January(56) February(146) March(137) April(491) May(161) June(162) July(242) August(171) September(238) October(161) November(135) December(70)
DATE |
NAME |
CATEGORY |
SUBCATEGORIES |
INFO |
28.2.23 |
The CYFIRMA Research team has provided a preliminary analysis of a new post- exploitation framework called EXFILTRATOR-22 a.k.a. EX-22. |
|||
28.2.23 |
RAT |
According to Bitdefender, BitRAT is a notorious remote access trojan (RAT) marketed on underground cybercriminal web markets and forums. Its price tag of $20 for lifetime access makes it irresistible to cybercriminals and helps the malicious payload spread. |
||
28.2.23 |
Based on the Xorist ransomware, MortalKombat spreads through phishing emails and targets exposed RDP instances. The malware gets planted through the BAT Loader that also delivers the Laplas Clipper malware. |
|||
28.2.23 |
CWE |
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. |
||
28.2.23 |
Exploit kits (EK) are typically used to distribute malware and other malicious programs to large numbers of victims using existing vulnerabilities in commonly-used browsers. Once a user visits the exploit kit’s web page (landing page), multiple techniques are used to identify the browser version and operating system. |
|||
27.2.23 |
FEBRUARY(2019) |
|||
27.2.23 |
VHD malware |
A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format. |
||
27.2.23 |
Stealer |
According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021 |
||
27.2.23 |
RAT |
RSA describes PlugX as a RAT (Remote Access Trojan) malware family that is around since 2008 and is used as a backdoor to control the victim's machine fully. |
||
27.2.23 |
Crypto-mining tool |
Evasive cryptojacking malware targeting macOS found lurking in pirated applications. |
||
25.2.23 |
Successful exploitation of these vulnerabilities could allow an attacker to crash the device or could allow remote code execution. |
|||
25.2.23 |
Successful exploitation of these vulnerabilities could allow a malicious attacker to make unidentified impacts such as authentication bypass, information disclosure, denial-of-service, or bypass IP address authentication. |
|||
24.2.23 |
||||
24.2.23 |
2023-02-23 -- Files for ISC Diary: URL files & WebDAV used for IcedID (Bokbot) |
The ISC diary is for Friday 2023-02-24: URL files and WebDAV used for IcedID (Bokbot) infection |
||
24.2.23 |
February(1935) |
|||
23.2.23 |
Backdoor |
Atharvan is so-named because when the malware is run, it creates a mutex named: "SAPTARISHI-ATHARVAN-101" to ensure that only one copy is running. |
||
23.2.23 |
RAT |
New Ransomware Groups On The Rise: “RedAlert,” LILITH And 0mega Leading A Wave Of Ransomware Campaigns |
||
23.2.23 |
WM virus |
Under the hood of Wslink’s multilayered virtual machine |
||
23.2.23 |
Stealer |
S1deload Stealer relies on DLL sideloading techniques to run its malicious components. It uses a legitimate, digitally-signed executable that inadvertently loads malicious code if clicked. |
||
22.2.23 |
CWE |
(CVSS score: 6.8) – The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system. |
||
22.2.23 |
CWE |
(CVSS score: 6.8) – Mitel MiVoice Connect Code Injection Vulnerability – An authenticated attacker with internal network access can trigger the flaw to execute code within the context of the application. |
||
22.2.23 |
CWE |
(CVSS score: 9.8) – IBM Aspera Faspex Code Execution Vulnerability – A remote attacker can trigger the vulnerability to execute arbitrary code on the system. |
||
22.2.23 |
CWE |
|||
22.2.23 |
CWE |
|||
22.2.23 |
CWE |
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209 |
||
22.2.23 |
CWE |
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. |
||
22.2.23 |
CWE |
The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. |
||
22.2.23 |
CWE |
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. |
||
22.2.23 |
CWE |
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. |
||
22.2.23 |
Mylobot is a malware that targets Windows systems, it first appeared in 2017 and until now hasn’t received much attention over the years. |
|||
21.2.23 |
Stealer |
Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 1 |
||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
inurl:administrator/components/com_ |
|||
21.2.23 |
inurl:administrator/components/com_ |
|||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
||||
21.2.23 |
RAT |
APT SideCopy Targeting Indian Government Entities - Analysis of the new version of ReverseRAT |
||
20.2.23 |
Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2 |
TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01 are susceptible to two vulnerabilities |
||
20.2.23 |
WebApps |
# Exploit Title: pfBlockerNG 2.1.4_26 - Remote Code Execution (RCE) |
||
20.2.23 |
ICSA-23-047-01 : Siemens Solid Edge |
|||
20.2.23 |
ICSMA-21-187-01 : Philips Vue PACS (Update C) |
|||
20.2.23 |
ICSA-23-052-01 : Mitsubishi Electric MELSOFT iQ AppPortal |
