Rewterz Threat Alert – Donot APT Group – Active IOCs

September 5, 2022

Rewterz Threat Advisory – CVE-2022-2250 – GitLab Vulnerability

September 6, 2022

Rewterz Threat Advisory – Multiple Apache IoTDB Vulnerabilities

September 6, 2022

Severity

High

Analysis Summary

CVE-2022-38370 CVSS:7.5

Apache IoTDB could allow a remote attacker to obtain sensitive information, caused by improper authorization validation by the interface in the grafana-connector. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain the internal structure information, and use this information to launch further attacks against the affected system.

CVE-2022-38369 CVSS:8.1

Apache IoTDB could allow a remote attacker to hijack a user’s session. By persuading a victim to click on a specially-crafted Web site, an attacker could exploit this vulnerability to gain access to another user’s session.

Impact

Information Disclosure

Indicators Of Compromise

CVE

CVE-2022-38370
CVE-2022-38369

Affected Vendors

Apache

Affected Products

Apache IoTDB 0.13.0

Remediation

Upgrade to the latest version of Apache IoTDB, available from the Apache Web site.

Apache Website

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Microsoft Alerts on Node.js Exploitation in Malware Campaigns

ICS: Multiple Rockwell Automation ThinManager Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Donot APT Group – Active IOCs

Rewterz Threat Advisory – CVE-2022-2250 – GitLab Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.