January(56) February(146) March(137) April(491) May(161) June(162) July(242) August(171) September(238) October(161) November(135) December(70)
|
DATE |
NAME |
CATEGORY |
SUBCATEGORIES |
INFO |
|
28.3.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
25.3.23 |
PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS |
WebApps |
PHP |
|
|
25.3.23 |
Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution |
WebApps |
PHP |
|
|
25.3.23 |
MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution |
WebApps |
PHP |
|
|
25.3.23 |
WebApps |
PHP |
||
|
25.3.23 |
SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution |
WebApps |
PHP |
|
|
25.3.23 |
WebApps |
PHP |
||
|
25.3.23 |
WebApps |
ASP |
||
|
25.3.23 |
WebApps |
PHP |
||
|
25.3.23 |
DoS |
Hardware |
||
|
25.3.23 |
WebApps |
PHP |
||
|
25.3.23 |
Remote |
Python |
||
|
25.3.23 |
WebApps |
PHP |
||
|
25.3.23 |
Employee Performance Evaluation System v1.0 - File Inclusion and RCE |
WebApps |
PHP |
|
|
25.3.23 |
WebApps |
PHP |
||
|
25.3.23 |
WebApps |
PHP |
||
|
25.3.23 |
D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution |
Remote |
Hardware |
|
|
25.3.23 |
Online Diagnostic Lab Management System v1.0 - Remote Code Execution (RCE) (Unauthenticated) |
WebApps |
PHP |
|
|
25.3.23 |
Local |
Windows |
||
|
25.3.23 |
Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection |
WebApps |
PHP |
|
|
25.3.23 |
WebApps |
PHP |
||
|
25.3.23 |
"camp" Raspberry Pi camera server 1.0 - Authentication Bypass |
WebApps |
Python |
|
|
25.3.23 |
Cyber actors have increased the use of web shell malware for computer network exploitation. |
|||
|
25.3.23 |
Backdoor |
TONEINS is the name of a backdoor malware. |
||
|
25.3.23 |
Backdoor |
MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT |
||
|
25.3.23 |
Mandiant associates this with UNC4191, this malware is a launcher for NCAT to establish a reverse tunnel. |
|||
|
25.3.23 |
Mandiant associates this with UNC4191, this malware decrypts and runs DARKDEW. |
|||
|
25.3.23 |
CVE |
Microsoft Outlook Elevation of Privilege Vulnerability |
||
|
25.3.23 |
Capturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide |
|||
|
24.3.23 |
WebApps |
Atlassian Bitbucket Server and Data Center 7.0.0 before version |
||
|
24.3.23 |
WebApps |
wkhtmltopdf 0.12.6 - Server Side Request Forgery |
||
|
24.3.23 |
WebApps |
WorkOrder CMS 0.1.0 - SQL Injection |
||
|
24.3.23 |
WebApps |
MAN-EAM-0003 V3.2.4 - XXE |
||
|
24.3.23 |
WebApps |
Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities |
||
|
24.3.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
23.3.23 |
NAPLISTENER: more bad dreams from developers of SIESTAGRAPH |
|||
|
23.3.23 |
Update to the REF2924 intrusion set and related campaigns |
|||
|
23.3.23 |
This unique malware sample contains a C# class called MsEXGHealthd that consists of three methods: Main, SetRespHeader, and Listener. |
|||
|
23.3.23 |
CVE |
CVE |
||
|
23.3.23 |
CVE |
CVE |
||
|
23.3.23 |
CVE |
CVE |
||
|
23.3.23 |
CVE |
CVE |
||
|
23.3.23 |
CVE |
CVE |
||
|
23.3.23 |
Windows |
The Windows guest virtual machines which were hosted by the infected hypervisors also contained a unique malware sample located at C:\Windows\Temp\avp.exe. |
||
|
23.3.23 |
LINUX |
Mandiant discovered two (2) additional VIRTUALPITA samples listening on TCP port 7475 that were persistent as an init.d startup service on Linux vCenter systems. |
||
|
23.3.23 |
VMware ESXi |
VIRTUALPIE is a lightweight backdoor written in Python that spawns a daemonized IPv6 listener on a hardcoded port on a VMware ESXi server |
||
|
23.3.23 |
VMware ESXi |
VIRTUALPITA is a 64-bit passive backdoor that creates a listener on a hardcoded port number on a VMware ESXi server. |
||
|
23.3.23 |
CVE |
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through |
||
|
23.3.23 |
Banking |
According to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers. |
||
|
23.3.23 |
RAT |
DEMYSTIFYING NEW VIRTUALIZED .NET INJECTOR USED IN THE WILD |
||
|
23.3.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
23.3.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
23.3.23 |
Backdoor |
Bad magic: new APT found in the area of Russo-Ukrainian conflict |
||
|
23.3.23 |
Hardware |
Linksys AX3200 V1.1.00 - Command Injection |
||
|
23.3.23 |
Hardware |
SoX 14.4.2 - Denial Of Service |
||
|
23.3.23 |
PHP |
VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities |
||
|
23.3.23 |
Linux |
ShellBot Malware Being Distributed to Linux SSH Servers |
||
|
18.3.23 |
Android |
The mobile malware landscape of the LATAM region, more specifically Brazil, has recently risen to prominence in the news due to families like Brata and Amextroll, extending their reach all the way to Europe. |
||
|
18.3.23 |
Android |
Between the end of 2022 and the beginning of 2023, a new Android banking trojan was discovered by the Cleafy TIR team. |
||
|
17.3.23 |
A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. |
|||
|
17.3.23 |
