Threat Intelligence

Customer Awareness Advisory

Deepwatch Threat Intel Teams' open-source analysis provides our assessment, mitigation, and recommendations for the latest critical threats and vulnerabilities.

Filter by:

Customer Advisory: An Attack, Leveraging Spam Email, Teams, SharePoint, and OneDrive, Potentially Linked to the Ransomware Group Sangria Tempest

Discover how the recent VEILDrive attacks utilize Microsoft Teams, SharePoint, and OneDrive to infiltrate organizations in the Finance and Insurance sectors, revealing critical gaps in detection frameworks against Java-based malware.

POC Released for Critical Ivanti Vulnerability CVE-2024-29847

Explore the details of the Ivanti Endpoint Manager vulnerability CVE-2024-29847, including the available patch and recommended actions. Protect your infrastructure from remote code execution risks with expert insights and guidance.

Customer Advisory: M365 AitM Phishing Campaign Compromises Multiple Accounts

Discover how the Deepwatch Adversary Tactics and Intelligence team is addressing a significant M365 phishing threat. Get actionable insights to protect your organization from credential harvesting and account compromise.

Attackers Exploit Chain of Vulnerabilities in ServiceNow to Dump User List

Deepwatch is warning customers and organizations regarding attackers exploiting a chain of three vulnerabilities in ServiceNow to dump the user list and collect associated meta-data from compromised instances.

Customer Awareness Advisory: CrowdStrike – Microsoft Issue Flash

Stay informed about the CrowdStrike platform update that triggered Blue Screens of Death and find out how to safely restore your Windows machines with our comprehensive guide.

PoCs Released for High Severity Vulnerability, CVE-2024-6387, in OpenSSH

Learn about the high-severity vulnerability CVE-2024-6387 in OpenSSH and the potential impacts on glibc-based LInux systems.

Active Exploitation Follows Public Release of PoC for MOVEit Transfer Vulnerability

Discover the risks and impacts of the CVE-2024-5806 vulnerabity, including the likelihood of exploitation and severe potential impacts, necessitating immediate action.

New Espionage Campaign Exploits Vulnerabilities in Cisco ASA Devices

Deepwatch shares details and actions to take in response to the ArcaneDoor espionage campaign impacting Cisco ASA Devices.

Critical Vulnerability (CVE-2024-3400) Impacting Palo Alto Networks PAN-OS Software Exploited in Limited Attacks

Deepwatch shares details on the Palo Alto Networks PAN-OS Global Protect Software exploit - what you need to know and what you need to do.

Threat Actor Exploits Critical TeamCity Vulnerability to Deploy Malware

Deepwatch has confirmed a threat actor exploited the TeamCity vulnerability CVE-2024-27198 to gain initial access, laterally move to other systems, and deploy malware. The vulnerabilities impact all JetBrains TeamCity server versions 2023.11.3 and earlier

Ivanti Connect Secure VPN Appliance Vulnerabilities (CVE-2023-46805 & CVE-2024-21887) Exploited to Deploy Webshells, Collect Credentials, and Perform Reconnaissance

Deepwatch shares full details on the Ivanti Connect Secure VPN Appliance vulnerabilities exploit- what you need to know and what you need to do.

Voice Phishing’s Success with Resetting Single Sign-on Portal Passwords Sees Sudden Surge

Deepwatch provides a full overview of the recent surge in voice phishing to reset users’ passwords & gain access to sensitive systems

NetScaler ADC and Gateway CVE-2023-3519 Actively Exploited

Exploits on NetScaler ADC & Gateway CVE-2023-3519 have been observed. Read the full report for known details, actions & recommendations

Customer Advisory: Awareness | Storm-0978 (RomCom): Cyber-espionage Campaign Targeting NATO Talks, Exploiting CVE-2023-36884

Get an in-depth analysis of recent cyber-espionage activities conducted by the threat group Storm-0978 (RomCom)

Customer Advisory: Awareness | Threat Actors Exploiting Critical Vulnerability (CVE-2023-27997) in FortiOS and FortiProxy

A FortiOS and FortiProxy vulnerability, CVE-2023-27997, has been exploited. Get historical TTP details, potential impact, and actionable mitigation strategies

