January(56) February(146) March(137) April(491) May(161) June(162) July(242) August(171) September(238) October(161) November(135) December(70)
|
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
|
30.6.23 |
Android |
According to Check Point, this malware features several malicious Android applications that mimic legitimate applications... |
||
|
30.6.23 |
RAT |
Lazarus and the tale of three RATs |
||
|
30.6.23 |
RAT |
Emulating the Highly Sophisticated North Korean Adversary Lazarus Group |
||
|
30.6.23 |
RAT |
Dtrack is a Remote Administration Tool (RAT) developed by the Lazarus group. |
||
|
30.6.23 |
RAT |
Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022 |
||
|
30.6.23 |
Android |
Polish security research blog Niebezpiecznik, which first reported the breach and analyzed a dump of the stolen data.. |
||
|
30.6.23 |
RAT |
This is the third installment of a three-part technical analysis of the fully undetectable (FUD) obfuscation engine BatCloak and SeroXen malware. |
||
|
30.6.23 |
Infostealer |
New Fast-Developing ThirdEye Infostealer Pries Open System Information |
||
|
30.6.23 |
CWE |
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions... |
||
|
28.6.23 |
CWE |
Soko if the code that powers packages.gentoo.org. |
||
|
28.6.23 |
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution |
|||
|
27.6.23 |
Banking |
Anatsa banking Trojan hits UK, US and DACH with new campaign |
||
|
27.6.23 |
CWE |
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, |
||
|
27.6.23 |
CWE |
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows |
||
|
27.6.23 |
"The Great Seal Bug" "the Thing," was the first covert listening device that utilized passive techniques to transmit an audio signal for the purpose of speech eavesdropping. |
|||
|
26.6.23 |
MacOS |
An overview of JOKERSPY, discovered in June 2023, which deployed custom and open source macOS tools to exploit a cryptocurrency exchange located in Japan. |
||
|
26.6.23 |
CWE |
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. |
||
|
26.6.23 |
CWE |
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. |
||
|
26.6.23 |
CWE |
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting |
||
|
26.6.23 |
CWE |
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability |
||
|
24.6.23 |
Dropper |
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID |
||
|
24.6.23 |
CWE |
Secure Boot Security Feature Bypass Vulnerability |
||
|
24.6.23 |
CWE |
Secure Boot Security Feature Bypass Vulnerability |
||
|
24.6.23 |
Rootkit |
BlackLotus stage 2 bootkit-rootkit analysis |
||
|
24.6.23 |
Linux |
Operation Earth Berberoka |
||
|
24.6.23 |
Linux |
According to netenrich, Kaiten is a Trojan horse that opens a back door on the compromised computer that allows it to perform other malicious activities. |
||
|
24.6.23 |
Repo Jacking: Exploiting the Dependency Supply Chain |
|||
|
24.6.23 |
Malware |
Mandiant associates this with UNC4191, this malware spreads to removable drives. |
||
|
24.6.23 |
Malware |
Mandiant associates this with UNC4191, this malware is a launcher for NCAT to establish a reverse tunnel. |
||
|
24.6.23 |
Malware |
Mandiant associates this with UNC4191, this malware decrypts and runs DARKDEW. |
||
|
24.6.23 |
Malware |
Camaro Dragon is a Chinese-based espionage threat actor whose operations are actively focused on Southeast Asian |
||
|
23.6.23 |
||||
|
23.6.23 |
Bludit < 3.13.1 Backup Plugin - Arbitrary File Download (Authenticated) |
|||
|
23.6.23 |
NCH Express Invoice - Clear Text Password Storage and Account Takeover |
|||
|
22.6.23 |
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated) |
|||
|
22.6.23 |
Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing |
|||
|
22.6.23 |
CWE |
|||
|
22.6.23 |
CWE |
A memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content |
||
|
22.6.23 |
CWE |
An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges. |
||
|
22.6.23 |
Backdoor |
A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers.. |
||
|
22.6.23 |
CWE |
Aria Operations for Networks contains a command injection vulnerability. |
||
|
