January(56) February(146) March(137) April(491) May(161) June(162) July(242) August(171) September(238) October(161) November(135) December(70)
|
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
|
31.7.23 |
RAT |
AVrecon is a Linux-based Remote Access Trojan (RAT) targeting small-office/home-office (SOHO) routers and other ARM-embedded devices. |
||
|
31.7.23 |
Downloader |
Fruity trojan downloader performs multi-stage infection of Windows computers |
||
|
31.7.23 |
CWE |
CWE |
||
|
31.7.23 |
CWE |
CWE |
||
|
31.7.23 |
CWE |
CWE |
||
|
31.7.23 |
CWE |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions. |
||
|
30.7.23 |
Android |
Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users. |
||
|
30.7.23 |
CWE |
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. |
||
|
30.7.23 |
Backdoor |
CISA obtained 14 malware samples comprised of Barracuda exploit payloads and reverse shell backdoors. The malware was used by threat actors exploiting CVE-2023-2868... |
||
|
30.7.23 |
Backdoor |
CISA obtained two SEASPY malware samples. The malware was used by threat actors exploiting CVE-2023-2868... |
||
|
30.7.23 |
Backdoor |
CISA obtained seven malware samples related to a novel backdoor CISA has named SUBMARINE. The malware was used by threat actors exploiting CVE-2023-2868, a former zero-day vulnerability affecting certain versions 5.1.3.001 - 9.2.0.006 of Barracuda Email Security Gateway (ESG). |
||
|
30.7.23 |
CWE |
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available. |
||
|
30.7.23 |
Trojan |
A stager used by APT29 to download and run CobaltStrike. |
||
|
30.7.23 |
Trojan |
A stager used by APT29 to deploy CobaltStrike. |
||
|
30.7.23 |
Loader |
This loader abuses the benign service Notion for data exchange. |
||
|
28.7.23 |
CWE |
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. |
||
|
27.7.23 |
CWE |
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem |
||
|
27.7.23 |
CWE |
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. |
||
|
27.7.23 |
CWE |
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. |
||
|
27.7.23 |
CWE |
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem |
||
|
27.7.23 |
CWE |
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels |
||
|
27.7.23 |
CWE |
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs," an unprivileged user may set privileged extended attributes on the mounted files |
||
|
27.7.23 |
Trojan |
The element originally known as “foul air” stinks up computers as a new initial-access campaign exhibiting some uncommon techniques |
||
|
27.7.23 |
CoinMiners |
Using AhnLab Smart Defense (ASD) infrastructure, AhnLab Security Emergency response Center (ASEC) has recently discovered the PurpleFox malware being installed on poorly managed MS-SQL servers. |
||
|
26.7.23 |
Backdoor |
Decoy Dog has a full suite of powerful, previously unknown capabilities |
||
|
26.7.23 |
RAT |
Pupy is the name of an open-source Remote Administration Trojan (RAT) written in Python. |
||
|
26.7.23 |
MacOS |
In the case of macOS, the infostealer turned out to be a new malware written in Rust, dubbed “realst”. |
||
|
26.7.23 |
CWE |
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. |
||
|
25.7.23 |
Banking |
According to BitDefender, Metamorfo is a family of banker Trojans that has been active since mid-2018. |
||
|
25.7.23 |
CWE |
A flaw in the authentication algorithm allows attackers to set the Derived Cypher Key (DCK) to 0. |
||
|
25.7.23 |
CWE |
The Air Interface Encryption (AIE) keystream generator relies on the network time, which is publicly broadcast in an unauthenticated manner. |
||
|
25.7.23 |
CWE |
The TEA1 algorithm has a backdoor that reduces the original 80-bit key to a key size which is trivially brute-forceable on consumer hardware in minutes. |
