Threat Intelligence

Amaru would like to draw your attention to a crucial alert we received from The National Cyber Security Centre (NCSC) regarding two zero-day vulnerabilities discovered in Microsoft Products. These vulnerabilities pose severe threats to the security of organisations and individuals alike. Vulnerability Details: 1. CVE-2024-21410 – Microsoft Exchange Server:...

AMARU would like to draw your attention to an advisory published by the UK’s National Cyber Security Centre (NCSC UK) which details recent tactics, techniques and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes or Cozy Bear. The NCSC UK and international partners assess that APT29 is a cyber espionage...

// Overview  On February 19th, 2024, ConnectWise released a security advisory for its remote monitoring and management (RMM) software. The advisory highlighted two vulnerabilities that impact older versions of  ScreenConnect and have been mitigated in version 23.9.8 and later. CVE-2024-1709 (CWE-288)— Authentication Bypass Using Alternate Path or Channel...

Amaru’s MDR is aware of an active ransomware campaign targeting unpatched VMware ESXi hosts facing the public internet. On February 3rd, 2023 the French National CERT first reported a threat actor campaign targeting VMware ESXi hypervisors with the aim of deploying ransomware. The initial access vector is CVE-2021-21974, a vulnerability that allows an...

Okta has provided additional information on the timeline of the incident affecting their services. In summary, the Okta service confirmed the breach by Lapsus$ group yesterday. As per Okta has confirmed ‘The Okta service is fully operational, and there are no corrective actions our customers need to take.‘ Okta has also concluded that a small percentage of...