January(56) February(146) March(137) April(491) May(161) June(162) July(242) August(171) September(238) October(161) November(135) December(70)
|
DATE |
NAME |
CATEGORY |
SUBCATEGORIES |
INFO |
|
31.5.23 |
Malware |
ASERT recently discovered Lojack agents containing malicious C2s. These hijacked agents pointed to suspected Fancy Bear (a.k.a. APT28, Pawn Storm) domains. |
||
|
31.5.23 |
CWE |
CWE |
||
|
31.5.23 |
RAT |
Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. |
||
|
31.5.23 |
CWE |
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. |
||
|
30.5.23 |
CWE |
A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. |
||
|
30.5.23 |
Android |
Predator: Looking under the hood of Intellexa’s Android spyware |
||
|
30.5.23 |
OT malware |
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises |
||
|
30.5.23 |
CWE |
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. |
||
|
25.5.23 |
CWE |
A buffer overflow vulnerability in the notification function that could enable an unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution. |
||
|
25.5.23 |
CWE |
A buffer overflow vulnerability in the ID processing function that could enable an unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution. |
||
|
25.5.23 |
Backdoor |
An unnamed government entity associated with the United Arab Emirates (U.A.E.) was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "simple yet effective" backdoor dubbed PowerExchange. |
||
|
25.5.23 |
PeepingTitle |
Backdoor |
The reason why the attackers drop two variants is to use one for capturing the victim's screen and the second for monitoring windows and the user's interactions with those. |
|
|
25.5.23 |
Trojan |
A new banking trojan dubbed maxtrilha (due to its encryption key) has been discovered in the last few days and targeting customers of European and South American banks. |
||
|
25.5.23 |
CWE |
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). |
||
|
25.5.23 |
CWE |
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. |
||
|
25.5.23 |
CWE |
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003 |
||
|
25.5.23 |
Backdoor |
An APT group that we are calling BackdoorDiplomacy, due to the main vertical of its victims, has been targeting Ministries of Foreign Affairs and telecommunication companies in Africa and the Middle East |
||
|
25.5.23 |
Android |
It is rare for a developer to upload a legitimate app, wait almost a year, and then update it with malicious code. |
||
|
25.5.23 |
JackalWorm |
Worm |
A worm that's engineered to infect systems using removable USB drives and install the JackalControl trojan. |
|
|
25.5.23 |
JackalSteal |
Steal |
An implant that's used to find files of interest, including those located in removable USB drives, and transmit them to a remote server. |
|
|
25.5.23 |
CWE |
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. |
||
|
25.5.23 |
Loader |
According to Mandiant, POORTRY is a malware written as a driver, signed with a Microsoft Windows Hardware Compatibility Authenticode signature. |
||
|
25.5.23 |
Loader |
Since Iranian threat actors are known to exploit Exchange servers to deploy additional malware, it is also possible that this driver has been employed alongside Exchange attacks. |
||
|
25.5.23 |
CWE |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser |
||
|
25.5.23 |
In addition to the armed conflict in eastern Ukraine, in recent years the country has been facing a significantly higher number of targeted cyberattacks, or so-called advanced persistent threats (APTs). |
|||
|
25.5.23 |
Toolkit |
Operation Groundbait: Analysis of a surveillance toolkit |
||
|
25.5.23 |
CWE |
** DISPUTED ** KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. |
||
|
25.5.23 |
CWE |
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. |
||
|
20.5.23 |
PowerShell |
