January(56) February(146) March(137) April(491) May(161) June(162) July(242) August(171) September(238) October(161) November(135) December(70)
|
DATE |
NAME |
CATEGORY |
SUBCATEGORIES |
INFO |
|
28.1.23 |
named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota |
|||
|
28.1.23 |
named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries |
|||
|
28.1.23 |
BIND Supported Preview Edition named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries |
|||
|
28.1.23 |
An UPDATE message flood may cause named to exhaust all available memory |
|||
|
28.1.23 |
The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. |
|||
|
28.1.23 |
From November 2017 to October 2018, we attributed 14 campaigns to the GC threat actors that used a specific MaaS provider |
|||
|
28.1.23 |
RAT |
Orcus has been advertised as a Remote Administration Tool (RAT) since early 2016. It has all the features that would be expected from a RAT and probably more. |
||
|
28.1.23 |
CWE |
A type confusion issue was addressed with improved state handling. |
||
|
28.1.23 |
RAT |
Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation |
||
|
28.1.23 |
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. |
|||
|
28.1.23 |
vRealize Log Insight contains a deserialization vulnerability. |
|||
|
28.1.23 |
The vRealize Log Insight contains a broken access control vulnerability. |
|||
|
28.1.23 |
The vRealize Log Insight contains a Directory Traversal Vulnerability. |
|||
|
28.1.23 |
RAT |
CageyChameleon Malware is a VBS-based backdoor which has the capability to enumerate the list of running processes and check for the presence of several antivirus products. |
||
|
27.1.23 |
CWE |
Windows CryptoAPI Spoofing Vulnerability. |
||
|
27.1.23 |
RAT |
StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations |
||
|
27.1.23 |
RAT |
According to Securonix, this malware exhibits remote access trojan (RAT) behavior, allowing for control of and persistence on the affected host. |
||
|
22.1.23 |
Android |
Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. |
||
|
20.1.23 |
Group |
Gamaredon Leverages Microsoft Office Docs to Target Ukraine Government and Military |
||
|
20.1.23 |
Linux malware |
Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government... |
||
|
20.1.23 |
CWE |
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 |
||
|
20.1.23 |
Military Malware |
The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. |
||
|
20.1.23 |
CWE |
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted |
||
|
20.1.23 |
CWE |
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. |
||
|
20.1.23 |
CWE |
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. |
||
|
20.1.23 |
CWE |
On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter |
||
|
20.1.23 |
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. |
|||
|
20.1.23 |
CLRF |
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. |
||
|
20.1.23 |
In addition to the c_rehash shell command injection identified in CVE-2022-1292, |
|||
|
20.1.23 |
ICS |
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). |
||
|
20.1.23 |
RCE Attacks |
Ermetic's research team discovered a remote code execution vulnerability affecting Azure cloud services and other cloud sovereigns including Function Apps, App Service and Logic Apps. |
||
|
20.1.23 |
Banking Malware |
On July 23 a forum post appeared regarding a new Android banking trojan. The attached screenshots show that it is named ERMAC |
||
|
20.1.23 |
Banking Malware |
Around May 2020 ThreatFabric analysts have uncovered a new strain of banking malware dubbed BlackRock that looked pretty familiar. |
||
|
20.1.23 |
Hacking |
Adversaries’ shift toward Shell Link (LNK) files, likely sparked by Microsoft’s decision to block macros, provides the opportunity to capitalize on information that can be provided by LNK metadata. |
||
|
20.1.23 |
RAT |
We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa. |
||
|
17.1.23 |
CWE |
(CVSS score: 9.8), a combination of authentication bypass and command injection that enables an unauthenticated user to execute arbitrary code on an affected version of the open-source, web-based monitoring solution. |
||
|
17.1.23 |
Stealer |
Team Cymru’s S2 Research Team has blogged previously on the initial Raccoon stealer command and control methodology (Raccoon Stealer - An Insight into Victim “Gates”) |
||
|
17.1.23 |
Military Malware |
Hive solves a critical problem for the malware operators at the CIA. |
||
|
14.1.23 |
SpyMalware |
EyeSpy - Iranian Spyware Delivered in VPN Installers |
||
|
14.1.23 |
RAT |
Let’s take a look at a recent sample of the Java-based malware known as STRRAT. |
||
|
14.1.23 |
Stealer |
information stealer dubbed StrelaStealer that's spread as a DLL/HTML polyglot. |
||
|
14.1.23 |
CWE |
The attacks entailed the exploitation of CVE-2022-42475, a heap-based buffer overflow flaw that could enable an unauthenticated remote attacker to execute arbitrary code via specifically crafted requests. |
||
|
10.1.23 |
Android Backdoor |
This StrongPity backdoor has various spying features: its 11 dynamically triggered modules are responsible for recording phone calls, collecting SMS messages, lists of call logs, contact lists, and much more. |
||
|
9.1.23 |
Crypto Malware |
Kinsing is a known malware that targets Linux environments for cryptocurrency purposes. |
||
|
9.1.23 |
PyPI malware |
In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems. |
||
|
9.1.23 |
Military Malware |
"UNC4210 re-registered at least three expired ANDROMEDA command-and-control (C2) domains and began profiling victims to selectively deploy KOPILUWAK and QUIETCANARY in September 2022 |
||
|
9.1.23 |
Rootkit |
We analyzed the infection routine used in recent Gootkit loader attacks on the Australian healthcare industry and found that Gootkit leveraged SEO poisoning for its initial access and abused legitimate tools like VLC Media Player. |
||
|
9.1.23 |
MacOS malware |
Originally, this post claimed that Dridex had returned. However, further research and analysis has led us to believe that the initial conclusion was incorrect. |
||
|
9.1.23 |
RAT |
A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. |
||
|
9.1.23 |
Malware |
Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. |
||
|
9.1.23 |
Android RAT |
Android Spyware is one of the most common kinds of malware used by attackers to gain access to personal data and carry out fraud operations. |
||
|
9.1.23 |
Stealer |
Vidar Malware is one of the activRaspberry Robine Infostealers, and its distribution has been significantly increasing. |
||
|
9.1.23 |
Malware Linux |
The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner |
||
|
9.1.23 |
Worm |
Recent attacks documented in previous months seem to be orchestrated by hacking groups using a framework called Raspberry Robin. |
||
|
9.1.23 |
Backdoor Linux |
is a trojan application for 32-bit and 64-bit Linux operating systems that targets x86-compatible devices. |
||
|
9.1.23 |
Backdoor Linux |
is a trojan application for 32-bit and 64-bit Linux operating systems that targets x86-compatible devices. |