Threat Intelligence

AMARU would like to draw your attention to an advisory published by the UK’s National Cyber Security Centre (NCSC UK) which details recent tactics, techniques and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes or Cozy Bear. The NCSC UK and international partners assess that APT29 is a cyber espionage...

// Overview  On February 19th, 2024, ConnectWise released a security advisory for its remote monitoring and management (RMM) software. The advisory highlighted two vulnerabilities that impact older versions of  ScreenConnect and have been mitigated in version 23.9.8 and later. CVE-2024-1709 (CWE-288)— Authentication Bypass Using Alternate Path or Channel...

Amaru’s MDR is aware of an active ransomware campaign targeting unpatched VMware ESXi hosts facing the public internet. On February 3rd, 2023 the French National CERT first reported a threat actor campaign targeting VMware ESXi hypervisors with the aim of deploying ransomware. The initial access vector is CVE-2021-21974, a vulnerability that allows an...

Okta has provided additional information on the timeline of the incident affecting their services. In summary, the Okta service confirmed the breach by Lapsus$ group yesterday. As per Okta has confirmed ‘The Okta service is fully operational, and there are no corrective actions our customers need to take.‘ Okta has also concluded that a small percentage of...

Since the news of this critical RCE (CVE-2021-44228) in Apache log4j was made public on Friday, Simplify Security’s MTR team has been investigating activity to improve detection and response capabilities. As a quick summary, this vulnerability results from how log4j handles processing log messages when sent a specially crafted message by an attacker. This...