Wednesday, May 26th, 2021
Smarttech247 Cyber Threat Reports
Threat Reports are reports created by Smarttech247 based on high and critical severity vulnerabilities that may have a high potential to be exploited in the wild i.e. vulnerabilities that are present in most used products by companies and do not have an auto-update option or they are usually not automatically updated in case that could lead to some service disruption.
In ransomware attacks, data from infected systems is held hostage (encrypted) until a fee is paid to the criminals. This modus operandi disrupts legitimate businesses, which may become unavailable until the data is restored, thus causing additional financial and reputational losses.
Click below to download our most recent threat reports created by Smarttech247 analysts:
Critical Patches Issued for Microsoft Products
Updated: 9th June – Multiple critical vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities in Google
Informative Cyber Alert Multiple Vulnerabilities in Google Chrome
Updated: 27th May – Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser.
Vulnerabilities in VMware vCenter Server
Updated: 27th May – Vulnerabilities have been discovered in VMware vCenter Server, the most severe of which could allow for remote code execution. VMware vCenter Server is a centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. Successful exploitation of these vulnerabilities could allow an attacker to execute remote code in context of the user running the application.
Updated: 26th May – Avaddon ransomware gang has breached the France-based financial consultancy firm Acer Finance and AXA Asia. To read more, click below.
Netwalker & Sodinokibi Ransomware
Updated: 26th May – NetWalker Ransomware has been one of the most notorious ransomware families over the course of the past year, targeting organizations in the US and Europe including several healthcare organizations, despite several known threat actors publicly claiming to abstain from targeting such organizations due to COVID-19.
Sodinokibi Ransomware is likely being distributed by attackers affiliated with those that distributed the infamous GandCrab ransomware family, which is supposed to be retired soon according to the underground forum where GandCrab first appeared. Sodinokibi uses an Elliptic-curve Diffie-Hellman key exchange algorithm to generate and propagate encryption keys.
Please reach out to us for a full list of IOCs and more information: email@example.com