||
|
25.7.23 |
CWE |
The cryptographic scheme used to obfuscate radio identities has a weak design that allows attackers to deanonymize and track users. |
||
|
25.7.23 |
CWE |
Lack of ciphertext authentication on AIE allows for malleability attacks. |
||
|
25.7.23 |
CWE |
All x86-64 CPUs have a set of 128-bit vector registers called the XMM registers. |
||
|
25.7.23 |
CWE |
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. |
||
|
25.7.23 |
CWE |
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversa.. |
||
|
25.7.23 |
CWE |
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. |
||
|
25.7.23 |
CWE |
An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user |
||
|
25.7.23 |
CWE |
(CVSS score: 7.5) - Injection, RCE (Remote Code Execution) in Bamboo (Fixed in versions 9.2.3 and 9.3.1) |
||
|
25.7.23 |
CWE |
(CVSS score: 8.5) - RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 7.19.8 and 8.2.0) |
||
|
25.7.23 |
CWE |
(CVSS score: 8.0) - RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 8.3.2 and 8.4.0) |
||
|
25.7.23 |
CWE |
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account. |
||
|
25.7.23 |
CWE |
A memory corruption issue was addressed with improved state management. |
||
|
25.7.23 |
CWE |
An integer overflow was addressed with improved input validation. |
||
|
25.7.23 |
CWE |
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server.. |
||
|
25.7.23 |
CWE |
Microsoft Outlook Elevation of Privilege Vulnerability |
||
|
25.7.23 |
CWE |
Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs. |
||
|
25.7.23 |
CWE |
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. |
||
|
24.7.23 |
CWE |
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. |
||
|
24.7.23 |
CWE |
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path |
||
|
24.7.23 |
Uncovering drIBAN fraud operations. Chapter 3: Exploring the drIBAN web inject kit |
|||
|
22.7.23 |
Loader |
This Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. |
||
|
22.7.23 |
RAT |
DarkComet is one of the most famous RATs, developed by Jean-Pierre Lesueur in 2008. |
||
|
22.7.23 |
Android |
Hunting the AndroidBianLian botnet |
||
|
22.7.23 |
Linux |
BianLian Ransomware Expanding C2 Infrastructure and Operational Tempo |
||
|
22.7.23 |
Ransom |
BianLian is a GoLang-based ransomware that continues to breach several industries and demand large ransom amounts. |
||
|
22.7.23 |
RAT |
HotRat: The Risks of Illegal Software Downloads and Hidden AutoHotkey Script Within |
||
|
22.7.23 |
A command injection vulnerability can be used in the Perimeter81 macOS application to run arbitrary commands with administrative privileges. |
|||
|
21.7.23 |
||||
|
21.7.23 |
||||
|
21.7.23 |
||||
|
21.7.23 |
||||
|
21.7.23 |
||||
|
21.7.23 |
||||
|
21.7.23 |
||||
|
21.7.23 |
Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE. |
|||
|
21.7.23 |
||||
|
21.7.23 |
Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution |
|||
|
21.7.23 |
||||
|
21.7.23 |
||||
|
21.7.23 |
||||
|
21.7.23 |
||||
|
21.7.23 |
||||
|
21.7.23 |
||||
|
21.7.23 |
||||
|
21.7.23 |
CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection (SSTI) |
|||
|
21.7.23 |
Online Piggery Management System v1.0 - unauthenticated file upload vulnerability |
|||
|
21.7.23 |
||||
|
21.7.23 |
||||
|
21.7.23 |
Joomla! com_booking component 2.4.9 - Information Leak (Account enumeration) |
|||
|
21.7.23 |
||||
|
21.7.23 |
||||
|
21.7.23 |
Bot |
Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities |
||
|
21.7.23 |
CWE |
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73 |
||
|
21.7.23 |
CWE |
Unauthenticated remote code execution |
||
|
21.7.23 |
CWE |
(CVSS score: 8.2) - Code injection via dynamic Redfish extension interface |
||
|
21.7.23 |
CWE |