22.6.23 |
CWE |
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, |
||
|
22.6.23 |
CWE |
|||
|
22.6.23 |
CWE |
|||
|
22.6.23 |
CWE |
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service.. |
||
|
22.6.23 |
Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus. |
|||
|
22.6.23 |
nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover |
|||
|
22.6.23 |
Backdoor |
Graphican is an evolution of the known Flea backdoor Ketrican, which itself was based on a previous malware — BS2005 — also used by Flea. |
||
|
22.6.23 |
CWE |
An adversary-in-the-middle (AitM) flaw that could lead to a hijack of a user's session. |
||
|
22.6.23 |
CWE |
A stack-based buffer overflow vulnerability that could be exploited by an attacker with admin privileges to execute arbitrary system commands |
||
|
22.6.23 |
CWE |
A command injection flaw that could be exploited by a local attacker to execute arbitrary system commands, disrupt system, or terminate service. |
||
|
22.6.23 |
CWE |
The use of an out-of-date libusrsctp library that could open targeted devices to other attacks. |
||
|
22.6.23 |
CWE |
A denial-of-service (DoS) vulnerability that could be triggered by sending a specially-crafted network packet. |
||
|
22.6.23 |
CWE |
An information disclosure vulnerability that could be exploited to access sensitive information by sending specially-crafted network packets. |
||
|
22.6.23 |
CWE |
An authentication bypass vulnerability that could permit an attacker to send malicious HTTP requests to gain full administrative access to the device. |
||
|
22.6.23 |
CWE |
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin. |
||
|
22.6.23 |
CWE |
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. |
||
|
22.6.23 |
RAT |
Zscaler ThreatLabz researchers observed multiple threat campaigns utilizing the Snip3 crypter, a multi-stage remote access trojan (RAT). |
||
|
22.6.23 |
Crpyto |
Rhadamanthys is an information stealer that consists of two components, the loader and the main module (responsible for exfiltrating collected credentials). |
||
|
22.6.23 |
InfoStealer |
The oldest sample we were able to track until now (e69b50d1d58056fc770c88c514af9a82) shows the malware during its early development stage. |
||
|
22.6.23 |
Backdoor |
Zscaler ThreatLabz has recently unearthed a new backdoor called 'Devopt'. |
||
|
22.6.23 |
Stealer |
Bandit is a new information stealer that harvests stored credentials from web browsers, FTP clients, email clients, and targets cryptocurrency wallet applications. |
||
|
22.6.23 |
Stealer |
Drive-by downloads are becoming increasingly common as attackers find new ways to access and exfiltrate sensitive data. |
||
|
22.6.23 |
Stealer |
Album Stealer is disguised as a photo album that drops decoy adult images while performing malicious activity in the background. |
||
|
22.6.23 |
Stealer |
Mystic Stealer is a new information stealer that was first advertised in April 2023 |
||
|
21.6.23 |
||||
|
20.6.23 |
||||
|
20.6.23 |
||||
|
20.6.23 |
||||
|
20.6.23 |
WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS) |
|||
|
19.6.23 |
||||
|
19.6.23 |
WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password |
|||
|
19.6.23 |
Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS) |
|||
|
19.6.23 |
||||
|
19.6.23 |
Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS) |
|||
|
19.6.23 |
||||
|
19.6.23 |
||||
|
19.6.23 |
||||
|
17.6.23 |
Malware |
The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling. |
||
|
17.6.23 |
2023-06-16 -- 30 days of Formbook: Day 12, Fri 2023-06-16 - "TFGP" |
This the is 12th of 30 infection runs on recent Formbook samples. |
||
|
17.6.23 |
2023-06-15 -- 30 days of Formbook: Day 11, Thu 2023-06-15 - "GA94" |
This the is 11th of 30 infection runs on recent Formbook samples. |
||
|
17.6.23 |
2023-06-14 -- 30 days of Formbook: Day 10, Wed 2023-06-14 - "J0C7" |
This the is 10th of 30 infection runs on recent Formbook samples. |
||
|
17.6.23 |
2023-06-13 -- 30 days of Formbook: Day 9, Tue 2023-06-13 - XLoader "MD8S" |
This the is 9th of 30 infection runs on recent Formbook samples. |
||
|
