Threat Intelligence

Customer Awareness Advisory

Deepwatch Threat Intel Teams' open-source analysis provides our assessment, mitigation, and recommendations for the latest critical threats and vulnerabilities.

Get access to all the critical information you need to be successful

Customer Awareness Advisory

Voice Phishing’s Success with Resetting Single Sign-on Portal Passwords Sees Sudden Surge

NetScaler ADC and Gateway CVE-2023-3519 Actively Exploited

Customer Advisory: Awareness | Storm-0978 (RomCom): Cyber-espionage Campaign Targeting NATO Talks, Exploiting CVE-2023-36884

Customer Advisory: Awareness | Threat Actors Exploiting Critical Vulnerability (CVE-2023-27997) in FortiOS and FortiProxy

Customer Advisory: Awareness | Deepwatch Observes Unauthenticated Remote Code Execution Vulnerability Exploitation in Avaya Aura Device Services

Customer Advisory | 3CX Suffers Supply Chain Attack: Electron Windows App Drops an Unknown Infostealer

Customer Advisory | Threat Actors Exploited Microsoft Outlook for Windows (CVE-2023-23397) as Early as April 2022

PoC Exploit Released for Critical Windows Word Vulnerability CVE-2023-21716

Customer Advisory | Threat Actors Actively Exploiting ManageEngine Vulnerability CVE-2022-47966

Customer Advisory: Citrix ADC and Citrix Gateway Critical Vulnerability (CVE-2022-27518) Actively Exploited

Customer Advisory: FortiOS SSL-VPN Vulnerability (CVE-2022-42475) Exploited in the Wild

Customer Advisory: Adversaries Are Scanning For and Exploiting Text4Shell Vulnerability (CVE-2022-42889)

Customer Advisory | Microsoft Exchange Zero-day Vulnerabilities CVE-2022-41040 and CVE-2022-41082, Actively Exploited

Customer Advisory | Exploit Code Released for Critical Vulnerability, CVE-2022-27255, Affecting Thousands of Routers

Customer Advisory | Microsoft’s Support Diagnostic Tool Vulnerability, AKA DogWalk, Actively Exploited

Customer Advisory | Brace for Exploitation; Hardcoded Password for Questions for Confluence App Leaked

Customer Advisory | Splunk Critical Vulnerability

Customer Advisory | Critical RCE Vulnerability in Atlassian’s Confluence Server and Data Center Actively Exploited

Customer Advisory | Microsoft Office Used to Exploit “Follina” (CVE-2022-30190) an RCE Vulnerability in Microsoft’s Support Diagnostic Tool

Customer Advisory | Critical Vulnerability in Zyxel Firewalls and VPNs Actively Exploited

Customer Advisory | Exploit Code Released for Critical RCE Vulnerability in F5s BIG-IP

Customer Advisory | Threat Actors Exploiting Critical WSO2 Vulnerability

Customer Advisory | Threat Actors Exploiting Critical VMWare Vulnerability

Customer Advisory | Spring4Shell: What You Need to Know

Customer Advisory | President Warns of Russian Government Exploring Options for Cyber Attacks

Customer Advisory | Linux Vulnerability: Dirty Pipe Has Exploit Code Released

Customer Advisory | NVIDIA Confirms Data Was Stolen as Lapsus$ Takes Credit

Customer Advisory | Cyber Attacks in Ukraine: What You Need to Know

Customer Advisory | Exploit Code Released for Critical Cisco Vulnerability: CVE-2022-20699

Customer Advisory | Critical 0-Day Vulnerability in Adobe Commerce and Magento Open Source Platforms Under Active Exploitation

Customer Advisory | Exploit Code Released for Windows 10 Vulnerability: CVE-2022-21882

Customer Advisory | PwnKit: Exploit Released for Polkit’s pkexec Component

Customer Advisory | Exploit Code Released for CVE-2022-21907: Critical Windows HTTP Vulnerability

Customer Advisory for Awareness | Grafana Issues a Security Patch After an Exploit for CVE-2021-43798 is Made Public

Customer Advisory for Awareness | With an Active Campaign Against ServiceDesk Plus, APT Expands Attack on ManageEngine

Customer Advisory for Awareness | Zero-Day Disclosed in Palo Alto Networks GlobalProtect VPN (CVE-2021-3064)

Customer Advisory for Awareness | Apache HTTP Server Actively Exploited, Patch is Available, Patch Now!

Customer Advisory for Awareness | CISA, FBI, and NSA Issue Joint Advisory Regarding Increased Conti Ransomware Attacks

Customer Advisory for Awareness | Microsoft Warns of New RCE Zero-Day Exploited in Targeted Office Attacks

Customer Advisory for Awareness | Confluence Enterprise Server & Data Center are Being Actively Exploited

Customer Advisory for Awareness | Azure Cosmos DB Flaw Could Allow for Complete Database Compromise

Customer Awareness: Windows Print Spooler RCE Vulnerability CVE-2021-36958

PetitPotam NTLM Relay Attack

CVE-2021-33909 & CVE-2021-33910 – Long Path Name in Mountpoint Flaws in the Kernel and Systemd

U.S. Federal Cybersecurity Advisory: TTPs of Chinese State-Sponsored Cyber Operations

Kaseya VSA Compromise – REvil Ransomware Attack

CVE-2021-1675 – PrintNightmare Vulnerability

CVE-2021-3044 Vulnerability: Cortex XSOAR

CVE-2021-21985 – Vulnerability Found in VMware vCenter Servers and Cloud Foundation

CVE-2021-22893 – Pulse Secure VPN Zero-Day & Active Exploits

Microsoft Exchange Server Zero-Days

Chasing Silver Sparrow: Keeping an Eye on the Mysterious macOS Malware

CVE-2021-21972 – Vulnerability Found in VMware vCenter Servers and Cloud Foundation

Windows Event 4688 – Part I – Eh to Excellent

SolarWinds Attack – Part II – Is MITRE ATT&CK Falken’s Maze?

Sudo Vulnerability

SolarWinds Attack – Part I – From Infrastructure to Endpoint

Summary of Deepwatch’s Actions in Response to Sunburst IOC

Oracle WebLogic Vulnerability

ZeroLogon Threat Review

Bad Neighbor Vulnerability

Zerologon Vulnerability

BootHole Vulnerability SPOT Report

SAP RECON Vulnerability

F5 Networks BIG-IP Vulnerabilities

SPOT Report – Palo Alto Networks Authentication Bypass

Palo Alto Networks & Cisco Kerberos Authentication Bypass

SPOT Report – Zoom Zero-Day

SPOT Report – Apache Tomcat – GhostCat

SPOT Report – Cisco – CDPwn Vulnerabilities

SPOT Report – Microsoft Crypt32 Certificate Validation flaw

SPOT Report – Citrix ADC & Gateway Vulnerability

SPOT Report – Imperva Security Breach

Seven Monkeys Vulnerability – SPOT Report – August 2019 Patch Tuesday

SPOT Report – WebLogic Remote Code Execution

SPOT Report – SACK Vulnerabilities

SPOT Report – ZombieLoad

SPOT Report – Patch Tuesday Vulnerabilities