Cisco Aironet APs Vulnerability Risks DoS

Avertium Threat Report

Cisco Aironet APs Vulnerability Overview This threat report is about a vulnerability recently discovered in Cisco Aironet Access Points (APs) known as CVE-2020-3560, and includes actionable mitigation intelligence. An attacker may utilize this vulnerability to cause a Denial of Service (DoS) state on the targeted AP. Due to its high availability impact, this vulnerability can […]

Iranian Web Shells Attack Remote Workforce Infrastructure

Avertium Threat Report

This threat report is about a threat actor associated with the Iranian nation state using multiple vulnerabilities in common products to install web shells. This is part of a concerted effort to attack the VPN and remote work infrastructure of US organizations. The three platforms being targeted are F5 load balancers, Juniper Pulse Secure, and […]

Palo Alto Firewall Vulnerabilities Discovered and Patched

Avertium Threat Report

Palo Alto Firewall Vulnerabilities Overview This threat report provides actionable intelligence about a series of vulnerabilities ranging in criticality affecting the Palo Alto firewall software suite. The vulnerabilities have been assigned the following CVEs (Common Vulnerabilities and Exposures) varies: CVE-2020-2036, CVE-2020-2037, CVE-2020-2038, CVE-2020-2039, CVE-2020-2040, CVE-2020-2041, CVE-2020-2042, CVE-2020-2043, and CVE-2020-2044. The risk associated with these Palo […]

Financial Institutions Beware: New PyVil RAT Targets You

Avertium Threat Report

PyVil Trojan Overview This threat report is about threat actor Evilnum’s new remote access trojan (RAT) called PyVil and provides actionable intelligence on how to avoid it. The trojan is built off a new infection chain the threat actor utilizes to propagate malware. The infection chain is very complex and offers a unique method to […]

WooCommerce Vulnerabilities in WordPress Plugin Discovered

Avertium Threat Report

WooCommerce Vulnerabilities Overview This threat report provides actionable intelligence about multiple vulnerabilities recently discovered in Discount Rules for WooCommerce WordPress plugin. Successful exploitation of these weaknesses could allow a remote unauthenticated attacker to execute arbitrary code. The vulnerabilities were quickly patched by the developers after discovery. Now it is imperative that administrators using the affected […]

MassLogger Malware

Avertium Threat Report

MassLogger Malware Overview This threat report provides an overview of the MassLogger malware, the tactics, techniques and procedures used and what you can do to protect your organization. MassLogger is recognized as spyware with keylogging and credential stealing capabilities and contains actionable intelligence to protect against this risk. The malware was first sighted in April […]

Russian Drovorub Malware Affects Linux Systems

Avertium Threat Report

Drovorub Malware Overview This threat report is about the Drovorub malware, which has been attributed to the Russian military unit known as the GRU (Organization of the Main Intelligence Administration). The malware affects Linux systems and utilizes a unique method of persistence within an infected host. The malware is a part of the intelligence operations […]

Netwalker Ransomware Offered as Ransomware-as-a-Service Creating Increased Prevalence

Avertium Threat Report

NetWalker (fka Mailto) Overview This threat report is about the NetWalker ransomware previously known as Mailto. Since it was first detected in August 2019, NetWalker has quickly evolved and is now considered highly dangerous due to its implementation of advanced anti-detection and persistence techniques. This report gives a technical analysis of its recently-observed behavior, as […]

Ensiko Web Shell Infects Windows, Linux and MacOS Systems

Avertium Threat Report

Ensiko Web Shell Overview This threat report is about the Ensiko web shell which has a variety of operational capacities, and provides actionable intelligence on how to protect against it. The web shell is multi-platform, infecting Windows, Linux, and MacOS computers. If the system has PHP installed, the malware can infect the host. Ensiko Tactics, […]

SIGRed “Wormable” DNS Server Vulnerability is Critical to Address

Avertium Threat Report

SIGRed Overview This threat report is regarding a critical common vulnerability and exposure (CVE) for Windows DNS services disclosed in the most recent updates provided by Microsoft on 7/14/2020. The vulnerability is dubbed CVE-2020-1350 and is commonly referred to as SIGRed. This vulnerability: Allows for remote code execution Has proof-of-concept (POC) exploits available on the […]