January(56) February(146) March(137) April(491) May(161) June(162) July(242) August(171) September(238) October(161) November(135) December(70)
|
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
| 31.10.23 | SeroXen RAT | Malware | RAT | SeroXen is a fileless Remote Access Trojan (RAT) that excels in evading detection through both static and dynamic analysis methods. The malware incorporates various open-source projects, including Quasar RAT, r77-rootkit, and the command line tool NirCmd, to enhance its functionalities and capabilities. |
| 31.10.23 | CVE-2023-22515 |
CVE |
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. | |
| 31.10.23 | CVE-2023-22518 |
CVE |
CVE-2023-22518 - Improper Authorization Vulnerability In Confluence Data Center and Confluence Server | |
| 31.10.23 | BiBi-Linux | Malware | Wiper | BiBi-Linux: A New Wiper Dropped By Pro-Hamas Hacktivist Group |
| 30.10.23 | EleKtra-Leak | Operation | Operation | CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys |
| 30.10.23 | CVE-2022-4886 |
CVE |
(CVSS score: 8.8) - Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller | |
| 30.10.23 | CVE-2023-5043 |
CVE |
(CVSS score: 7.6) - Ingress-nginx annotation injection causes arbitrary command execution | |
| 30.10.23 | CVE-2023-5044 |
CVE |
(CVSS score: 7.6) - Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation | |
| 30.10.23 | NetSupportManager RAT | Malware | RAT | Enigma Software notes that NetSupport Manager is a genuine application, which was first released about twenty years ago. The purpose of the NetSupport Manager tool is to enable users to receive remote technical support or provide remote computer assistance. |
| 30.10.23 | Rhadamanthys | Stealer | According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines. | |
| 30.10.23 | SectopRAT | RAT | SectopRAT, aka ArechClient2, is a .NET RAT with numerous capabilities including multiple stealth functions. Arechclient2 can profile victim systems, steal information such as browser and crypto-wallet data, and launch a hidden secondary desktop to control browser sessions. Additionally, it has several anti-VM and anti-emulator capabilities. | |
| 30.10.23 | GHOSTPULSE | Malware | Stealer | GHOSTPULSE haunts victims using defense evasion bag o' tricks |
| 28.10.23 | StripedFly | Linux | It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. | |
| 28.10.23 | LPEClient | Stealer | LPEClient is an HTTP(S) downloader that expects two command line parameters: an encrypted string containing two URLs (a primary and a secondary C&C server), and the path on the victim's file system to store the downloaded payload. | |
| 28.10.23 | SIGNBT | Inject | The exploitation led to the deployment of the SIGNBT malware along with shellcode used for injecting the payload into memory for stealthy execution. | |
|
27.10.23 |
CVE |
iLeakage: Browser-based Timerless Speculative Execution Attacks on Apple Devices |
||
|
27.10.23 |
CVE |
A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information. |
||
|
27.10.23 |
Attack |
Layer 3 DDoS attacks target layer 3 (L3) in the OSI model. Like all DDoS attacks, the goal of a layer 3 attack is to slow down or crash a program, service, computer, or network, or to fill up capacity so that no one else can receive service. L3 DDoS attacks typically accomplish this by targeting network equipment and infrastructure. |
||
|
27.10.23 |
Attack |
HTTP/2 Rapid Reset: deconstructing the record-breaking attack |
||
|
27.10.23 |
CVE |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
||
|
27.10.23 |
Loader |
Yellow Liderc ships its scripts and delivers IMAPLoader malware |
||
|
27.10.23 |
CVE |
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
||
|
27.10.23 |
CVE |
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. |
||
|
27.10.23 |
RAT |
Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection |
||
|
27.10.23 |
RAT |
In this course, you will learn exfiltration over alternative protocol: exfiltration over unencrypted/obfuscated non-C2 protocol using Powershell RAT. |
||
|
27.10.23 |
CVE |
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. |
||
|
27.10.23 |
CVE |
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php. |
||
|
27.10.23 |
CVE |
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. |
||
|
27.10.23 |
CVE |
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. |
||
|
27.10.23 |
Injector |
Trojan.Injector is Malwarebytes' generic detection name for malware that injects itself into other processes or files. This is an effective method to hide from the average user as they will only see the regular active processes. |
||
|
27.10.23 |
Stealer |
Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware |
||
|
25.10.23 |
CVE |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. |
||
|
25.10.23 |
CVE |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. |
||
|
25.10.23 |
CVE |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. |
||
|
25.10.23 |
CVE |
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. |
||
|
25.10.23 |
CVE |
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. |
||
|
25.10.23 |
CVE |
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. |
||
|
25.10.23 |
CVE |
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. |
