CVE-2020-0684, Windows .LNK Files

Avertium Threat Report

CVE-2020-0684 Overview This report is about a vulnerability called CVE-2020-0684 which affects multiple versions of the Microsoft Windows operating system. The vulnerability is due to a mishandling of a specific file type where successful exploitation generally depends on social engineering. There are multiple patches available from Microsoft depending on the type of operating system in […]

ManageEngine Desktop Central, CVE-2020-10189

Avertium Threat Report

CVE-2020-10189 Overview This report is about a vulnerability dubbed CVE-2020-10189 in the ManageEngine Desktop Central software. This software is used to control remote systems with use cases such as IT support. CVE-2020-10189 has been addressed by the vendor with a patch. Tactics, Techniques, and Procedures The CVE-2020-10189 vulnerability is caused by the de-serialization of data […]

CVE-2020-1938, GhostCat Vulnerability

Avertium Threat Report

GhostCat Overview This report is about a vulnerability given the identification of CVE-2020-1938 which affects the Apache Tomcat software package. Apache Tomcat is a Java based program that allows website maintainers to serve content with the Java programming language. CVE-2020-1938 has been addressed by the Apache Tomcat maintainers with a patch, but patch availability depends […]

KBOT Virus

Avertium Threat Report

KBOT Overview This report is about a new virus referred to as “KBOT” by security researchers. The virus is built to inject into executable files and core Windows processes and its purposes is to steal sensitive information from infected hosts. Tactics, Techniques, and Procedures KBOT targets the user’s personal and financial data such as user […]

Updates on North Korea’s HIDDEN COBRA

Avertium Threat Report

Overview This report provides updates to North Korea’s HIDDEN COBRA (Lazarus) toolset along with changes in their tactical operations. While their tactics, techniques and procedures haven’t changed significantly, the toolset updates indicate an advancement in their technical capability. HIDDEN COBRA has modified and/or created new malware toolsets including the previously reported HOPLIGHT trojan. Tactics, Techniques, […]

NOTROBIN Malware Exploiting Citrix CVE-2019-19781

Avertium Threat Report

NOTROBIN Malware Overview This report explains NOTROBIN, a backdoor trojan that exploits the highly-publicized Citrix vulnerability known as CVE-2019-19781.  NOTROBIN isn’t the first bit of malware to exploit this Citrix vulnerability, but it has unique features and an infection pattern that’s noteworthy. The malware itself is very similar to some other Linux/UNIX infections. It uses a […]

The ABCs of CVE-2020-0601

Avertium Threat Report

CVE-2020-0601 Overview This report is about a recently disclosed vulnerability found in various Microsoft products known as CVE-2020-0601 (CVE stands for Common Vulnerabilities and Exposures). The vulnerability stems from a component in Windows called Crypt32.dll which handles the code signing of certificate information. The vulnerability isn’t currently being exploited or scanned for in the wild, […]

Citrix CVE-2019-19781: The Facts

Avertium Threat Report

Citrix CVE-2019-19781 Overview Citrix announced a vulnerability in the Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway just before holidays and the vulnerability has recently been targeted by remote attackers for possible exploitation as it’s being scanned for in the wild. A proof of concept […]

Operation Wocao

Avertium Threat Report

CVE-2020-0601 Overview This report is about a malware campaign called Operation Wocao which was likely carried out by a nation state actor with potential links to APT20. The initial point of entry seems to be public facing infrastructure using common attack vectors. The main purpose of this campaign is the extraction of customer data and […]