This PowerShell written malware is an in-memory dropper used by FIN7 to execute the included/embedded payload. |
||
|
20.5.23 |
CWE |
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. |
||
|
20.5.23 |
CWE |
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. |
||
|
20.5.23 |
CWE |
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections) |
||
|
20.5.23 |
CWE |
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x |
||
|
20.5.23 |
CWE |
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel |
||
|
20.5.23 |
||||
|
20.5.23 |
Epson Stylus SX510W Printer Remote Power Off - Denial of Service |
|||
|
20.5.23 |
||||
|
20.5.23 |
Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS) |
|||
|
20.5.23 |
||||
|
20.5.23 |
||||
|
19.5.23 |
Malware traffic |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
||
|
19.5.23 |
Malware traffic |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
||
|
19.5.23 |
obama262 Qakbot (Qbot) infection with Cobalt Strike & Dark Cat VNC |
Malware traffic |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
|
|
19.5.23 |
Python |
Stealer with Clipper Making Rounds in a Mass Campaign |
||
|
19.5.23 |
RAT |
ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an open source infostealer that lurked on npm for two months before being detected. |
||
|
19.5.23 |
Android |
It's worth noting that the same technique of modifying the zygote process has also been adopted by another mobile trojan called Triada. |
||
|
18.5.23 |
CWE |
(CVSS score: 9.8): Cisco Small Business Series Switches Stack Buffer Overflow Vulnerability |
||
|
18.5.23 |
CWE |
(CVSS score: 9.8): Cisco Small Business Series Switches Unauthenticated BSS Buffer Overflow Vulnerability |
||
|
18.5.23 |
CWE |
(CVSS score: 9.8): Cisco Small Business Series Switches Unauthenticated Stack Buffer Overflow Vulnerability |
||
|
18.5.23 |
CWE |
(CVSS score: 9.8): Cisco Small Business Series Switches Unauthenticated Stack Buffer Overflow Vulnerability |
||
|
18.5.23 |
CWE |
(CVSS score: 8.6): Cisco Small Business Series Switches Unauthenticated Heap Buffer Overflow Vulnerability |
||
|
18.5.23 |
CWE |
(CVSS score: 8.6): Cisco Small Business Series Switches Unauthenticated Heap Buffer Overflow Vulnerability |
||
|
18.5.23 |
CWE |
(CVSS score: 8.6): Cisco Small Business Series Switches Unauthenticated Heap Buffer Overflow Vulnerability |
||
|
18.5.23 |
CWE |
(CVSS score: 8.6): Cisco Small Business Series Switches Unauthenticated Denial-of-Service Vulnerability |
||
|
18.5.23 |
CWE |
(CVSS score: 7.5): Cisco Small Business Series Switches Unauthenticated Configuration Reading Vulnerability |
||
|
18.5.23 |
Stealer |
Zmutzy is a spyware and information stealer Trojan written in Microsoft’s .NET language. |
||
|
18.5.23 |
Trojan |
The Kryptik trojan was created to obtain information on an infected host’s FTP servers. |
||
|
18.5.23 |
Crypt |
ScrubCrypt is the rebranded "Jlaive" crypter, with a unique capability of .BAT packing |
||
|
18.5.23 |
Crypt |
According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021 |
||
|
18.5.23 |
CWE |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). |
||
|
18.5.23 |
RAT |
Android Spyware is one of the most common kinds of malware used by attackers to gain access to personal data and carry out fraud operations. |
||
|
17.5.2023 |
Malware |
According to Mandiant, POORTRY is a malware written as a driver, signed with a Microsoft Windows Hardware Compatibility Authenticode signature. |
||
|
16.5.2023 |
MacOS |
The TrafficStealer malware employs open container APIs to redirect web traffic to specific sites and manipulate user interaction with ads. |
||
|
16.5.2023 |
Loader |
According to sekoia, PrivateLoader is a modular malware whose main capability is to download and execute one or several payloads. |
||
|
16.5.2023 |
Stealer |
