VTA

WPGateway Plugin Zero-Day Vulnerability Affects Multiples WordPress Sites

Posted by CODEREDASM on September 15, 2022 | Featured | No Comments

VTA-00423 – WPGateway Plugin Zero-Day Vulnerability Affects Multiples WordPress Sites A zero-day vulnerability in the latest version of the WPGateway WordPress premium plugin is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. … Read More

Malicious Cookie Stuffing by Chrome Extensions

Posted by CODEREDASM on September 2, 2022 | Featured | No Comments

VTA-00422 – Malicious Cookie Stuffing by Chrome Extensions Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users’ browsing activity and profit of retail affiliate programs. The extensions offer … Read More

Malicious IIS Extensions Used By Attackers To Deploy Covert Backdoors Into Exchange Servers

Posted by CODEREDASM on August 5, 2022 | Featured | No Comments

VTA-00421 – Malicious IIS Extensions Used By Attackers To Deploy Covert Backdoors Into Exchange Servers Attackers are increasingly using malicious extensions for the Internet Information Services (IIS) web server to backdoor unpatched Exchange servers. The malicious extensions have a lower … Read More

Leveraging Follina (CVE-2022-30190) To Deploy Rozena Backdoor

Posted by CODEREDASM on July 13, 2022 | Featured | No Comments

VTA-00420 – Leveraging Follina (CVE-2022-30190) To Deploy Rozena Backdoor A recently discovered phishing campaign is using the security hole known as Follina to distribute an unauthorised backdoor on Windows systems by using document that exploited CVE-2022-30190. Rozena is a backdoor malware … Read More

New IIS Web Server Backdoor: SessionManager

Posted by CODEREDASM on July 8, 2022 | Featured | No Comments

VTA-00419 – New IIS Web Server Backdoor: SessionManager Following the ProxyLogon-type vulnerability within Microsoft Exchange servers, many backdoors were attempted to be deployed into IIS web servers, and one of such backdoors was discovered in early 2022 dubbed as SessionManager. This … Read More

Matanbuchus Delivering Cobalt Strike Beacons Via Spam Campaigns

Posted by CODEREDASM on July 1, 2022 | Featured | No Comments

VTA-00418 – Matanbuchus Delivering Cobalt Strike Beacons Via Spam Campaigns Matanbuchus is a Malware-as-a-service(Maas), where it is engineered to download and execute second-stage executables from command-and-control (C&C) servers on infected systems without detection. The spam emails containing the Matanbuchus come … Read More

SMSSpy Campaign to Steal Malaysian Banking User Credential

Posted by CODEREDASM on June 10, 2022 | Featured | No Comments

VTA-00417 – SMSSpy Campaign to Steal Malaysian Banking User Credential Recently, Malaysian cybercriminals are using two separate campaigns to steal financial details from victims. In one campaign, they are trying to leverage on the Law Enforcement Agencies(LEA) where the target … Read More

CVE-2022-30190 – New Microsoft Office Zero-Day Code Execution Exploit in the Wild

Posted by CODEREDASM on June 1, 2022 | Featured | No Comments

VTA-00416 – CVE-2022-30190 – New Microsoft Office Zero-Day Code Execution Exploit in the Wild Recently, the discovery of a Word document that was uploaded to VirusTotal shed light upon a new zero-day vulnerability in Microsoft Office named ‘Follina’ that may … Read More

Threat Actor Gain Fileless Persistence on Targeted SQL Se

Threat Actors Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility

Posted by CODEREDASM on May 20, 2022 | Featured | No Comments

VTA-00415 – Threat Actors Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility Recently, Microsoft observed a malicious campaign that targeting SQL servers leveraging on a built-in PowerShell binary to achieve persistence on compromised systems. The attackers start by initiating brute-force attack as … Read More