|||
18.2.23 |
Backdoor |
Security researchers have discovered a new backdoor called WhiskerSpy used in a campaign from a relatively new advanced threat actor tracked as Earth Kitsune, known for targeting individuals showing an interest in North Korea. |
||
18.2.23 |
Android |
The malware has multiple stages, payloads and exfiltrates data from the Android device continually. |
||
18.2.23 |
CWE |
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. |
||
18.2.23 |
CWE |
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action. |
||
18.2.23 |
Amid rising tensions between Azerbaijan and Armenia over the Lachin corridor in late 2022, Check Point Research identified a malicious campaign against entities in Armenia. The malware distributed in this campaign is a new version of a backdoor we track as OxtaRAT, an AutoIt-based tool for remote access and desktop surveillance. |
|||
18.2.23 |
RAT |
Operation Silent Watch: Desktop Surveillance in Azerbaijan and Armenia |
||
18.2.23 |
Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. |
|||
18.2.23 |
A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. |
|||
18.2.23 |
ClamAV 0.104 has reached end-of-life according to the ClamAV End of Life (EOL) policy and will not be patched. Anyone using ClamAV 0.104 must switch to a supported version. All users should update as soon as possible to patch for two remote code execution vulnerabilities that we recently discovered and patched. |
|||
18.2.23 |
|
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. |
||
18.2.23 |
|
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. |
||
18.2.23 |
RAT |
'Purple Fox' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks |
||
18.2.23 |
CWE |
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions) |
||
18.2.23 |
CWE |
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. |
||
18.2.23 |
CWE |
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. |
||
15.2.23 |
RAT |
The RedEyes group is known to steal personal PC information as well as mobile phone data targeting specific individuals, not companies. |
||
15.2.23 |
Backdoor |
Stairwell assesses with medium-high confidence that GOLDBACKDOOR is the successor of, or used in parallel with, the malware BLUELIGHT, attributed to APT37 / Ricochet Chollima. |
||
15.2.23 |
CWE |
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. |
||
15.2.23 |
Dropper |
Once we dug into this sample, we observed the use of a significant amount of evasion techniques. |
||
15.2.23 |
(CVSS score: 7.8) - Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability |
|||
15.2.23 |
(CVSS score: 7.8) - Windows Graphics Component Elevation of Privilege Vulnerability |
|||
15.2.23 |
(CVSS score: 7.3) - Microsoft Office Security Feature Bypass Vulnerability |
|||
14.2.23 |
Out-of-bounds Write |
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
||
14.2.23 |
This is a critical vulnerability that is already actively exploited. The type confusion vulnerability in webKit and it is already exploited. |
|||
14.2.23 |
A kernel vulnerability that may allow an application installed on the device to execute arbitrary code with kernel privileges |
|||
14.2.23 |
This vulnerability in Shortcuts may allow an app to observe unprotected user data. It only affects macOS. |
|||
14.2.23 |
CWE |
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. |
||
14.2.23 |
Malware |
Tracking the entire iceberg: long-term APT malware C2 protocol emulation and scanning |
||
14.2.23 |
Malware |
QuickMute is a malware developed using the C/C++ programming language. |
||
14.2.23 |
CWE |
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. |
||
14.2.23 |
||||
14.2.23 |
Android |
First clipper malware discovered on Google Play |
||
14.2.23 |
Stealer |
Rhadamanthys is a stealer trojan that is written in C++ and compiled on 2022-08-22, according to the information received from the hacker, Stealer is still under development. |
||
12.2.23 |
Phishing |
“Crypto drainers” are malicious scripts that function like e-skimmers and are deployed with phishing techniques to steal victims’ crypto assets. |
||
12.2.23 |
Stealer |
Information stealers are malware designed to steal sensitive information from infected computers, such as login credentials, financial data, and personal information |
||
12.2.23 |
Stealer |
We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures. |
||
12.2.23 |
CWE |
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2. |
||
12.2.23 |
CWE |
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. |
||
12.2.23 |
CWE |
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. |
||
11.2.23 |
Malware |
This malware is delivered by an ISO file, with an DLL inside with a custom loader. Because of the unique user-agent "bumblebee" this malware was dubbed BUMBLEBEE. |
||
11.2.23 |
Backdoor |
Anchor is a sophisticated backdoor served as a module to a subset of TrickBot installations. |
||
11.2.23 |