17.6.23 |
2023-06-12 -- 30 days of Formbook: Day 8, Mon 2023-06-12 - "EE2Q" |
This the is 8th of 30 infection runs on recent Formbook samples. |
||
|
17.6.23 |
2023-06-11 -- 30 days of Formbook: Day 7, Sun 2023-06-11 - "XCHU" |
This the is 7th of 30 infection runs on recent Formbook samples. |
||
|
17.6.23 |
2023-06-10 -- 30 days of Formbook: Day 6, Sat 2023-06-10 - "SN84" |
This the is 6th of 30 infection runs on recent Formbook samples. |
||
|
17.6.23 |
MAR-10443863-1.v1 CVE-2017-9248 Exploitation in U.S. Government IIS Server |
CISA received three files for analysis. The files included three webshells written in PHP: Hypertext Preprocessor (PHP), Active Server Pages Extended (ASPX), and .NET Dynamic-Link Library (DLL). |
||
|
17.6.23 |
This report is provided "as is" for informational purposes only. |
|||
|
17.6.23 |
MAR-10413062-1.v1 Telerik Vulnerability in U.S. Government IIS Server |
This report is provided "as is" for informational purposes only. |
||
|
17.6.23 |
The MOVEit Transfer extortion attacks continue to dominate the news cycle, with the Clop ransomware operation now extorting organizations breached in the attacks. |
|||
|
16.6.23 |
CWE |
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1) |
||
|
16.6.23 |
CWE |
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2). |
||
|
16.6.23 |
CWE |
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. |
||
|
16.6.23 |
Stealer |
Arkei is a stealer that appeared around May 2018. |
||
|
16.6.23 |
InfoStealer |
Cybergun: Technical Analysis of the Armageddon's Infostealer |
||
|
16.6.23 |
Stealer |
Downloader / information stealer used by UAC-0056, observed since at least October 2022. |
||
|
16.6.23 |
Backdoor |
This malware was seen during the cyberattacks on Ukrainian state organizations. It is one of two used backdoors written in Go and attributed to UAC-0056 |
||
|
16.6.23 |
Backdoor |
This malware was seen during the cyberattacks on Ukrainian state organizations. It is one of two used backdoors written in Go and attributed to UAC-0056 |
||
|
16.6.23 |
Stealer |
According to MITRE, OutSteel is a file uploader and document stealer developed with the scripting language AutoIT that has been used by Ember Bear since at least March 2021. |
||
|
16.6.23 |
Destructive |
Destructive malware deployed against targets in Ukraine in January 2022. |
||
|
16.6.23 |
CWE |
VMware Tools contains an Authentication Bypass vulnerability in the vgauth module. |
||
|
14.6.23 |
InfoStealer |
Skuld: The Infostealer that Speaks Golang |
||
|
14.6.23 |
CWE |
Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions. |
||
|
14.6.23 |
CWE |
Microsoft Exchange Server Remote Code Execution Vulnerability |
||
|
14.6.23 |
CWE |
Microsoft Exchange Server Remote Code Execution Vulnerability |
||
|
14.6.23 |
CWE |
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
||
|
14.6.23 |
CWE |
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
||
|
14.6.23 |
CWE |
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
||
|
14.6.23 |
CWE |
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
||
|
14.6.23 |
CWE |
Microsoft SharePoint Server Elevation of Privilege Vulnerability |
||
|
14.6.23 |
CWE |
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
||
|
14.6.23 |
Malware |
Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency |
||
|
14.6.23 |
Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated) |
|||
|
14.6.23 |
Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (XSS) (Authenticated) |
|||
|
14.6.23 |
||||
|
14.6.23 |
||||
|
14.6.23 |
Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated) |
|||
|
14.6.23 |
||||
|
14.6.23 |
||||
|
14.6.23 |
||||
|
14.6.23 |
||||
|
14.6.23 |
Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution |
|||
|
14.6.23 |
Anevia Flamingo XS 3.6.5 - Authenticated Root Remote Code Execution |
|||
|
13.6.23 |
Sales Tracker Management System v1.0 - Multiple Vulnerabilities |
|||
|
13.6.23 |
Teachers Record Management System 1.0 - File Upload Type Validation |
|||
|
13.6.23 |
Online Examination System Project 1.0 - Cross-site request forgery (CSRF) |
|||