According to PCRIsk, CopperStealer, also known as Mingloa, is a malicious program designed to steal sensitive/personal information. |
||
|
16.5.2023 |
ELF |
The firmware image contained several malicious components, including a custom MIPS32 ELF implant dubbed “Horse Shell” |
||
|
15.5.2023 |
Backdoor |
Merdoor is a fully-featured backdoor that appears to have been in existence since 2018. |
||
|
15.5.2023 |
CWE |
(CVSS score: 6.5) - Missing Authentication Information Disclosure Vulnerability |
||
|
15.5.2023 |
CWE |
(CVSS score: 8.8) - Stack-based Buffer Overflow Authentication Bypass Vulnerability |
||
|
15.5.2023 |
CWE |
(CVSS score: 8.8) - Stack-based Buffer Overflow Authentication Bypass Vulnerability |
||
|
15.5.2023 |
CWE |
(CVSS score: 5.7) - Device Configuration Cleartext Storage Information Disclosure Vulnerability |
||
|
15.5.2023 |
CWE |
(CVSS score: 8.0) - Command Injection Remote Code Execution Vulnerability |
||
|
15.5.2023 |
CWE |
Malware with wide range of capabilities ranging from RAT to ransomware. |
||
|
15.5.2023 |
Linux |
BPFDoor is a passive backdoor used by a China-based threat actor. |
||
|
15.5.2023 |
CWE-284 |
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). |
||
|
14.5.2023 |
CWE-94 |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted |
||
|
14.5.2023 |
CWE-94 |
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. |
||
|
14.5.2023 |
CWE-294 |
Microsoft Outlook Elevation of Privilege Vulnerability |
||
|
14.5.2023 |
|
Windows MSHTML Platform Security Feature Bypass Vulnerability |
||
|
14.5.2023 |
The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets. |
|||
|
14.5.2023 |
Deep Dive Into DownEx Espionage Operation in Central Asia |
|||
|
14.5.2023 |
|
Secure Boot Security Feature Bypass Vulnerability. |
||
|
14.5.2023 |
|
Secure Boot Security Feature Bypass Vulnerability |
||
|
14.5.2023 |
|
Windows OLE Remote Code Execution Vulnerability |
||
|
14.5.2023 |
|
Win32k Elevation of Privilege Vulnerability |
||
|
13.5.2023 |
CWE-284 |
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). |
||
|
12.5.2023 |
RAT |
AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development. |
||
|
12.5.2023 |
RAT |
Action RAT is a remote access tool written in Delphi that has been used by SideCopy since at least December 2021 against Indian and Afghani government personnel. |
||
|
12.5.2023 |
LOADER |
The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. |
||
|
7.5.2023 |
||||
|
7.5.2023 |
Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting (XSS) |
|||
|
7.5.2023 |
||||
|
7.5.2023 |
Codigo Markdown Editor v1.0.1 (Electron) - Remote Code Execution |
|||
|
7.5.2023 |
Online Pizza Ordering System v1.0 - Unauthenticated File Upload |
|||
|
7.5.2023 |
EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal) |
|||
|
7.5.2023 |
Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks |
|||
|
7.5.2023 |
Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls |
|||
|
7.5.2023 |
Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts |
|||
|
7.5.2023 |
Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path |
|||
|
7.5.2023 |
||||
|
7.5.2023 |
Jedox 2022.4.2 - Remote Code Execution via Directory Traversal |
|||
|
7.5.2023 |
||||
|
7.5.2023 |
||||
|
7.5.2023 |
||||
|
7.5.2023 |
||||
|
7.5.2023 |
KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution (RCE) |
|||
|
7.5.23 |
Android |
The malware features several malicious Android applications that mimic legitimate applications, most of which have more than 1,000,000 installs. |
||
|
6.5.23 |
Macro |
Ongoing campaigns use a new malware component we call ReconShark, which is actively delivered to specifically targeted individuals through spear-phishing emails, |
||
|
6.5.23 |
Downloader |
sLoad is a PowerShell downloader that most frequently delivers Ramnit banker and includes noteworthy reconnaissance features. |