||
|
25.10.23 |
CVE |
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are providing enhanced detection for the presence of the implant. |
||
|
25.10.23 |
CVE |
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. |
||
| 22.10.23 | Operation King TUT | Operation | Operation | ESET researchers reveal a growing sophistication in threats affecting the LATAM region by employing evasion techniques and high-value targeting |
| 22.10.23 | The Week in Ransomware - October 20th 2023 - Fighting Back |
Ransom |
This was a bad week for ransomware, with the Trigona ransomware suffering a data breach and law enforcement disrupting the RagnarLocker ransomware operation. | |
| 21.10.23 | CVE-2023-20273 |
CVE |
(CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and is said to have been used alongside CVE-2023-20198 as part of an exploit chain. | |
| 21.10.23 | LOBSHOT | Malware | Stealer | According to PCrisk, LOBSHOT is a type of malware with a feature called hVNC (Hidden Virtual Network Computing) that allows attackers to access a victim's computer without being noticed. |
| 21.10.23 | DarkGate | Malware | Loader | First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. |
| 21.10.23 | DUCKTAIL | Malware | Stealer | According to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature. |
| 20.10.23 | ExelaStealer | Malware | Stealer | Another InfoStealer Enters the Field, ExelaStealer |
| 20.10.23 | CVE-2021-26411 |
CVE |
Internet Explorer Memory Corruption Vulnerability | |
| 20.10.23 | Scout | Malware | Downloader | A downloader that uses Windows messages to control its execution flow. |
| 20.10.23 | Volgmer | Malware | Backdoor | Analysis Report on Lazarus Threat Group’s Volgmer and Scout Malware |
| 20.10.23 | CVE-2023-42793 |
CVE |
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | |
| 20.10.23 | CVE-2023-38831 |
CVE |
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. | |
| 20.10.23 | RokRAT | Malware | RAT | It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents. |
| 20.10.23 | Bankshot | Malware | Backdoor | Following the Lazarus group by tracking DeathNote campaign |
| 20.10.23 | LPEClient | Malware | Downloader | LPEClient is an HTTP(S) downloader that expects two command line parameters: an encrypted string containing two URLs (a primary and a secondary C&C server), and the path on the victim's file system to store the downloaded payload. |
| 20.10.23 | CVE-2023-4966 |
CVE |
(CVSS score: 9.4), the vulnerability impacts the following supported versions | |
|
19.10.23 |
Venom RAT | Malware | RAT | VenomRAT - new, hackforums grade, reincarnation of QuassarRAT |
|
19.10.23 |
Typhon Stealer | Malware | Stealer | According to PCrisk, Typhon is a stealer-type malware written in the C# programming language. |
|
19.10.23 |
Stealerium | Malware | Stealer | According to SecurityScorecard, Stealerium is an open-source stealer available on GitHub. The malware steals information from browsers, cryptocurrency wallets, and applications such as Discord, Pidgin, Outlook, Telegram, Skype, Element, Signal, Tox, Steam, Minecraft, and VPN clients. |
|
19.10.23 |
TetrisPhantom | Operation | Operation | Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed TetrisPhantom. |
|
19.10.23 |
CVE |
CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. | ||
|
19.10.23 |
CVE |
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. | ||
|
19.10.23 |
CVE-2023-2729 |
CVE |
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. | |
|
17.10.23 |
CVE-2023-43261 |
CVE |
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. | |
|
17.10.23 |
Poseidon | Malware | Linux | Part of Mythic C2, written in Golang. |
|
17.10.23 |
Poseidon | Malware | OSX | Part of Mythic C2, written in Golang. |
|
17.10.23 |
CVE-2021-1435 |
CVE |
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. | |
|
17.10.23 |
CVE-2023-20198 |
CVE |
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. | |
|
17.10.23 |
CVE-2023-38831 |
CVE |
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. | |
|
16.10.23 |
Android |
The malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code |
||
|
16.10.23 |
RAT |
According to ThreatFabric, this is a malware family based on apk.ermac. The name hook is the self-advertised named by its vendor DukeEugene. |
||
|
16.10.23 |
Loader |
HijackLoader Targets Hotels: A Technical Analysis |
||
|
16.10.23 |
APPX file |
For Microsoft Edge’s visitors, ClearFake delivered a malicious Windows Application Packaging Project (APPX file) from Dropbox. |
||
|
16.10.23 |
Loader |
Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers |
||
|
16.10.23 |
Operation |
“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts |
||
|
14.10.23 |
CVE |
Windows Search Remote Code Execution Vulnerability |
||
|
14.10.23 |
RAT |
Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. |
||
|
14.10.23 |
The Week in Ransomware - October 13th 2023 - Increasing Attacks |
Ransom |
Ransomware gangs continue to pummel the enterprise, with attacks causing disruption in business operations and resulting in data breaches if a ransom is not paid. |
|
|
13.10.23 |
APT |
ToddyCat: Keep calm and check logs |
||
|
13.10.23 |
Stealer |
First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. |