Morphisec has recently identified a highly evasive malware campaign delivering ProxyShellMiner to Windows endpoints. |
|||
|
17.3.23 |
||||
|
16.3.23 |
CVE |
CVE |
||
|
16.3.23 |
CVE |
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function |
||
|
16.3.23 |
CVE |
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, |
||
|
16.3.23 |
CVE |
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. |
||
|
15.3.23 |
CVE |
Microsoft Outlook Elevation of Privilege Vulnerability |
||
|
15.3.23 |
CVE |
Windows SmartScreen Security Feature Bypass Vulnerability |
||
|
15.3.23 |
CVE |
Windows SmartScreen Security Feature Bypass Vulnerability |
||
|
15.3.23 |
CVE |
HTTP Protocol Stack Remote Code Execution Vulnerability |
||
|
15.3.23 |
CVE |
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability |
||
|
15.3.23 |
CVE |
Remote Procedure Call Runtime Remote Code Execution Vulnerability |
||
|
15.3.23 |
CVE |
Microsoft OneDrive for Android Information Disclosure Vulnerability |
||
|
15.3.23 |
CVE |
Microsoft OneDrive for Android Information Disclosure Vulnerability |
||
|
15.3.23 |
CVE |
Office for Android Spoofing Vulnerability |
||
|
15.3.23 |
CVE |
Microsoft OneDrive for iOS Security Feature Bypass Vulnerability |
||
|
15.3.23 |
CVE |
CVE |
||
|
15.3.23 |
CVE |
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. |
||
|
15.3.23 |
CVE |
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. |
||
|
15.3.23 |
|
CVE |
CVE |
|
|
15.3.23 |
Backdoor |
REDBALDKNIGHT a.k.a BRONZE BUTLER cyberespionage group employ the Daserf backdoor in campaigns. We found that Daserf was not only used on Japanese targets, but also against other countries. |
||
|
15.3.23 |
We found cyberespionage group TICK targeting critical systems and enterprises to steal information. |
|||
|
15.3.23 |
Espionage |
YoroTrooper’s main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth of Independent States (CIS), based on our analysis |
||
|
15.3.23 |
CrowdStrike has discovered the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure. |
|||
|
15.3.23 |
CVE |
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and |
||
|
15.3.23 |
A buffer underwrite ('buffer underflow') vulnerability in FortiOS & FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on |
|||
|
14.3.23 |
Stealer |
During a threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) discovered a post on the cybercrime forum about an information stealer targeting both Chromium and Mozilla-based browsers. |
||
|
14.3.23 |
Stealer |
Cyble Research and Intelligence Labs (CRIL) came across a new malware strain called “WhiteSnake” Stealer. The stealer was first identified on cybercrime forums at the beginning of this month. |
||
|
14.3.23 |
Stealer |
Threat Actors (TAs) employ sophisticated techniques to create phishing websites that are designed to appear legitimate and attractive to users. |
||
|
14.3.23 |
Toolkit |
Credit card sniffers are malicious codes usually programmed in JavaScript and designed to covertly steal payment card information and Personally Identifiable Information (PII) |
||
|
13.3.23 |
In February 2023, EclecticIQ researchers identified multiple KamiKakaBot malwares which are very likely used to target government entities in ASEAN (Association of Southeast Asian Nations) countries. |
|||
|
11.3.23 |
According to researchers with Palo Alto Networks' Unit 42, who first spotted it in the wild and dubbed it GoBruteforcer, the malware is compatible with x86, x64, and ARM architectures. |
|||
|
11.3.23 |
Hackers associated with the North Korean government have been distributing a trojanized version of the DeFi Wallet for storing cryptocurrency assets to |
|||
|
11.3.23 |
('Code Injection') |
XStream is a simple library to serialize objects to XML and back again. |
||
|
11.3.23 |
An AiTM attack typically involves a threat actor attempting to steal and intercept a target’s password and session cookies by deploying a proxy server between the user and the website. |
|||
|
11.3.23 |
CVE |
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. |
||
|
11.3.23 |
BATLOADER, as the name suggests, is a loader that's responsible for distributing next-stage malware such as information stealers, banking malware, Cobalt Strike, and even ransomware. |
|||
|
10.3.23 |
Trojan |
A Trojan for Winows with the same code structure and functionalities of elf.rekoobe, for Linux environment instead. |
||
|
10.3.23 |
RAT |
Netwire is a RAT, its functionality seems focused on password stealing and keylogging, but includes remote control capabilities as well. |
||
|
10.3.23 |
In June 2022, Mandiant Managed Defense detected and responded to an UNC2970 phishing campaign targeting a U.S.-based technology company. |
|||
|
10.3.23 |
In part one on North Korea's UNC2970, we covered UNC2970’s tactics, techniques and procedures (TTPs) and tooling that they used over the course of multiple intrusions. |
|||
|
10.3.23 |
RAT |
Xenomorph is a Android Banking RAT developed by the Hadoken.Security actor. |