|
13.6.23 |
CWE |
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below. |
||
|
13.6.23 |
CWE |
Visual Studio Spoofing Vulnerability |
||
|
13.6.23 |
RAT |
The first messages about VenomRAT started to appear in June 2020. |
||
|
13.6.23 |
RAT |
DCRat is a typical RAT that has been around since at least June 2019. |
||
|
13.6.23 |
Malware |
Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. |
||
|
13.6.23 |
Crypter |
ScrubCrypt is the rebranded "Jlaive" crypter, with a unique capability of .BAT packing |
||
|
12.6.23 |
One of the changes between the two campaigns is their name: The group previously known as Mexals (see their web page in Figure 1) |
|||
|
12.6.23 |
CWE |
|||
|
11.6.23 |
Backdoor |
Elastic Security Labs has been tracking an intrusion set targeting large Vietnamese public companies for several months, REF2754. |
||
|
10.6.23 |
Backdoor |
Check Point Research observed a wave of highly-targeted espionage attacks in Libya that utilize a new custom modular backdoor. |
||
|
10.6.23 |
CWE |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
||
|
10.6.23 |
CWE |
Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. |
||
|
10.6.23 |
CWE |
P |
||
|
10.6.23 |
CWE |
P |
||
|
10.6.23 |
CWE |
Aria Operations for Networks contains an information disclosure vulnerability. |
||
|
10.6.23 |
CWE |
RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2). |
||
|
10.6.23 |
CWE |
RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 2 of 2). |
||
|
10.6.23 |
CWE |
RenderDoc through 1.26 allows local privilege escalation via a symlink attack. |
||
|
10.6.23 |
CWE |
Aria Operations for Networks contains an authenticated deserialization vulnerability. |
||
|
10.6.23 |
CWE |
Aria Operations for Networks contains a command injection vulnerability. |
||
|
10.6.23 |
CWE |
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) |
||
|
8.6.23 |
CWE |
The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) |
||
|
8.6.23 |
CWE |
A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8) |
||
|
8.6.23 |
Malware |
PowerDrop: A New Insidious PowerShell Script for Command and Control Attacks Targets U.S. Aerospace Defense Industry |
||
|
8.6.23 |
CWE |
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, |
||
|
8.6.23 |
CWE |
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, |
||
|
8.6.23 |
CWE |
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, |
||
|
8.6.23 |
Loader |
Malware often arrives hand in hand with other malware. |
||
|
8.6.23 |
Outing Aggah’s Sophisticated Tactics, Techniques and Procedures (TTPs) Targeting Israel |
|||
|
8.6.23 |
CWE |
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
||
|
8.6.23 |
CWE |
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially |
||
|
8.6.23 |
CWE |
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
||
|
7.6.23 |
CWE |
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server |
||
|
7.6.23 |
Financially Motivated Campaign Leverages CMD-Based Scripts and LOLBaS for Online Banking Theft in Portugal, Peru, and Mexico |
|||
|
7.6.23 |
CWE |
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1). |
||
|
3.6.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
3.6.23 |
Bye Bye Pikabot... We're back to Qak! (obama264 Qakbot infection) |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
||
|
3.6.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
3.6.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
3.6.23 |
Malware |
Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,”. |
||
|
3.6.23 |
Malware |
MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT |
||
|
3.6.23 |
Malware |
According to SentinelLabs, this is a VisualBasic-based malware that gathers system and file information and exfiltrates the data |
||
|
3.6.23 |
Malware |
BabyShark is Microsoft Visual Basic (VB) script-based malware family first seen in November 2018. |
||
|
3.6.23 |
CWE |
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5) |
||
|
3.6.23 |
While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA). |
|||
|
3.6.23 |
CWE |
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35. |