January(56) February(146) March(137) April(491) May(161) June(162) July(242) August(171) September(238) October(161) November(135) December(126)
|
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
|
29.12.23 |
Banking |
TinyNuke (aka Nuclear Bot) is a fully-fledged banking trojan including HiddenDesktop/VNC server and a reverse socks4 server. It was for sale on underground marketplaces for $2500 in 2016. |
||
|
29.12.23 |
Loader |
Kimsuky Attack Group Abusing Chrome Remote Desktop |
||
|
29.12.23 |
Loader |
According to Rapid7, this is a loader first spotted in July 2023. It implements several evasion techniques including Process Doppelgänging, DLL Search Order Hijacking, and Heaven's Gate. It has been observed to store its malicious payload in the IDAT chunk of PNG file format. |
||
|
29.12.23 |
Loader |
FakeBat, známý také jako EugenLoader, je nechvalně známý softwarový nakladač a distributor, který se dostal do popředí v oblasti kybernetických hrozeb. FakeBat je spojován s podvodnými reklamními kampaněmi nejdříve od listopadu 2022. |
||
|
29.12.23 |
Download |
First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. DarkGate makes use of legitimate AutoIt files and typically runs multiple AutoIt scripts. New versions of DarkGate have been advertised on a Russian language eCrime forum since May 2023. |
||
|
29.12.23 |
RAT |
SectopRAT, aka ArechClient2, is a .NET RAT with numerous capabilities including multiple stealth functions. Arechclient2 can profile victim systems, steal information such as browser and crypto-wallet data, and launch a hidden secondary desktop to control browser sessions. Additionally, it has several anti-VM and anti-emulator capabilities. |
||
|
29.12.23 |
RAT |
According to ProofPoint, FlawedGrace is written in C++ and can be categorized as a Remote Access Trojan (RAT). It seems to have been developed in the second half of 2017 mainly. |
||
|
29.12.23 |
Loader |
According to PCrisk, BATLOADER is part of the infection chain where it is used to perform the initial compromise. This malware is used to execute payloads like Ursnif. Our team has discovered BATLOADER after executing installers for legitimate software (such as Zoom, TeamViewer Visual Studio) bundled with this malware. We have found those installers on compromised websites. |
||
|
28.12.23 |
CVE |
This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. |
||
|
28.12.23 |
CVE |
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. |
||
|
28.12.23 |
CVE |
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. |
||
|
28.12.23 |
CVE |
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. |
||
|
28.12.23 |
Dropper |
This is not being detected by ESET , but ESET is picking it up through Advanced Memory Scanner after being ran because it came through Skype as a 1.5mb shortcut pif , i kept a copy of it inside a passworded archieve , I sent the shortcut also for Analysis through right click and submit for analysis |
||
|
28.12.23 |
Stealer |
This malware is a successor to Raccoon Stealer (also referred to as Raccoon Stealer 2.0), which is however a full rewrite in C/C++. |
||
|
28.12.23 |
Backdoor |
This threat can give a malicious hacker unauthorized access and control of your PC. |
||
|
28.12.23 |
CVE |
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 |
||
|
28.12.23 |
CVE |
The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) |
||
|
27.12.23 |
Triangulation | Operation | Operation | Operation Triangulation: The last (hardware) mystery |
|
27.12.23 |
CVE |
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. | ||
|
27.12.23 |
SALTWATER | Malware | Linux | According to Mandiant, SALTWATER is a module for the Barracuda SMTP daemon (bsmtpd) that has backdoor functionality. SALTWATER can upload or download arbitrary files, execute commands, and has proxy and tunneling capabilities. |
|
27.12.23 |