Customer Advisory: Awareness | Deepwatch Observes Unauthenticated Remote Code Execution Vulnerability Exploitation in Avaya Aura Device Services

What you need to know about the Unauthenticated Remote Code Execution Vulnerability and recommendations for responding

Customer Advisory | 3CX Suffers Supply Chain Attack: Electron Windows App Drops an Unknown Infostealer

What you need to know about the 3CX Supply Chain Attack CVE-2023-29059 and recommendations for responding

Customer Advisory | Threat Actors Exploited Microsoft Outlook for Windows (CVE-2023-23397) as Early as April 2022

What you need to know about Threat Actors Exploited Microsoft Outlook for Windows CVE-2023-23397 as Early as April 2022

PoC Exploit Released for Critical Windows Word Vulnerability CVE-2023-21716

A proof of concept (POC) exploit code for Critical Windows Word Vulnerability CVE-2023-21716 has been released. Understand what you need to know

Customer Advisory | Threat Actors Actively Exploiting ManageEngine Vulnerability CVE-2022-47966

What you need to know about the active exploitation of ManageEngine Vulnerability CVE-2022-47966

Customer Advisory: Citrix ADC and Citrix Gateway Critical Vulnerability (CVE-2022-27518) Actively Exploited

Understand key details surrounding the Citrix ADC and Citrix Gateway Critical Vulnerability (CVE-2022-27518) being exploited

Customer Advisory: FortiOS SSL-VPN Vulnerability (CVE-2022-42475) Exploited in the Wild

Understand key details surrounding the FortiOS SSL-VPN Vulnerability (CVE-2022-42475) that has been actively exploited in the wild

Customer Advisory: Adversaries Are Scanning For and Exploiting Text4Shell Vulnerability (CVE-2022-42889)

The what, why, and how to respond to adversaries scanning for and exploiting Text4shell Vulnerability (CVE-2022-42889)

Customer Advisory | Microsoft Exchange Zero-day Vulnerabilities CVE-2022-41040 and CVE-2022-41082, Actively Exploited
Customer Advisory | Exploit Code Released for Critical Vulnerability, CVE-2022-27255, Affecting Thousands of Routers

Learn everything you need to know about the critical vulnerability, CVE-2022-27255, in Realtek’s SDK for eCos OS, including vulnerability details, the publicly available exploit code, and what you need to do