||
|
10.3.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
10.3.23 |
2023-03-08 -- IcedID (Bokbot) infection with BackConnect & VNC traffic |
Infection traffic started on 2023-03-08 shortly after 02:00 UTC, but this wave of malspam & malware is from Tuesday 2023-03-07. |
||
|
10.3.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
10.3.23 |
PlugX malware through the Chinese remote control programs Sunlogin and Awesun’s remote code execution vulnerability. |
|||
|
8.3.23 |
('Injection') |
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. |
||
|
8.3.23 |
('Command Injection') |
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. |
||
|
8.3.23 |
('OS Command Injection') |
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature |
||
|
8.3.23 |
('Code Injection') |
XStream is a simple library to serialize objects to XML and back again. |
||
|
8.3.23 |
Improper Restriction of XML |
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. |
||
|
7.3.23 |
Stealer |
We have seen SYS01 stealer attacking critical government infrastructure employees, manufacturing companies, and other industries. |
||
|
7.3.23 |
RAT |
CrimsonRAT is a remote access Trojan used to take remote control of infected systems and steal data. We know this particular RAT is used by the Transparent Tribe APT group. |
||
|
7.3.23 |
RAT |
Most likely active since July 2022, the campaign has distributed CapraRAT backdoors through at least two similar websites, while representing them as untainted versions of those secure messaging apps. |
||
|
6.3.23 |
RAT |
According to Black Lotus Labs, ZuoRAT is a MIPS file compiled for SOHO routers that can enumerate a host and internal LAN, capture packets being transmitted over the infected device and perform person-in-the-middle attacks (DNS and HTTPS hijacking based on predefined rules). |
||
|
6.3.23 |
RAT |
Just nine months after discovering ZuoRAT – a novel malware targeting small office/home office (SOHO) routers – Lumen Black Lotus Labs® |
||
|
4.3.23 |
ATM Malware |
While some criminals blow up ATMs to steal cash, others use less destructive methods, such as infecting the ATM with malware and then stealing the money. |
||
|
4.3.23 |
ATM Malware |
Backdoor: Win32/Hesetox.A: vSkimmer POS Malware Analysis |
||
|
4.3.23 |
ATM Malware |
A look at the ATM/PoS malware landscape from 2017-2019 |
||
|
4.3.23 |
ATM Malware |
The following table summarizes the properties of various ATM malware families that we have encountere. |
||
|
4.3.23 |
ATM Malware |
Cashing in on ATM Malware: A Comprehensive Look at Various Attack Types |
||
|
4.3.23 |
ATM Malware |
On the heels of recent disclosures of ATM malware such as Suceful [1], Plotus [2] and Padpin [3] (aka Tyupkin), Proofpoint research has discovered yet another variant of ATM malware, which we have dubbed GreenDispenser. |
||
|
4.3.23 |
ATM Malware |
If you answered ‘c’ you might be correct! FireEye Labs discovered a new piece of ATM malware (4BDD67FF852C221112337FECD0681EAC) that we detect as Backdoor.ATM.Suceful |
||
|
4.3.23 |
ATM Malware |
Prilex is a Brazilian threat actor that has evolved out of ATM-focused malware into modular point-of-sale malware. |
||
|
4.3.23 |
ATM Malware |
Ploutus, one of the most sophisticated ATM malware families worldwide, is back with a new variant focused on Latin America. |
||
|
4.3.23 |
ATM Malware |
ATMs are a core part of the financial system, providing users access to their money anytime at different physical locations. |
||
|
3.3.23 |
Out-of-bounds Read |
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. |
||
|
3.3.23 |
Out-of-bounds Write |
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. |
||
|
3.3.23 |
Backdoor |
Mustang Panda is known for its customized Korplug variants (also dubbed PlugX) and elaborate loading chains. |
||
|
3.3.23 |
Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. |
|||
|
3.3.23 |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|||
|
2.3.23 |
Operation leveraging Terraform, Kubernetes, and AWS for data theft |
|||
|
2.3.23 |
Linux |
Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users |
||
|
2.3.23 |
RAT |
HyperBro is a RAT that has been observed to target primarily within the gambling industries, though it has been spotted in other places as well. |
||
|
2.3.23 |
Sideloader used by EmissaryPanda |
|||
|
2.3.23 |
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, |
|||
|
2.3.23 |
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, |
|||
|
2.3.23 |
Gootloader Malware Leads to Cobalt Strike and Hand-on-Keyboard Activity |
|||
|
2.3.23 |
FAKEUPDATES is a downloader written in JavaScript that communicates via HTTP. Supported payload types include executables and JavaScript. It writes the payloads to disk prior to launching them. |
|||
|
1.3.23 |
UEFI bootkit |
The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems is now a reality. |
||
|
1.3.23 |
March(85) |
CVE |
CVE |
|