January(56) February(146) March(137) April(491) May(161) June(162) July(242) August(171) September(238) October(161) November(135) December(70)
|
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
|
31.8.23 |
MMRat | Malware | Android RAT | The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023. |
|
31.8.23 |
BadBazaar | Malware | Android | ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs |
|
31.8.23 |
CVE |
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. |
||
|
31.8.23 |
CVE |
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. |
||
|
31.8.23 |
CVE |
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. |
||
|
31.8.23 |
CVE |
Apache RocketMQ Remote Code Execution Vulnerability |
||
|
31.8.23 |
CVE |
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. |
||
|
31.8.23 |
CVE |
Aria Operations for Networks contains a command injection vulnerability. |
||
|
31.8.23 |
Operation |
The FBI has led a multinational law enforcement operation that has successfully dismantled QakBot, a leading malware loader used by cybercriminals to deploy ransomware. |
||
|
31.8.23 |
CVE |
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006 |
||
|
31.8.23 |
Loader |
First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. |
||
|
29.8.23 |
CVE |
Unauthenticated remote code execution |
||
|
29.8.23 |
Phishing |
adversary-in-the-middle attack to steal session cookies and gain access to victims' email accounts. |
||
|
29.8.23 |
Exploit |
An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens. |
||
|
29.8.23 |
Python |
Phylum routinely identifies malware and other software supply chain attacks targeting high-value, critical assets: an organization’s software developers. |
||
|
29.8.23 |
The Akamai SIRT has been tracking the Kmsdx botnet campaign since November 2022, and now we have another new evolution |
|||
|
25.8.23 |
CVE |
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. |
||
|
25.8.23 |
RAT |
Lazarus Group's infrastructure reuse leads to discovery of new malware |
||
|
25.8.23 |
RAT |
QuiteRAT is a simple remote access trojan written with the help of Qt libraries. |
||
|
24.8.23 |
Malware |
Analysis of Telegram bot that helps cybercriminals scam people on online marketplaces |
||
|
24.8.23 |
Loader |
SMOKE LOADER DROPS WHIFFY RECON WI-FI SCANNING AND GEOLOCATION MALWARE |
||
|
24.8.23 |
CVE |
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. |
||
|
24.8.23 |
CVE |
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. |
||
|
23.8.23 |
Stealer |
ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack. |
||
|
23.8.23 |
Tool |
Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle |
||
|
23.8.23 |
RAT |
‘Malware-as-a-service’ has been around for some time, however of late, it has become increasingly convenient for cybercriminals to kickstart their activities without having to learn malware development itself. |
||
|
23.8.23 |
RAT |
The malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code |
||
|
23.8.23 |
||||
|
23.8.23 |
||||
|
23.8.23 |
Global - Multi School Management System Express v1.0- SQL Injection |
|||
|
23.8.23 |
||||
|
23.8.23 |
Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated) |
|||
|
23.8.23 |
PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities |
|||
|
23.8.23 |
EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download |
|||
|
23.8.23 |
||||
|
23.8.23 |
||||
|
23.8.23 |
||||
|
23.8.23 |
||||
|
23.8.23 |
||||
|
23.8.23 |
||||
|
23.8.23 |
TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions |
|||
|
23.8.23 |
||||
|
23.8.23 |
||||
|
23.8.23 |
Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE) |
|||
|
23.8.23 |
||||
|
23.8.23 |
||||
|
23.8.23 |
Emagic Data Center Management Suite v6.0 - OS Command Injection |
|||
|
23.8.23 |
||||
|
23.8.23 |
||||
|
23.8.23 |
||||
|
23.8.23 |
Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated) |
|||
|
23.8.23 |
||||
|
23.8.23 |
Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure |
|||
|
22.8.23 |
RAT |
RSA describes PlugX as a RAT (Remote Access Trojan) malware family that is around since 2008 and is used as a backdoor to control the victim's machine fully. |
||
|
22.8.23 |
MacOS |
Xloader is a Rebranding of Formbook malware (mainly a stealer), available for macOS as well. |
||
|
22.8.23 |
CVE |
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. |
||
|
22.8.23 |
CVE |
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. |
||
|
21.8.23 |
CVE |
(CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes. |
||
|
21.8.23 |
MacOS |
AT&T Alien Labs researchers recently discovered a massive campaign of threats delivering a proxy server application to Windows machines. |
||
|
21.8.23 |
RAT |
In March 2023, Lumen Black Lotus Labs reported on a complex campaign called “HiatusRAT” that infected over 100 edge networking devices globally. |
||
|
19.8.23 |
CISA obtained a variant of the WHIRLPOOL backdoor. The malware was used by threat actors exploiting CVE-2023-2868, a former zero-day vulnerability affecting versions 5.1.3.001-9.2.0.006 of Barracuda Email Security Gateway (ESG). |