SEASPY | Malware | Linux | According to CISA, this malware is a persistent backdoor that masquerades as a legitimate Barracuda Networks service. The malware is designed to listen to commands received from the Threat Actor’s Command-and-Control through TCP packets |
|
27.12.23 |
CVE-2023-2868 |
CVE |
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. | |
|
27.12.23 |
CVE-2023-7102 |
CVE |
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic. | |
|
27.12.23 |
Android/Xamalicious | Malware | Android | Stealth Backdoor “Android/Xamalicious” Actively Infecting Devices |
|
26.12.23 |
Carbanak | Malware | Banking | MyCERT states that Carbanak is a remote backdoor designed for espionage, data exfiltration, and to remote control. |
|
26.12.23 |
RTF template injection | Hacking | Phishing | Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors |
|
24.12.23 |
Image files in UEFI can be abused to modify boot behavior | ALERT | ALERT | Image files in UEFI can be abused to modify boot behavior |
|
24.12.23 |
Dark Power | Ransomware | Ransomware | Dark Power Ransomware: In-Depth Analysis, Detection, and Mitigation |
|
24.12.23 |
Kanti | Ransomware | Ransomware | Kanti: A NIM-Based Ransomware Unleashed in the Wild |
|
24.12.23 |
IceXLoader | Malware | Loader | IceXLoader is a commercial malware used to download and deploy additional malware on infected machines. The latest version is written in Nim, a relatively new language utilized by threat actors the past two years, most notably by the NimzaLoader variant of BazarLoader used by the TrickBot group. |
|
24.12.23 |
BazarNimrod | Malware | RAT | A rewrite of Bazarloader in the Nim programming language. |
|
24.12.23 |
Nim-based | Operation | Campaign | A Look at the Nim-based Campaign Using Microsoft Word Docs to Impersonate the Nepali Government |
|
24.12.23 |
LONEPAGE | Malware | VBS | UAC-0099 Exploits WinRAR Vulnerability to Launch LONEPAGE Malware Attacks on Ukrainian Firms |
|
24.12.23 |
RusticWeb | Operation | Operation | Operation RusticWeb targets Indian Govt: From Rust-based malware to Web-service exfiltration |
|
24.12.23 |
CVE-2023-38831 |
CVE |
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. | |
|
24.12.23 |
FalseFont | Malware | Backdoor | Microsoft: Hackers target defense firms with new FalseFont malware |
|
24.12.23 |
Intellexa | Malware | Spyware | Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware |
|
24.12.23 |
CVE-2023-46747 |
CVE |
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. | |
|
24.12.23 |
Chameleon | Malware | Android | Android Banking Trojan Chameleon can now bypass any Biometric Authentication |
|
24.12.23 |
Insta-Phish-A-Gram | Hacking | Phishing | Following Trustwave SpiderLabs’ blog on social media-themed phishing on Facebook, comes another flavor of ‘infringement’ phishing. In this case, the targets, still under the umbrella of Meta, are Instagram users |
|
24.12.23 |
CVE-2017-11882 |
CVE |
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884. | |
|
24.12.23 |
Agent Tesla | Malware | Stealer | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
|
21.12.23 |
CVE-2023-2033 |
CVE |
(CVSS score: 8.8) - Type confusion in V8 | |
|
21.12.23 |
CVE-2023-2136 |
CVE |
(CVSS score: 9.6) - Integer overflow in Skia | |
|
21.12.23 |
CVE-2023-3079 |
CVE |
(CVSS score: 8.8) - Type confusion in V8 | |
|
21.12.23 |
CVE-2023-4762 |
CVE |
(CVSS score: 8.8) - Type confusion in V8 | |
|
21.12.23 |
CVE-2023-4863 |
CVE |
(CVSS score: 8.8) - Heap buffer overflow in WebP | |
|
21.12.23 |
CVE-2023-5217 |
CVE |
(CVSS score: 8.8) - Heap buffer overflow in vp8 encoding in libvpx | |
|
21.12.23 |
CVE-2023-6345 |
CVE |
(CVSS score: 9.6) - Integer overflow in Skia | |
|
21.12.23 |
JaskaGO | Malware | macOS | Behind the scenes: JaskaGO’s coordinated strike on macOS and Windows |
|
19.12.23 |
Pikabot | Malware | Trojan | Discovered in early 2023, the modular Pikabot malware trojan can execute a diverse range of commands. |
