Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2021

Agent Tesla Delivers Oski Stealer

Cyberint Research observed a number of unsolicited malicious email (malspam) campaigns throughout July 2021 in which Agent Tesla has been used to deliver 'Oski Stealer' to a variety of targets worldwide. First observed around November 2019, Oski Stealer is a popular threat, used to gather credentials and/or financial data from victims, and is readily available to purchase on various cybercriminal forums, typically advertised by a threat actor known as 'oski_seller', for around US$70-100.

HiveNightmare / SeriousSAM (CVE-2021-36934)

First coming to light as a local elevation of privilege vulnerability affecting pre-release versions of Windows 11 (Figure 1), subsequent investigations into the issue, namely sensitive registry hive files being accessible to all users when 'System Protection' is enabled, confirm that it also affects Windows 10. Initially dubbed 'HiveNightmare' and 'SeriousSAM' by security researchers, CVE-2021-36934 has been assigned to this vulnerability although the CVSS score has yet to be determined.