Customer Advisory | Microsoft’s Support Diagnostic Tool Vulnerability, AKA DogWalk, Actively Exploited
Customer Advisory | Brace for Exploitation; Hardcoded Password for Questions for Confluence App Leaked
Customer Advisory | Splunk Critical Vulnerability
Customer Advisory | Critical RCE Vulnerability in Atlassian’s Confluence Server and Data Center Actively Exploited
Customer Advisory | Microsoft Office Used to Exploit “Follina” (CVE-2022-30190) an RCE Vulnerability in Microsoft’s Support Diagnostic Tool
Customer Advisory | Critical Vulnerability in Zyxel Firewalls and VPNs Actively Exploited
Customer Advisory | Exploit Code Released for Critical RCE Vulnerability in F5s BIG-IP
Customer Advisory | Threat Actors Exploiting Critical WSO2 Vulnerability
Customer Advisory | Threat Actors Exploiting Critical VMWare Vulnerability
Customer Advisory | Spring4Shell: What You Need to Know
Customer Advisory | President Warns of Russian Government Exploring Options for Cyber Attacks
Customer Advisory | Linux Vulnerability: Dirty Pipe Has Exploit Code Released
Customer Advisory | NVIDIA Confirms Data Was Stolen as Lapsus$ Takes Credit
Customer Advisory | Cyber Attacks in Ukraine: What You Need to Know
Customer Advisory | Exploit Code Released for Critical Cisco Vulnerability: CVE-2022-20699
Customer Advisory | Critical 0-Day Vulnerability in Adobe Commerce and Magento Open Source Platforms Under Active Exploitation
Customer Advisory | Exploit Code Released for Windows 10 Vulnerability: CVE-2022-21882
Customer Advisory | PwnKit: Exploit Released for Polkit’s pkexec Component
Customer Advisory | Exploit Code Released for CVE-2022-21907: Critical Windows HTTP Vulnerability
Customer Advisory for Awareness | Grafana Issues a Security Patch After an Exploit for CVE-2021-43798 is Made Public
Customer Advisory for Awareness | With an Active Campaign Against ServiceDesk Plus, APT Expands Attack on ManageEngine
Customer Advisory for Awareness | Zero-Day Disclosed in Palo Alto Networks GlobalProtect VPN (CVE-2021-3064)
Customer Advisory for Awareness | Apache HTTP Server Actively Exploited, Patch is Available, Patch Now!
Customer Advisory for Awareness | CISA, FBI, and NSA Issue Joint Advisory Regarding Increased Conti Ransomware Attacks
Customer Advisory for Awareness | Microsoft Warns of New RCE Zero-Day Exploited in Targeted Office Attacks
Customer Advisory for Awareness | Confluence Enterprise Server & Data Center are Being Actively Exploited
Customer Advisory for Awareness | Azure Cosmos DB Flaw Could Allow for Complete Database Compromise
Customer Awareness: Windows Print Spooler RCE Vulnerability CVE-2021-36958
PetitPotam NTLM Relay Attack
CVE-2021-33909 & CVE-2021-33910 – Long Path Name in Mountpoint Flaws in the Kernel and Systemd
U.S. Federal Cybersecurity Advisory: TTPs of Chinese State-Sponsored Cyber Operations
Kaseya VSA Compromise – REvil Ransomware Attack
CVE-2021-1675 – PrintNightmare Vulnerability
CVE-2021-3044 Vulnerability: Cortex XSOAR
CVE-2021-21985 – Vulnerability Found in VMware vCenter Servers and Cloud Foundation
CVE-2021-22893 – Pulse Secure VPN Zero-Day & Active Exploits
Microsoft Exchange Server Zero-Days
Chasing Silver Sparrow: Keeping an Eye on the Mysterious macOS Malware
CVE-2021-21972 – Vulnerability Found in VMware vCenter Servers and Cloud Foundation
Windows Event 4688 – Part I – Eh to Excellent
SolarWinds Attack – Part II – Is MITRE ATT&CK Falken’s Maze?
Sudo Vulnerability
SolarWinds Attack – Part I – From Infrastructure to Endpoint
Summary of Deepwatch’s Actions in Response to Sunburst IOC
Oracle WebLogic Vulnerability
ZeroLogon Threat Review
Bad Neighbor Vulnerability
Zerologon Vulnerability
BootHole Vulnerability SPOT Report
SAP RECON Vulnerability
F5 Networks BIG-IP Vulnerabilities
SPOT Report – Palo Alto Networks Authentication Bypass
Palo Alto Networks & Cisco Kerberos Authentication Bypass
SPOT Report – Zoom Zero-Day
SPOT Report – Apache Tomcat – GhostCat
SPOT Report – Cisco – CDPwn Vulnerabilities
SPOT Report – Microsoft Crypt32 Certificate Validation flaw
SPOT Report – Citrix ADC & Gateway Vulnerability
SPOT Report – Imperva Security Breach
Seven Monkeys Vulnerability – SPOT Report – August 2019 Patch Tuesday
SPOT Report – WebLogic Remote Code Execution
SPOT Report – SACK Vulnerabilities
SPOT Report – ZombieLoad
SPOT Report – Patch Tuesday Vulnerabilities
SPOT Report – Cisco – Thrangrycat
SPOT Report – Oracle WebLogic Remote Code Execution CVE-2019-2725
1-day Vulnerabilities: The Limits of Following the Patch Tuesday Cycle
Google Chrome FileReader Vulnerability
Runc Docker Vulnerability
MS Exchange Privilege Escalation Attack
DNS Infrastructure Hijacking Campaign
IE – Scripting Engine Memory Corruption Vulnerability CVE-2018-8653
Zoom Desktop Conferencing CVE-2018-15715

Let's Talk

Ready to Become Cyber Resilient?

Meet with our managed security experts to discuss your use cases, technology and pain points and learn how Deepwatch can help.