|
19.12.23 |
SLUB | Malware | Backdoor | Who is the Threat Actor Behind Operation Earth Kitsune? |
|
19.12.23 |
Operation Blacksmith | Operation | Operation | Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang |
|
19.12.23 |
CVE-2020-14883 |
CVE |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. | |
|
19.12.23 |
CVE-2020-14882 |
CVE |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. | |
|
19.12.23 |
CVE-2023-35384 |
CVE |
(CVSS score: 5.4) - Windows HTML Platforms Security Feature Bypass Vulnerability | |
|
19.12.23 |
CVE-2023-36710 |
CVE |
(CVSS score: 7.8) - Windows Media Foundation Core Remote Code Execution Vulnerability | |
|
19.12.23 |
Rhadamanthys | Malware | Stealer | RHADAMANTHYS V0.5.0 – A DEEP DIVE INTO THE STEALER’S COMPONENTS |
|
19.12.23 |
QakBot | Malware | Stealer | #Qakbot is back! The new version is 64-bit, uses AES for network encryption, and sends POST requests to the path /teorema505. |
|
19.12.23 |
CVE-2018-13379 |
CVE |
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. | |
|
15.12.23 |
CVE-2023-36742 |
CVE |
Visual Studio Code Remote Code Execution Vulnerability | |
|
15.12.23 |
CVE-2023-42325 |
CVE |
(CVSS score: 5.4) - An XSS vulnerability that allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. | |
|
15.12.23 |
CVE-2023-42327 |
CVE |
(CVSS score: 5.4) - An XSS vulnerability that allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. | |
|
15.12.23 |
CVE-2023-42326 |
CVE |
(CVSS score: 8.8) - A lack of validation that allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. | |
|
15.12.23 |
NKAbuse | Malware | Backdoor | Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol |
|
15.12.23 |
W4SP Stealer | Malware | Stealer | The final payload is a Trojan written in Python and obfuscated with the same obfuscator as the downloader. The malware is dubbed “W4SP Stealer” by its author in the code. |
|
14.12.23 |
Bearded Barbie | Operation | Operation | Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials |
|
14.12.23 |
Big Bang | Operation | Operation | The Big Bang attack campaign: Gaza hackers suspected of targeting Middle Eastern victims |
|
14.12.23 |
Operation Parliament | Operation | Operation | The objective of the attacks is clearly espionage – they involve gaining access to top legislative, executive and judicial bodies around the world. |
|
14.12.23 |
OilRig | Malware | Downaloader | OilRig’s persistent attacks using cloud service-powered downloaders |
|
14.12.23 |
Micropsia | Malware | Stealer | This malware written in Delphi is an information stealing malware family dubbed "MICROPSIA". It has s wide range of data theft functionality built in. |
|
14.12.23 |
DarkCrystalRAT | Malware | RAT | DCRat is a typical RAT that has been around since at least June 2019. |
|
14.12.23 |
VaporRage | Malware | Downaloader | According to Mandiant, VaporRage or BOOMMIC, is a shellcode downloader written in C that communicates over HTTPS. |
|
14.12.23 |
GraphicalProton | Malware | Downaloader | PANW Unit 42 describes this malware as capable of up and downloading files as well as loading additional shellcode payloads into selected target processes. It uses the Microsoft Graph API and Dropbox API as C&C channel. |
|
14.12.23 |
CVE-2023-42793 |
CVE |
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | |
|
14.12.23 |
CVE-2023-23752 |
CVE |
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | |
|
14.12.23 |
More_eggs | Malware | JS | BazarCall Attack Leverages Google Forms to Increase Perceived Credibility |
|
13.12.23 |
CVE-2023-36012 |
CVE |
(CVSS score: 5.3) - DHCP Server Service Information Disclosure Vulnerability | |
|
13.12.23 |
CVE-2023-35643 |
CVE |
(CVSS score: 7.5) - DHCP Server Service Information Disclosure Vulnerability | |
|
13.12.23 |
CVE-2023-35638 |
CVE |
(CVSS score: 7.5) - DHCP Server Service Denial-of-Service Vulnerability | |
|
13.12.23 |
CVE-2023-36019 |