(CVSS score: 9.1) - Authentication bypass via HTTP header spoofing |
||
|
21.7.23 |
CWE |
(CVSS score: 7.2) - A NULL byte (%00) injection that allows an attacker with admin privileges to gain code execution |
||
|
21.7.23 |
CWE |
(CVSS score: 8.1) - An authentication bypass that leads to unrestricted access via invitation hash |
||
|
21.7.23 |
CWE |
(CVSS score: 5.3) - Insufficient check of invitation hash |
||
|
21.7.23 |
Backdoor |
According to CERT-UA, this malware makes use of XSLT (Extensible Stylesheet Language Transformations) and COM-hijacking. |
||
|
20.7.23 |
Bot |
Aqua Nautilus researchers discovered a new elusive and severe threat that has been infiltrating and residing on servers worldwide since early September 2021 |
||
|
20.7.23 |
Backdoor |
Aqua Nautilus discovered new Go based malware that targets Redis servers. |
||
|
20.7.23 |
CWE |
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. |
||
|
20.7.23 |
P2P virus |
The P2PInfect worm infects vulnerable Redis instances by exploiting the Lua sandbox escape vulnerability, CVE-2022-0543. |
||
|
20.7.23 |
CWE |
CVSS score: 9.8 that could lead to remote code execution and a second improper access control flaw that could also pave the way for a security bypass |
||
|
20.7.23 |
CWE |
CVSS score: 7.5 has been described as an instance of improper access control that could result in a security bypass. |
||
|
20.7.23 |
CWE |
CVSS score: 9.8 that could lead to remote code execution and a second improper access control flaw that could also pave the way for a security bypass |
||
|
19.7.23 |
Android |
Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41 |
||
|
19.7.23 |
Android |
Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41 |
||
|
19.7.23 |
CWE |
(CVSS score: 8.0) - An improper privilege management vulnerability resulting in privilege escalation to the root administrator (nsroot) |
||
|
19.7.23 |
CWE |
(CVSS score: 8.3) - An improper input validation vulnerability resulting in a reflected cross-site scripting (XSS) attack |
||
|
19.7.23 |
CWE |
(CVSS score: 9.8), the issue relates to a case of code injection that could result in unauthenticated remote code execution. |
||
|
18.7.23 |
RAT |
Deed RAT, a piece of remote access trojan malware, has seen a resurgence in use over the recent weeks. |
||
|
18.7.23 |
Backdoor |
They've also switched from BadHatch to a C++-based backdoor known as Sardonic, which, according to Bitdefender security. |
||
|
18.7.23 |
CWE |
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. |
||
|
18.7.23 |
CWE |
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. |
||
|
17.7.23 |
USB |
BEYOND THE HORIZON: TRAVELING THE WORLD ON CAMARO DRAGON’S USB FLASH DRIVES |
||
|
17.7.23 |
CWE |
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. |
||
|
17.7.23 |
CWE |
Microsoft MSHTML Remote Code Execution Vulnerability |
||
|
17.7.23 |
GPT |
WormGPT – The Generative AI Tool Cybercriminals Are Using to Launch Business Email Compromise Attacks |
||
|
15.7.23 |
||||
|
15.7.23 |
AVG Anti Spyware 7.5 - Unquoted Service Path "AVG Anti-Spyware Guard" |
|||
|
15.7.23 |
||||
|
15.7.23 |
BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS) |
|||
|
15.7.23 |
Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated) |
|||
|
15.7.23 |
MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path "MTSchedulerService" |
|||
|
15.7.23 |
MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path "MTAgentService" |
|||
|
15.7.23 |
||||
|
15.7.23 |
||||
|
15.7.23 |
RAT |
Lumen Black Lotus Labs® identified another multi-year campaign involving compromised routers across the globe. |
||
|
15.7.23 |
CWE |
ROZCOM client CWE-798: Use of Hard-coded Credentials |
||
|
15.7.23 |
CWE |
ROZCOM server framework - Misconfiguration may allow information disclosure via an unspecified request. |