|||
|
19.8.23 |
Parsec updater for Windows was prone to a local privilege escalation vulnerability, this vulnerability allowed a local user with Parsec access to gain NT_AUTHORITY/SYSTEM privileges. |
|||
|
19.8.23 |
CVE |
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. |
||
|
19.8.23 |
CVE |
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. |
||
|
19.8.23 |
CVE |
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. |
||
|
19.8.23 |
CVE |
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. |
||
|
19.8.23 |
Operation |
LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab |
||
|
19.8.23 |
CVE |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. |
||
|
19.8.23 |
CVE |
(CVSS score: 9.8), are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0. |
||
|
19.8.23 |
CVE |
Unauthenticated remote code execution |
||
|
19.8.23 |
CVE |
(CVSS score: 7.5) - An insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords. |
||
|
19.8.23 |
CVE |
(CVSS score: 5.5) - A cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext. |
||
|
19.8.23 |
CVE |
(CVSS score: 10.0) - A remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it. |
||
|
19.8.23 |
CVE |
(CVSS score: 7.5) - A directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the server's webroot. |
||
|
19.8.23 |
RAT |
Gigabud is the name of an Android Remote Access Trojan (RAT) Android that can record the victim's screen and steal banking credentials by abusing the Accessibility Service. |
||
|
19.8.23 |
The Week in Ransomware - August 18th 2023 - LockBit on Thin Ice |
Ransom |
While there was quite a bit of ransomware news this week, the highlighted story was the release of Jon DiMaggio's third article in the Ransomware Diaries series, with the focus of this article on the LockBit ransomware operation. |
|
|
14.8.23 |
RAT |
A new threat has emerged in the realm of cybersecurity, referred to as QwixxRAT. Both businesses and individual users are at risk, as this Trojan silently infiltrates devices, casting a wide net of data extraction. |
||
|
14.8.23 |
CVE |
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. |
||
|
14.8.23 |
Stealer |
New Iranian APT data extraction tool |
||
|
14.8.23 |
RAT |
According to Zscaler, JanelaRAT is a heavily modified variant of BX RAT. |
||
|
13.8.23 |
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. |
|||
|
13.8.23 |
CISA obtained four malware samples - including SEASPY and WHIRLPOOL backdoors. The device was compromised by threat actors exploiting CVE-2023-2868, a former zero-day vulnerability affecting versions 5.1.3.001-9.2.0.006 of Barracuda Email Security Gateway (ESG). |
|||
|
13.8.23 |
CVE |
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. |
||
|
13.8.23 |
Backdoor |
MoustachedBouncer: Espionage against foreign diplomats in Belarus |
||
|
12.8.23 |
RAT |
Malware with wide range of capabilities ranging from RAT to ransomware. |
||
|
12.8.23 |
The Week in Ransomware - August 11th 2023 - Targeting Healthcare |
Ransom |
While some ransomware operations claim not to target hospitals, one relatively new ransomware gang named Rhysida doesn't seem to care. |
|
|
12.8.23 |
CVE |
Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS |
||
|
12.8.23 |
CVE |
(CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting .NET and Visual Studio. |
||
|
12.8.23 |
Stealer |
Statc Stealer. Statc Stealer is a sophisticated malware that infects devices powered by Windows, gains access to computer systems, and steals sensitive information. |
||
|
11.8.23 |
CVE |
Windows Print Spooler Elevation of Privilege Vulnerability |
||
|
11.8.23 |
CVE |
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. |
||
|
11.8.23 |
CVE |
Windows Print Spooler Elevation of Privilege Vulnerability |
||
|
11.8.23 |
CVE |
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. |
||
|
11.8.23 |
CVE |
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
||
|
11.8.23 |
CVE |
A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information. |
||
|
11.8.23 |
Malware |
Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors |
||
|
11.8.23 |
Malware |
Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors |
||
|
11.8.23 |
Malware |
RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale |
||
|
11.8.23 |
Malware |
Brute Ratel is a a Customized Command and Control Center for Red Team and Adversary Simulation |
||
|
11.8.23 |
CVE |
Windows Kernel Elevation of Privilege Vulnerability |
||
|
11.8.23 |
CVE |
Windows Kernel Elevation of Privilege Vulnerability |
||
|
11.8.23 |
CVE |
Windows Kernel Elevation of Privilege Vulnerability |
||
|
11.8.23 |
CVE |
Windows Kernel Elevation of Privilege Vulnerability |
||
|
11.8.23 |
CVE |
Windows Kernel Elevation of Privilege Vulnerability |
||
|
11.8.23 |
CVE |
.NET and Visual Studio Denial of Service Vulnerability |
||
|
11.8.23 |
CVE |
Microsoft Exchange Server Remote Code Execution Vulnerability |
||
|
11.8.23 |
CVE |
Microsoft Exchange Server Remote Code Execution Vulnerability |
||
|
11.8.23 |
CVE |
Microsoft Exchange Server Remote Code Execution Vulnerability |
||
|
11.8.23 |