CVE |
(CVSS score: 9.6) - Microsoft Power Platform Connector Spoofing Vulnerability | |
|
13.12.23 |
CVE-2023-35642 |
CVE |
(CVSS score: 6.5) - Internet Connection Sharing (ICS) Denial-of-Service Vulnerability | |
|
13.12.23 |
CVE-2023-35641 |
CVE |
(CVSS score: 8.8) - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | |
|
13.12.23 |
CVE-2023-35639 |
CVE |
(CVSS score: 8.8) - Microsoft ODBC Driver Remote Code Execution Vulnerability | |
|
13.12.23 |
CVE-2023-35636 |
CVE |
(CVSS score: 6.5) - Microsoft Outlook Information Disclosure Vulnerability | |
|
13.12.23 |
CVE-2023-35630 |
CVE |
(CVSS score: 8.8) - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | |
|
13.12.23 |
CVE-2023-35628 |
CVE |
(CVSS score: 8.1) - Windows MSHTML Platform Remote Code Execution Vulnerability | |
|
13.12.23 |
Meduza Stealer | Malware | Stealer | UAC-0050 mass cyberattack using RemcosRAT/MeduzaStealer against Ukraine and Poland (CERT-UA#8218) |
|
13.12.23 |
HeadLace | Malware | Backdoor | ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware |
|
12.12.23 |
MrAnon Stealer | Malware | Stealer | MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF |
|
12.12.23 |
CVE-2023-45866 |
CVE |
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. | |
|
12.12.23 |
CVE-2023-50164 |
CVE |
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. | |
|
11.12.23 |
CVE-2023-42793 |
CVE |
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | |
|
11.12.23 |
KEYPLUG | Malware | Linux | With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets |
|
11.12.23 |
TrickMo’s | Malware | Banking | TrickMo’s Return: Banking Trojan Resurgence With New Features |
|
11.12.23 |
SpyLoan | Malware | Android | Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths |
|
10.12.23 |
In-Domain Transient Execution Attack | Attack | CPU | An in-domain transient execution attack allows a sandboxed adversary to access a secret within the same domain by circumventing software-based access controls. |
|
10.12.23 |
Cross-Domain Transient Execution Attack | Attack | CPU | A cross-domain transient execution attack5 requires the adversary to find a disclosure gadget in the victim’s domain which, when executed transiently, can transiently access6 and transmit a secret over a covert channel. |
|
10.12.23 |
Domain-Bypass Transient Execution Attack | Attack | CPU | In a domain-bypass transient execution attack, the adversary executes transient instructions that circumvent hardware-based access controls, allowing access to a secret outside of the adversary’s domain. |
|
10.12.23 |
Transient Execution Attacks | Attack | CPU | A transient execution attack exploits the microarchitectural side effects of transient instructions, thus allowing a malicious adversary to access information that would ordinarily be prohibited by architectural access control mechanisms. |
|
9.12.23 |
GULOADER | Malware | Downloader | Getting gooey with GULOADER: deobfuscating the downloader |
|
9.12.23 |
5GHOUL | Hacking | 5G | 5Ghoul : Unleashing Chaos on 5G Edge Devices |
|
9.12.23 |
Trojan-Proxy | Malware | Trojan Proxy | New macOS Trojan-Proxy piggybacking on cracked software |
|
8.12.23 |
SLAM Attack | Attack | CPU | SLAM: SPECTRE BASED ON LINEAR ADDRESS MASKING |
|
8.12.23 |
Ongoing attacks | Hacking | Phishing | Star Blizzard increases sophistication and evasion in ongoing attacks |
|
8.12.23 |
CVE-2023-45866 |
CVE |
[The HID Profile in multiple Bluetooth host stacks may accept connections with the HID control and HID interrupt channels of the HID Host role without MITM protection/mitigation and without user confirmation on the Central role device. | |
|
7.12.23 |
Krasue | Malware | RAT | Curse of the Krasue: New Linux Remote Access Trojan targets Thailand |
|
7.12.23 |
CVE-2023-26360 |
CVE |
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | |
|
7.12.23 |
CVE-2022-1471 |
CVE |
