Activity Summary - Week Ending Mar 18, 2022

Cyber Security tips and recommendations
Post Reply
MikePeller
Posts: 111
Joined: Fri Dec 02, 2005 9:39 am
Location: Tucson
Contact:

Activity Summary - Week Ending Mar 18, 2022

Post by MikePeller »

APT41 Compromised Six U.S. State Government Networks – FortiGuard Labs is aware of a report that threat actor APT41 compromised at least six networks belonging to U.S. state governments between May 2021 and February 2022. To gain a foothold into the victim's network, the threat actor used a number of different attack vectors: exploiting vulnerable internet-facing web applications and directory traversal vulnerabilities, performing SQL injection, and conducting deserialization attacks. The intent of APT41 appears to be reconnaissance, though how the stolen information is to be used has not yet been determined.

Top threats
Apache.Log4j.Error.Log.Remote.Code.Execution
Apache.Log4j.Error.Log.Remote.Code.Execution (CVE-2021-4104 CVE-2021-45046 CVE-2021-44228)
ZOHO.ManageEngine.DC.getChartImage.Remote.Code.Execution (CVE-2020-10189)
Citrix.Application.Delivery.Controller.VPNs.Directory.Traversal (CVE-2019-19781)
Confluence.Widget.Connector.macro.Path.Traversal (CVE-2019-3396)
MS.Office.EQNEDT32.EXE.Equation.Parsing.Memory.Corruption (CVE-2017-11882 CVE-2018-0798 CVE-2018-0802)
MS.Office.RTF.File.OLE.autolink.Code.Execution (CVE-2017-0199 CVE-2017-8570)
MS.Office.RTF.Array.Out.of.bounds.Memory.Corruption (CVE-2015-1641)
MS.Windows.MSCOMCTL.ActiveX.Control.Remote.Code.Execution (CVE-2012-0158)
MS.Windows.MSCOMCTL.ActiveX.Control.Code.Execution (CVE-2012-0158)
Post Reply