||
|
15.7.23 |
CWE |
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). |
||
|
15.7.23 |
CWE |
Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0. |
||
|
15.7.23 |
CWE |
EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking |
||
|
15.7.23 |
Backdoor |
Backdoor malware |
||
|
15.7.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
15.7.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
15.7.23 |
2023-07-11 - Files for an ISC diary (Loader activity for Formbook) |
The ISC diary is for Thursday 2023-06-29: Loader activity for Formbook "QM18" |
||
|
14.7.23 |
ICS |
The team identifies this malware as TRISIS because it targets Schneider Electric’s Triconex safety instrumented system (SIS)... |
||
|
14.7.23 |
CWE |
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. |
||
|
14.7.23 |
CWE |
VMware Fusion contains a local privilege escalation vulnerability. |
||
|
14.7.23 |
CWE |
(CVSS score: 7.5) - An out-of-bounds write flaw impacting 1756 EN4* products that could lead to a DoS condition through maliciously crafted CIP messages. |
||
|
14.7.23 |
CWE |
CVSS score: 9.8) - An out-of-bounds write flaw impacting 1756 EN2* and 1756 EN3* products that could result in arbitrary code execution with persistence.. |
||
|
14.7.23 |
RAT |
Kroll has identified a fully featured information stealer and remote access tool (RAT) in the Python Package Index (PyPI) that it is calling “Colour-Blind”. |
||
|
14.7.23 |
Crypto |
This trojan is designed to decrypt encrypted files and run them directly from the system's memory. |
||
|
14.7.23 |
CWE |
(CVSS score: 9.4) - Cloud App Security (CAS) Authentication Bypass |
||
|
14.7.23 |
CWE |
(CVSS score: 9.8) - Password Hash Read via Web Service |
||
|
14.7.23 |
CWE |
(CVSS score: 9.8) - Multiple Unauthenticated SQL Injection Issues and Security Filter Bypass |
||
|
14.7.23 |
CWE |
(CVSS score: 9.4) - Web Service Authentication Bypass |
||
|
14.7.23 |
Hard-coded credentials in Technicolor TG670 DSL gateway router |
The Technicolor TG670 DSL Gateway Router includes a hard-coded service account that allows for authentication over services on the WAN interface, using HTTP, SSH, or TELNET. |
||
|
13.7.23 |
Ransom |
Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes |
||
|
13.7.23 |
Rootkit |
Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions |
||
|
13.7.23 |
Python |
PyLoose is a newly discovered Python-based fileless malware targeting cloud workloads. |
||
|
13.7.23 |
CWE |
Malicious use of Microsoft-signed drivers for post-exploitation activity (no CVE assigned) |
||
|
13.7.23 |
CWE |
(CVSS score: 8.3) - Office and Windows HTML Remote Code Execution Vulnerability (Also publicly known at the time of the release) |
||
|
13.7.23 |
CWE |
(CVSS score: 7.8) - Windows Error Reporting Service Elevation of Privilege Vulnerability |
||
|
13.7.23 |
CWE |
(CVSS score: 8.8) - Microsoft Outlook Security Feature Bypass Vulnerability |
||
|
13.7.23 |
CWE |
(CVSS score: 8.8) - Windows SmartScreen Security Feature Bypass Vulnerability |
||
|
13.7.23 |
CWE |
(CVSS score: 7.8) - Windows MSHTML Platform Elevation of Privilege Vulnerability |
||
|
11.7.23 |
RAT |
Github Repository with source code for Pandora hVNC |
||
|
11.7.23 |
Ransom |
Pandora ransomware was obtained by vx-underground at 2022-03-14. |
||
|
11.7.23 |
Virus |
Neshta is a 2005 Belarusian file infector virus written in Delphi. The name of the virus comes from the Belarusian word "nesta" meaning "something." |
||
|
11.7.23 |
CWE |
[critical] ChatGPT-CVSS: 7.8 *** EXPLOITED *** WebKit.A type confusion issue was addressed with improved checks. |
||
|
11.7.23 |
CWE |
[important] ChatGPT-CVSS: 9.0 *** EXPLOITED *** Kernel.An integer overflow was addressed with improved input validation. |