(CVSS score: 9.8) - Deserialization vulnerability in SnakeYAML library that can lead to remote code execution in multiple products | |
|
7.12.23 |
CVE-2023-22522 |
CVE |
(CVSS score: 9.0) - Remote code execution vulnerability in Confluence Data Center and Confluence Server (affects all versions including and after 4.0.0) | |
|
7.12.23 |
CVE-2023-22523 |
CVE |
(CVSS score: 9.8) - Remote code execution vulnerability in Assets Discovery for Jira Service Management Cloud, Server, and Data Center (affects all versions up to but not including 3.2.0-cloud / 6.2.0 data center and server) | |
|
7.12.23 |
CVE-2023-22524 |
CVE |
(CVSS score: 9.6) - Remote code execution vulnerability in Atlassian Companion app for macOS (affects all versions up to but not including 2.0.0) | |
|
6.12.23 |
Fake Lockdown Mode | Hacking | Apple | Fake Lockdown Mode: A post-exploitation tampering technique |
|
6.12.23 |
CVE-2022-22071 |
CVE |
Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |
|
6.12.23 |
CVE-2023-33063 |
CVE |
(CVSS score: 7.8) - Memory corruption in DSP Services during a remote call from HLOS to DSP. | |
|
6.12.23 |
CVE-2023-33106 |
CVE |
(CVSS score: 8.4) - Memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | |
|
6.12.23 |
CVE-2023-33107 |
CVE |
(CVSS score: 8.4) - Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | |
|
5.12.23 |
CVE-2023-23397 |
CVE |
Microsoft Outlook Elevation of Privilege Vulnerability | |
|
5.12.23 |
CVE-2023-24023 |
CVE |
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. | |
|
5.12.23 |
BLUFFS | Attack | Bluethoot | BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses |
|
5.12.23 |
P2Pinfect | Malware | Botnet | P2Pinfect - New Variant Targets MIPS Devices |
|
5.12.23 |
CVE-2022-0543 |
CVE |
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | |
|
4.12.23 |
Attacking Intel® BIOS | Attack | BIOS | LogoFAIL: Security Implications of Image Parsing During System Boot |
|
2.12.23 |
Agent Racoon | Malware | Backdoor | Organizations in the Middle East, Africa, and the U.S. have been targeted by an unknown threat actor to distribute a new backdoor called Agent Racoon. |
|
1.12.23 |
FjordPhantom | Malware | Android | Promon discovers new Android banking malware, “FjordPhantom” |
|
1.12.23 |
SugarGh0st RAT | Malware | RAT | New SugarGh0st RAT targets Uzbekistan government and South Korea |
|
1.12.23 |
Ghost RAT | Malware | RAT | According to Security Ninja, Gh0st RAT (Remote Access Terminal) is a trojan “Remote Access Tool” used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth. |
|
1.12.23 |
CVE-2023-37928 |
CVE |
A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | |
|
1.12.23 |
CVE-2023-37927 |
CVE |
The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | |
|
1.12.23 |
CVE-2023-35137 |
CVE |
An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device. | |
|
1.12.23 |
CVE-2023-4474 |
CVE |
(CVSS score: 9.8) - An improper neutralization of special elements vulnerability that could allow an unauthenticated attacker to execute some operating system commands by sending a crafted URL to a vulnerable device. | |
|
1.12.23 |
CVE-2023-4473 |
CVE |
(CVSS score: 9.8) - A command injection vulnerability in the web server that could allow an unauthenticated attacker to execute some operating system commands by sending a crafted URL to a vulnerable device. | |
|
1.12.23 |
CVE-2023-35138 |
CVE |
(CVSS score: 9.8) - A command injection vulnerability that could allow an unauthenticated attacker to execute some operating system commands by sending a crafted HTTP POST request. | |
|
1.12.23 |
CVE-2023-6345 |
CVE |
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | |
|
1.12.23 |
CVE-2023-42917 |
CVE |
A memory corruption bug that could result in arbitrary code execution when processing web content. | |
|
1.12.23 |
CVE-2023-42916 |
CVE |
An out-of-bounds read issue that could be exploited to leak sensitive information when processing web content. | |