||
|
6.5.23 |
Malware traffic |
Zip files are password-protected. If you don't know the password, see the "about" page of this website. |
||
|
6.5.23 |
RAT |
goatRat is the name of a remote access trojan (RAT) - a malicious app that allows attackers to take control of an Android device. |
||
|
6.5.23 |
Android |
Nexus is the name of a banking trojan targeting Android Operating Systems (OSes). According to the research done by Cyble analysts, Nexus is the rebranded version of the S.O.V.A. banking trojan. |
||
|
6.5.23 |
Android |
Predator is the name of spyware (malicious software) targeting Android users. Between August and October 2021, the attackers utilized zero-day exploits |
||
|
6.5.23 |
Android |
Goldoson is an Android malware that compiles a list of installed applications and records the history of Wi-Fi and Bluetooth devices, including GPS locations in close proximity. |
||
|
6.5.23 |
Android |
Chameleon is the name of a trojan targeting Android Operating Systems (OSes). |
||
|
6.5.23 |
Android |
Fleckpe is a recently discovered Android Trojan family found on Google Play, which secretly subscribes victims to paid services. |
||
|
5.5.23 |
CWE-306 |
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. |
||
|
5.5.23 |
|
(CVSS score: 9.8), the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. |
||
|
5.5.23 |
Code-injection |
Dirty Vanity is a new code-injection technique that abuses forking, a lesser-known mechanism that exists in Windows operating systems. |
||
|
5.5.23 |
RAT |
GravityRAT malware takes your system's temperature |
||
|
5.5.23 |
|
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. |
||
|
5.5.23 |
|
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login |
||
|
5.5.23 |
CWE-78 |
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code. |
||
|
5.5.23 |
|
Out-of-bounds read when processing a malformed BGP OPEN message that abruptly ends with the option length octet. |
||
|
5.5.23 |
|
Out-of-bounds read when processing a malformed BGP OPEN message with an Extended Optional Parameters Length option. |
||
|
5.5.23 |
|
Out-of-bounds read when processing a malformed BGP OPEN message with an Extended Optional Parameters Length option. |
||
|
5.5.23 |
Android |
New ransomware posing as COVID‑19 tracing app targets Canada; ESET offers decryptor |
||
|
5.5.23 |
Spyware |
Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy |
||
|
5.5.23 |
Malware |
Elastic Security Labs discovers the LOBSHOT malware |
||
|
5.5.23 |
Android |
Scarcruft Bolsters Arsenal for targeting individual Android devices |
||
|
5.5.23 |
OSX |
Twitter Thread linking CloudMensis to RokRAT / ScarCruft |
||
|
5.5.23 |
RAT |
It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents. |
||
|
5.5.23 |
|
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration |
||
|
5.5.23 |
|
(CVSS score: 7.5) - Oracle WebLogic Server Unspecified Vulnerability |
||
|
5.5.23 |
CWE-502 |
(CVSS score: 9.0) - Apache Log4j2 Deserialization of Untrusted Data Vulnerability |
||
|
5.5.23 |
CWE-77 |
(CVSS score: 8.8) - TP-Link Archer AX-21 Command Injection Vulnerability |
||
|
3.5.2023 |
||||
|
3.5.2023 |
||||
|
3.5.2023 |
||||
|
3.5.2023 |
PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS) |
|||
|
3.5.2023 |
||||
|
3.5.2023 |
||||
|
3.5.2023 |
||||
|
3.5.2023 |
||||
|
3.5.2023 |
MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control |
|||
|
3.5.2023 |
||||
|
3.5.2023 |
||||
|
3.5.2023 |
||||
|
3.5.2023 |
||||
|
3.5.2023 |
||||
|
3.5.2023 |
||||
|
3.5.2023 |
PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting |
|||
|
1.5.2023 |
||||
|
1.5.2023 |
||||
|
1.5.2023 |
||||
|
1.5.2023 |
Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution |
|||
|
1.5.2023 |
||||
|
1.5.2023 |
||||
|
1.5.2023 |
||||
|
1.5.2023 |
||||
|
1.5.2023 |