||
|
11.7.23 |
CWE |
[critical] ChatGPT-CVSS: 8.0 *** EXPLOITED *** WebKit.A memory corruption issue was addressed with improved state management. |
||
|
11.7.23 |
CWE |
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
||
|
10.7.23 |
Banking |
Discover the intricate layers of a new sophisticated and persistent malware campaign targeting businesses in the LATAM region delivering the TOITOIN Trojan. |
||
|
10.7.23 |
RAT |
Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. |
||
|
9.7.23 |
MacOS RAT |
Noknok is a remote administration tool (RAT). RATs vary in severity and have a variety of functions to meet the needs of the attacker. |
||
|
9.7.23 |
MAR-10445155-1.v1 Truebot Activity Infects U.S. and Canada Based Networks |
CERT |
CISA received one Windows Portable Executable (PE) file for analysis. The file is a variant of TrueBot malware. |
|
|
8.7.23 |
Vishing toolset |
In recent years, the rise of Vishing, also known as Voice over IP Phishing, has become so popular that it has eroded trust in calls from unknown numbers. |
||
|
8.7.23 |
CWE |
In Progress MOVEit Transfer versions released before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8.. |
||
|
8.7.23 |
CWE |
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4.. |
||
|
8.7.23 |
CWE |
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1)... |
||
|
8.7.23 |
CWE |
In Progress MOVEit Transfer versions released before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8) |
||
|
8.7.23 |
CWE |
This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution. |
||
|
8.7.23 |
2023-07-04 thru 07-07 - AgentTesla to my honeypot email accounts |
- AgentTesla stopped back in 2019, and what's currently identified as AgentTelsa is likely a variant, like OriginLogger |
||
|
8.7.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
8.7.23 |
30 days of Formbook: Day 29, Mon 2023-07-03 - GuLoader Formbook "AU22" |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
||
|
8.7.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
8.7.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
8.7.23 |
Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution |
|||
|
8.7.23 |
||||
|
8.7.23 |
||||
|
7.7.23 |
CVE-2023-21250 |
CWE |
CWE |
|
|
7.7.23 |
CWE |
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process.. |
||
|
7.7.23 |
CWE |
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions |
||
|
7.7.23 |
RAT |
According to ProofPoint, FlawedGrace is written in C++ and can be categorized as a Remote Access Trojan (RAT) |
||
|
7.7.23 |
CWE |
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server |
||
|
7.7.23 |
MacOS |
TA453 continues to adapt its malware arsenal, deploying novel file types and targeting new operating systems, specifically sending Mac malware.. |
||
|
7.7.23 |
Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated) |
|||
|
7.7.23 |
||||
|
7.7.23 |
Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated) |
|||
|
7.7.23 |
||||
|
7.7.23 |
||||
|
7.7.23 |
||||
|
7.7.23 |
||||
|
7.7.23 |
||||
|
7.7.23 |
||||
|
7.7.23 |
||||
|
7.7.23 |
||||
|
7.7.23 |
||||
|
7.7.23 |
||||
|
7.7.23 |
Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS) |
|||
|
7.7.23 |
||||
|
7.7.23 |
||||
|
7.7.23 |
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE) |
|||
|
7.7.23 |
||||
|
7.7.23 |
||||
|
7.7.23 |
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE) |
|||
|
7.7.23 |
POS Codekop v2.0 - Authenticated Remote Code Execution (RCE) |
|||
|
7.7.23 |
||||
|
7.7.23 |
||||
|
7.7.23 |
||||
|
7.7.23 |
CWE |
CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date. |
||
|
7.7.23 |
LINUX |
8220 Gang Deploys a New Campaign with Upgraded Techniques |
||
|
7.7.23 |
RAT |
Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. |
||
|
7.7.23 |
