Earth Preta aka Mustang Panda APT Group – Active IOCs

June 10, 2024

Sticky Werewolf Launches Cyberattacks Targeting Belarus and Russia – Active IOCs

June 10, 2024

Multiple SolarWinds Products Vulnerabilities

June 10, 2024

Severity

High

Analysis Summary

CVE-2024-28999 CVSS:6.4

SolarWinds Platform could allow a remote attacker to obtain sensitive information, caused by a race condition in the Web console. An attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-28995 CVSS:8.6

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

Impact

Gain Access
Information Disclosure

Indicators of Compromise

CVE

CVE-2024-28999
CVE-2024-28995

Affected Vendors

SolarWinds

Affected Products

SolarWinds Platform 2024.1.1 and previous versions
SolarWinds Serv-U 15.4.2 HF 1 and previous versions

Remediation

Upgrade to the latest version of SolarWinds Products, available from the SolarWinds Website.

CVE-2024-28999

CVE-2024-28995

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

CVE-2025-31324 – SAP NetWeaver Vulnerability

APT34 Abuses Port 8080 for Fake 404 Pages and Reuse SSH Keys – Active IOCs

Lazarus APT Executes Multi-Stage Attack via Operation SyncHole – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Earth Preta aka Mustang Panda APT Group – Active IOCs

Sticky Werewolf Launches Cyberattacks Targeting Belarus and Russia – Active IOCs

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.