Ransomware Report: trends and analysis Q2 2022

Ransomware Report: trends and analysis Q2 2022

As speculated in the report published by Swascan analysing ransomware activity in January-March 2022, ransomware was also confirmed as the number one threat in the global computer security landscape in Q2 of the same year. The second quarter of 2022 actually shows how ransomware gangs remained “enemy number one” in terms of threats and continued […]

DISCOVER MORE
LockBit 3.0: Dynamic malware analysis

LockBit 3.0: Dynamic malware analysis

Author: Fabio Pensa LockBit 2.0 ransomware, during the last weeks, has been updated through the releasing of a new version and the announcing of a bug bounty program: in exchange of money it is possible to report to the developers of the threat possible bugs and security vulnerabilities to make it as evasive as possible […]

DISCOVER MORE
Security Advisory: Teclib – GLPI >= 9.3.0 (CVE-2022-31061)

Security Advisory: Teclib – GLPI >= 9.3.0 (CVE-2022-31061)

Swascan Offensive Security Team has identified 1 critical vulnerability on Teclib digital assets during a Penetration Test on a customer that use the software GLPI. Teclib Teclib is an open-source software editor that offers a vast range of fully integrated open-source technology packages, to better respond to business needs. Product description GLPI is a Free […]

DISCOVER MORE
Chrome Loader: malware analysis

Chrome Loader: malware analysis

Author: Fabio Pensa During the last weeks a new browser hijacking and browser infection threat emerged, called ChromeLoader, which is used especially to inject malicious browser extensions, advertisements and browser settings modifications, for example searches of the user. Browser extensions can permit to add functionalities and utilities to manage better the navigation experience of the […]

DISCOVER MORE
Security Advisory: Solar-Log

Security Advisory: Solar-Log

Research by: Andrea D’Ubaldo, Antonio Montillo Swascan discovered a backdoor in Solar-Log GmbH’s Photovoltaic (PV) monitoring devices with direct impact on thousands of customers. The backdoor could allow an unauthenticated attacker to access remotely to super admin functionalities and restricted area. Technical Summary Vulnerability CVSSv3.1 CWE Hidden Functionality in slcore component v4.2.7 up to v5.1.1 […]

DISCOVER MORE
Security Advisory: Docebo Community Edition <= 4.0.5

Security Advisory: Docebo Community Edition <= 4.0.5

Product description Swascan Offensive Security Team has identified multiple vulnerabilities on Docebo Community Edition 4.0.5, an open source e-learning platform also defined as Learning Management System. Technical summary Swascan’s Cyber Security Team discovered important vulnerabilities on Docebo CE <= v.4.0.5 Vulnerability CVSS 3.1 Docebo CE <= 4.0.5 – SQL Injection (unauthenticated) 8.6 – High[AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L] Docebo […]

DISCOVER MORE
Ransomware Analysis: Black Basta

Ransomware Analysis: Black Basta

Black Basta Ransomware is a new ransomware which, in a few weeks, already reaped important victims.  Swascan SOC Team intercepted and analyzed this ransomware threat, verifying that it contains encrypted and obfuscated payloads to make more difficult to understand the behavior of the threat during the encryption and infection phases, as we can see from […]

DISCOVER MORE
Security Advisory: Libnmap <= 0.7.2 (CVE-2022-30284)

Security Advisory: Libnmap <= 0.7.2 (CVE-2022-30284)

Swascan Offensive Security Team has identified a severe vulnerability on the python-libnmap Python library (https://pypi.org/project/python-libnmap/). Python-libnmap Python-libnmap is a python library that enables python developers to manipulate nmap process and data. The library offers the following features: automate or schedule nmap scans on a regular basis manipulate nmap scans results to do reporting compare and […]

DISCOVER MORE
Emotet: signature-based evasion & malleable executable

Emotet: signature-based evasion & malleable executable

Analysis by Daniele Capponi – Cyber Security Analyst Swascan We recently came across an interesting finding concerning Emotet’s infection kill-chain, which usually starts with the phishing email followed by the download of an excel macro then its execution, which acts as the DLL dropper and finally leads to malware infection. Signature We had a look […]

DISCOVER MORE
Security Advisory: Alt-n Security Gateway (CVE-2022-25356)

Security Advisory: Alt-n Security Gateway (CVE-2022-25356)

Swascan Offensive Security Team has identified 1 vulnerability on Alt-n Security Gateway product, the vulnerability was found during a Penetration Test. Product description Alt-n develops and manufactures products and solutions for companies to help them be more safe against phishing attacks, malwares and much more, Security Gateway accomplishes that goal giving protection from external/internal email […]

DISCOVER MORE