RAT |
VenomRAT - new, hackforums grade, reincarnation of QuassarRAT |
||
|
4.7.23 |
DDoSia is a Distributed Denial of Service (DDoS) attack toolkit, developed and used by the pro Russia hacktivist nationalist group NoName057(16).. |
|||
|
4.7.23 |
Android |
Neo_Net has been conducting an eCrime campaign targeting clients of prominent banks globally, with a focus on Spanish and Chilean banks.. |
||
|
4.7.23 |
CWE |
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below... |
||
|
4.7.23 |
HTML Smuggling: The Hidden Threat in Your Inbox |
|||
|
3.7.23 |
CWE |
(CVSS score: 6.4) - Samsung mobile devices race condition vulnerability |
||
|
3.7.23 |
CWE |
(CVSS score: 6.4) - Samsung mobile devices race condition vulnerability |
||
|
3.7.23 |
CWE |
(CVSS score: 6.7) - An unspecified vulnerability in the DSP driver used in Samsung mobile devices that allows loading of arbitrary ELF libraries |
||
|
3.7.23 |
CWE |
(CVSS score: 6.7) - Samsung mobile devices improper boundary check within the DSP driver in Samsung mobile devices |
||
|
3.7.23 |
CWE |
(CVSS score: 7.8) - Samsung mobile devices out-of-bounds read vulnerability leading to arbitrary code execution |
||
|
3.7.23 |
CWE |
(CVSS score: 5.5) - Samsung Mobile devices improper input validation vulnerability resulting in kernel panic |
||
|
3.7.23 |
CWE |
(CVSS score: 9.8) - An unauthenticated remote code execution vulnerability in D-Link DIR-859 Router |
||
|
3.7.23 |
CWE |
(CVSS score: 7.8) - An authenticated OS command injection vulnerability in D-Link DWL-2600AP |
||
|
3.7.23 |
Stealer |
The Meduza Stealer has a singular objective: comprehensive data theft. |
||
|
3.7.23 |
Malware |
According to PCrisk, SVCReady collects information about the infected system such as username, computer name, time zone, computer manufacturer.. |
||
|
3.7.23 |
Downloader |
Introducing Pikabot, an emerging malware family that comprises a downloader/installer, a loader, and a core backdoor component. |
||
|
3.7.23 |
Backdoor |
Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor |
||
|
3.7.23 |
Malware |
According to PCrisk, Matanbuchus is a loader-type malicious program offered by its developers as Malware-as-a-Service (MaaS). |
||
|
3.7.23 |
Stealer |
Lumma is an information stealer written in C, sold as a Malware-as-a-Service by LummaC on Russian-speaking underground forums and Telegram since at least August 2022. |
||
|
3.7.23 |
Malware |
CargoBay is a newer malware family which was first observed in 2022 and is notable for being written in the Rust language. |
||
|
3.7.23 |
Downloader |
AresLoader is a new malware "downloader" that has been advertised on some Russian language Dark Web forums “RAMP and "XSS" by a threat actor called "DarkBLUP" |
||
|
2.7.23 |
Researchers for Avast have developed a decryptor for the Akira ransomware and released it for public download. |
|||
|
1.7.23 |
Ransom |
A case of mistaken identity and further MOVEit Transfer data breaches continue dominated the ransomware news cycle this week. |
||
|
1.7.23 |
CWE |
A vulnerability was found in Ultimate Member Plugin up to 2.6.6 on WordPress (WordPress Plugin) and classified as problematic. |
||
|
1.7.23 |
Malware |
Bluenoroff’s RustBucket campaign |
||
|
1.7.23 |
OSX |
Attack trends related to the attack campaign DangerousPassword |
||
|
1.7.23 |
Backdoor |
CharmPower is a PowerShell-based, modular backdoor that has been used by Magic Hound since at least 2022. |
||
|
1.7.23 |
Backdoor |
Charming Kitten Updates POWERSTAR with an InterPlanetary Twist |
||
|
1.7.23 |
Framework |
The Iranian state-sponsored group dubbed MuddyWater has been attributed to a previously unseen command-and-control (C2) framework called PhonyC2 |
||
|
1.7.23 |
Proxyjacking: The Latest Cybercriminal Side Hustle |