CVE |
In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted file that is designed to exploit the remote code execution vulnerability. |
||
|
8.8.23 |
||||
|
8.8.23 |
WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution |
|||
|
8.8.23 |
||||
|
8.8.23 |
||||
|
8.8.23 |
||||
|
8.8.23 |
||||
|
8.8.23 |
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR |
|||
|
8.8.23 |
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access |
|||
|
8.8.23 |
||||
|
8.8.23 |
Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload |
|||
|
8.8.23 |
||||
|
8.8.23 |
||||
|
8.8.23 |
||||
|
8.8.23 |
||||
|
8.8.23 |
||||
|
8.8.23 |
||||
|
8.8.23 |
||||
|
8.8.23 |
||||
|
8.8.23 |
||||
|
8.8.23 |
Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated) |
|||
|
8.8.23 |
||||
|
8.8.23 |
||||
|
8.8.23 |
||||
|
8.8.23 |
||||
|
8.8.23 |
Downloader |
To that end, the Israeli cybersecurity company said it uncovered nine LOLBAS downloaders and three executors that could enable adversaries to download and execute "more robust malware" on infected hosts. |
||
|
8.8.23 |
RAT |
Multiple malicious OpenBullet configuration files are being shared within these communities, resulting in the installation of a Remote Access Trojan (RAT) on the user’s machine. |
||
|
8.8.23 |
Backdoor |
North Korea Compromises Sanctioned Russian Missile Engineering Company |
||
|
7.8.23 |
Linux |
While analyzing the latest logs of our honeypot located in central Europe, we found a rather interesting entry that repeated again less than two weeks later. |
||
|
5.8.23 |
CVE |
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). |
||
|
5.8.23 |
CVE |
PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files. |
||
|
3.8.23 |
Android |
SharkBot is a piece of malicious software targeting Android Operating Systems (OSes). |
||
|
3.8.23 |
RAT |
Proofpoint describes Phorpiex/Trik as a SDBot fork (thus IRC-based) that has been used to distribute GandCrab, Pushdo, Pony, and coinminers. The name Trik is derived from PDB strings. |
||
|
3.8.23 |
RAT |
Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT |
||
|
3.8.23 |
CVE |
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. |
||
|
3.8.23 |
CVE |
Unauthenticated remote code execution |
||
|
3.8.23 |
Backdoor |
PANW Unit 42 describes this malware as capable of up and downloading files as well as loading additional shellcode payloads into selected target processes. |
||
|
3.8.23 |
CVE |
(CVSS score: 7.2) - A path traversal vulnerability is discovered in Ivanti EPMM that allows an attacker to write arbitrary files onto the appliance. |
||
|
3.8.23 |
CVE |
(CVSS score: 10.0) - An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. |
||
|
3.8.23 |
CVE |
CVE |
||
|
2.8.23 |
CVE |
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available. |
||
|
2.8.23 |
Stealer |
About eight months later, in March 2023, FakeGPT, a new variant of a fake ChatGPT Chrome extension that steals Facebook Ad accounts, was reported. Unit 42 also reported on ChatGPT-themed scam attacks in April 2023 |
||
|
2.8.23 |
||||
|
2.8.23 |
||||
|
2.8.23 |
Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated) |
|||
|
2.8.23 |
||||
|
2.8.23 |
mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory |
|||
|
2.8.23 |
||||
|
2.8.23 |
||||
|
2.8.23 |
GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution |
|||
|
2.8.23 |
||||
|
2.8.23 |
||||
|
2.8.23 |
October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated) |
|||
|
2.8.23 |
||||
|
2.8.23 |
||||
|
2.8.23 |
||||
|
2.8.23 |
Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS) |
|||
|
2.8.23 |
||||
|
2.8.23 |
||||
|
2.8.23 |
Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping |
|||
|
2.8.23 |
||||
|
2.8.23 |
||||
|
2.8.23 |
||||
|
2.8.23 |
CISA obtained seven malware samples related to a novel backdoor CISA has named SUBMARINE. |
|||
|
2.8.23 |
CISA obtained 14 malware samples comprised of Barracuda exploit payloads and reverse shell backdoors. |
|||
|
2.8.23 |
CISA obtained two SEASPY malware samples. The malware was used by threat actors exploiting CVE-2023-2868, a former zero-day vulnerability affecting versions 5.1.3.001-9.2.0.006 of Barracuda Email Security Gateway (ESG). |
|||
|
2.8.23 |
Linux |
A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities |
||
|
2.8.23 |
Malware |
Known as HeadCrab, this advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions |
||
|
2.8.23 |
Backdoor |
is a a .NET-based modular backdoor that comes with capabilities to establish contact with a remote command-and-control (C2) server and execute commands to enumerate files. |
||
|
2.8.23 |
Backdoor |
Bitter, also known as Cranberry, is an advanced threat group with suspected roots in South Asia. |
||
|
2.8.23 |
Trojan |
A Trojan for Winows with the same code structure and functionalities of elf.rekoobe, for Linux environment instead. |
||
|
2.8.23 |
Linux |
A Trojan for Linux intended to infect machines with the SPARC architecture and Intel x86, x86-64 computers. |
||
|
1.8.23 |
Banking |
Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer. |
||
|
|
|
|
|
|