Ransomware Report: trends and analysis Q2 2022
As speculated in the report published by Swascan analysing ransomware activity in January-March 2022, ransomware was also confirmed as the number one threat in the global computer security landscape in Q2 of the same year. The second quarter of 2022 actually shows how ransomware gangs remained “enemy number one” in terms of threats and continued […]
DISCOVER MORELockBit 3.0: Dynamic malware analysis
Author: Fabio Pensa LockBit 2.0 ransomware, during the last weeks, has been updated through the releasing of a new version and the announcing of a bug bounty program: in exchange of money it is possible to report to the developers of the threat possible bugs and security vulnerabilities to make it as evasive as possible […]
DISCOVER MORESecurity Advisory: Teclib – GLPI >= 9.3.0 (CVE-2022-31061)
Swascan Offensive Security Team has identified 1 critical vulnerability on Teclib digital assets during a Penetration Test on a customer that use the software GLPI. Teclib Teclib is an open-source software editor that offers a vast range of fully integrated open-source technology packages, to better respond to business needs. Product description GLPI is a Free […]
DISCOVER MOREChrome Loader: malware analysis
Author: Fabio Pensa During the last weeks a new browser hijacking and browser infection threat emerged, called ChromeLoader, which is used especially to inject malicious browser extensions, advertisements and browser settings modifications, for example searches of the user. Browser extensions can permit to add functionalities and utilities to manage better the navigation experience of the […]
DISCOVER MORESecurity Advisory: Solar-Log
Research by: Andrea D’Ubaldo, Antonio Montillo Swascan discovered a backdoor in Solar-Log GmbH’s Photovoltaic (PV) monitoring devices with direct impact on thousands of customers. The backdoor could allow an unauthenticated attacker to access remotely to super admin functionalities and restricted area. Technical Summary Vulnerability CVSSv3.1 CWE Hidden Functionality in slcore component v4.2.7 up to v5.1.1 […]
DISCOVER MORESecurity Advisory: Docebo Community Edition <= 4.0.5
Product description Swascan Offensive Security Team has identified multiple vulnerabilities on Docebo Community Edition 4.0.5, an open source e-learning platform also defined as Learning Management System. Technical summary Swascan’s Cyber Security Team discovered important vulnerabilities on Docebo CE <= v.4.0.5 Vulnerability CVSS 3.1 Docebo CE <= 4.0.5 – SQL Injection (unauthenticated) 8.6 – High[AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L] Docebo […]
DISCOVER MORERansomware Analysis: Black Basta
Black Basta Ransomware is a new ransomware which, in a few weeks, already reaped important victims. Swascan SOC Team intercepted and analyzed this ransomware threat, verifying that it contains encrypted and obfuscated payloads to make more difficult to understand the behavior of the threat during the encryption and infection phases, as we can see from […]
DISCOVER MORESecurity Advisory: Libnmap <= 0.7.2 (CVE-2022-30284)
Swascan Offensive Security Team has identified a severe vulnerability on the python-libnmap Python library (https://pypi.org/project/python-libnmap/). Python-libnmap Python-libnmap is a python library that enables python developers to manipulate nmap process and data. The library offers the following features: automate or schedule nmap scans on a regular basis manipulate nmap scans results to do reporting compare and […]
DISCOVER MOREEmotet: signature-based evasion & malleable executable
Analysis by Daniele Capponi – Cyber Security Analyst Swascan We recently came across an interesting finding concerning Emotet’s infection kill-chain, which usually starts with the phishing email followed by the download of an excel macro then its execution, which acts as the DLL dropper and finally leads to malware infection. Signature We had a look […]
DISCOVER MORESecurity Advisory: Alt-n Security Gateway (CVE-2022-25356)
Swascan Offensive Security Team has identified 1 vulnerability on Alt-n Security Gateway product, the vulnerability was found during a Penetration Test. Product description Alt-n develops and manufactures products and solutions for companies to help them be more safe against phishing attacks, malwares and much more, Security Gateway accomplishes that goal giving protection from external/internal email […]
DISCOVER MORE