEREDASM on November 2, 2022 | Featured | No Comments

VTA-00425 – OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, … Read More

Conti Ransomware Gang Hacking Microsoft Exchange Servers Using ProxyShell Exploit

Maggie Malware Infected Hundreds of Microsoft SQL servers

Posted by CODEREDASM on October 12, 2022 | Featured | No Comments

VTA-00424 – Maggie Malware Infected Hundreds of Microsoft SQL servers A novel backdoor malware named Maggie that targets Microsoft SQL servers has infected hundreds of machines all over the world. The malware disguises itself as an Extended Stored Procedure DLL, a … Read More

WPGateway Plugin Zero-Day Vulnerability Affects Multiples WordPress Sites

Posted by CODEREDASM on September 15, 2022 | Featured | No Comments

VTA-00423 – WPGateway Plugin Zero-Day Vulnerability Affects Multiples WordPress Sites A zero-day vulnerability in the latest version of the WPGateway WordPress premium plugin is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. … Read More

Malicious Cookie Stuffing by Chrome Extensions

Posted by CODEREDASM on September 2, 2022 | Featured | No Comments

VTA-00422 – Malicious Cookie Stuffing by Chrome Extensions Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users’ browsing activity and profit of retail affiliate programs. The extensions offer … Read More

Malicious IIS Extensions Used By Attackers To Deploy Covert Backdoors Into Exchange Servers

Posted by CODEREDASM on August 5, 2022 | Featured | No Comments

VTA-00421 – Malicious IIS Extensions Used By Attackers To Deploy Covert Backdoors Into Exchange Servers Attackers are increasingly using malicious extensions for the Internet Information Services (IIS) web server to backdoor unpatched Exchange servers. The malicious extensions have a lower … Read More

Leveraging Follina (CVE-2022-30190) To Deploy Rozena Backdoor

Posted by CODEREDASM on July 13, 2022 | Featured | No Comments

VTA-00420 – Leveraging Follina (CVE-2022-30190) To Deploy Rozena Backdoor A recently discovered phishing campaign is using the security hole known as Follina to distribute an unauthorised backdoor on Windows systems by using document that exploited CVE-2022-30190. Rozena is a backdoor malware … Read More

New IIS Web Server Backdoor: SessionManager

Posted by CODEREDASM on July 8, 2022 | Featured | No Comments

VTA-00419 – New IIS Web Server Backdoor: SessionManager Following the ProxyLogon-type vulnerability within Microsoft Exchange servers, many backdoors were attempted to be deployed into IIS web servers, and one of such backdoors was discovered in early 2022 dubbed as SessionManager. This … Read More