Backdoor |
BazarBackdoor is a small backdoor, probably by a TrickBot "spin-off" like anchor. Its called team9 backdoor (and the corresponding loader: team9 restart loader). |
||
11.2.23 |
Ransomware |
A ransomware with potential ties to Wizard Spider. |
||
11.2.23 |
Python3 script which decrypts files encrypted by flawed Cl0p ELF variant. |
|||
11.2.23 |
RAT |
According to Security Ninja, Gh0st RAT (Remote Access Terminal) is a trojan “Remote Access Tool” used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth. |
||
11.2.23 |
Crypter |
FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware. |
||
11.2.23 |
RAT |
CloudEyE (initially named GuLoader) is a small VB5/6 downloader. |
||
11.2.23 |
Banking Malware |
That said, on top of this evolution, one of the most crucial elements which have been disrupting the current state-of-art of anti-fraud departments is Instant Payments. |
||
11.2.23 |
Vulnerebility |
A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. |
||
9.2.23 |
Advanced Espionage Tool |
A previously unknown threat actor is targeting organizations in Pakistan using a complex payload delivery mechanism. |
||
9.2.23 |
THREAT ALERT: GootLoader - SEO Poisoning and Large Payloads Leading to Compromise |
|||
9.2.23 |
CWE |
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. |
||
9.2.23 |
Vulnerebility |
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. |
||
8.2.23 |
Military Malware |
This malware was seen during the cyberattacks on Ukrainian state organizations. It is one of two used backdoors written in Go and attributed to UAC-0056 (SaintBear, UNC2589, TA471). |
||
8.2.23 |
Military Malware |
This malware was seen during the cyberattacks on Ukrainian state organizations. It is one of two used backdoors written in Go and attributed to UAC-0056 (SaintBear, UNC2589, TA471). |
||
8.2.23 |
Military Malware |
Russia-linked Nodaria group has deployed a new threat designed to steal a wide range of information from infected computers. |
||
8.2.23 |
Anti-Ransom |
ESXiArgs-Recover is a tool to allow organizations to attempt recovery of virtual machines affected by the ESXiArgs ransomware attacks. |
||
8.2.23 |
RAT |
Remcos (acronym of Remote Control & Surveillance Software) is a Remote Access Software used to remotely control computers. |
||
7.2.23 |
Backdoor |
We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. |
||
7.2.23 |
CWE |
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. |
||
7.2.23 |
CWE |
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. |
||
7.2.23 |
CWE |
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). |
||
7.2.23 |
CWE |
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. |
||
5.2.23 |
During Q4 2022, WithSecure™ detected and responded to a cyber attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus Group. |
|||
4.2.23 |
New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities |
|||
4.2.23 |
SH1MMER is an exploit capable of completely unenrolling enterprise-managed Chromebooks. |
|||
4.2.23 |
In September of last year, our Incident Response team was called to an incident that was identified as an attempt of social engineering an online customer service platform. |
|||
4.2.23 |
PoS Malware |
Prilex is a singular threat actor that has evolved from ATM-focused malware into unique modular PoS malware—actually, the most advanced PoS threat we have seen so far, |
||
4.2.23 |
Wiper |
Industroyer is a malware framework considered to have been used in the cyberattack on Ukraine’s power grid on December 17, 2016. |
||
4.2.23 |
Wiper |
Overview of the Cyber Weapons Used in the Ukraine - Russia War |
||
4.2.23 |
Wiper |
A conflict in cyberspace is unfolding parallel to the conflict between Russia and Ukraine on the ground. |
||
4.2.23 |
Wiper |
There is no description at this point. |
||
4.2.23 |
Wiper |
According to SentinelLabs, HermeticWiper is a custom-written application with very few standard functions. |
||
3.2.23 |
Wiper |
CaddyWiper is another destructive malware believed to be deployed to target Ukraine. |
||
3.2.23 |
Cyber criminals increasingly rely on packers to carry out their malicious activities. The packer, also referred to as “Crypter” and “FUD” on hacking forums, makes it harder for antivirus programs to detect the malicious code. By using a packer, malicious actors can spread their malware more easily with fewer repercussions |
|||
3.2.23 |
Stealer |
The Uptycs threat research team recently discovered a campaign involving the Titan Stealer malware, which is being marketed and sold by a threat actor (TA) through a Telegram channel for cybercrime purposes. |
||
3.2.23 |
CWE |
A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. |
||
3.2.23 |
Beginning in 2022, UNC2565 began incorporating notable changes to the tactics, techniques, and procedures (TTPs) used in its operations. |
|||
3.2.23 |
CWE |
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. |