||
|
13.10.23 |
RAT |
Phylum Discovers SeroXen RAT in Typosquatted NuGet Package |
||
|
13.10.23 |
Stealer |
This malware is a successor to Raccoon Stealer (also referred to as Raccoon Stealer 2.0), which is however a full rewrite in C/C++. |
||
|
13.10.23 |
Stealer |
Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. |
||
|
13.10.23 |
Linux |
ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses |
||
|
12.10.23 |
Backdoor |
According to AhnLab, BlueShell is a backdoor malware developed in Go language, published on Github, and it supports Windows, Linux, and Mac operating systems. |
||
|
12.10.23 |
CVE |
(CVSS score: 5.0) - Cookie injection with none file |
||
|
12.10.23 |
CVE |
(CVSS score: 7.5) - SOCKS5 heap-based buffer overflow vulnerability |
||
|
12.10.23 |
Injector |
Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins |
||
|
12.10.23 |
CVE |
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks. |
||
|
12.10.23 |
CVE |
Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
||
|
12.10.23 |
CVE |
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
||
| 11.10.23 | CVE-2023-41763 |
CVE |
(CVSS score: 5.3) - A privilege escalation vulnerability in Skype for Business that could lead to exposure of sensitive information such as IP addresses or port numbers (or both), enabling threat actors to gain access to internal networks | |
| 11.10.23 | CVE-2023-36563 |
CVE |
(CVSS score: 6.5) - An information disclosure vulnerability in Microsoft WordPad that could result in the leak of NTLM hashes | |
| 11.10.23 | CVE-2023-22515 |
CVE |
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. | |
| 11.10.23 | HTTP/2 Rapid Reset attack | Attack | Attack | HTTP/2 Rapid Reset: deconstructing the record-breaking attack |
| 11.10.23 | CVE-2023-44487 |
CVE |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |
| 10.10.23 | CVE-2023-3420 |
CVE |
Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| 10.10.23 | CVE-2023-43641 |
CVE |
libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. | |
| 10.10.23 | CVE-2023-3519 |
CVE |
Unauthenticated remote code execution | |
| 10.10.23 | PEACHPIT | Malware | MultiOS | PEACHPIT is an ad fraud branch that comes from the root of the BADBOX tree. |
| 10.10.23 | CVE-2023-33378 |
CVE |
(CVSS score: 8.6) - An argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | |
| 10.10.23 | CVE-2023-33377 |
CVE |
(CVSS score: 8.6) - An operating system command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | |
| 10.10.23 | CVE-2023-33376 |
CVE |
(CVSS score: 8.6) - An argument injection vulnerability in its ip tables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | |
| 10.10.23 | CVE-2023-33375 |
CVE |
(CVSS score: 8.6) - A stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices. | |
| 10.10.23 | CVE-2023-38546 |
CVE |
Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets | |
| 10.10.23 | CVE-2023-38545 |
CVE |
CVE-2023-38545, A High Severity cURL and libcurl CVE, to be published on October 11th | |
| 8.10.23 | HyperBro | Malware | RAT | HyperBro is a RAT that has been observed to target primarily within the gambling industries, though it has been spotted in other places as well. |
|
6.10.23 |
CVE |
An attacker could send a phishing link that does not require login, tricking BMC administrators to click on that link while they are still logged in and thus authenticated by BMC Web UI. The attacker poisons the administrator’s browser cookies and local storage to create a new user. |
||
|
6.10.23 |
CVE |
An attacker could send a phishing link that does not require login, tricking BMC administrators to click on that link while they are still logged in and thus authenticated by BMC Web UI. |
||
|
6.10.23 |
CVE |
An attacker could send a phishing link that does not require login, tricking BMC administrators to click on that link while they are still logged in and thus authenticated by BMC Web UI. |
||
|
6.10.23 |
CVE |
An attacker could send a phishing link that does not require login, tricking BMC administrators to click on that link while they are still logged in and thus authenticated by BMC Web UI. |
||
|
6.10.23 |
CVE |
An attacker could send a phishing link that does not require login, tricking BMC administrators to click on that link while they are still logged in and thus authenticated by BMC Web UI. |
||
|
6.10.23 |
CVE |
An attacker could send a phishing link that does not require login, tricking BMC administrators to click on that link while they are still logged in and thus authenticated by BMC Web UI. |
||
|
6.10.23 |
CVE |
An attacker needs to be logged into BMC with administrator privileges to exploit the vulnerability. An unvalidated input value could allow the attacker to perform command injection. |
||
|
6.10.23 |
CVE |
A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. |
||
|
6.10.23 |
CVE |
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. |
||
|
5.10.23 |
Bot |
According to PCrisk, Lu0bot es un software malicioso. El malware es ligero, por lo que su uso de los recursos del sistema es bajo. Esto complica la detección de Lu0bot, ya que no causa síntomas significativos, como una grave disminución del rendimiento del sistema. |
||
|
5.10.23 |
RAT |
DinodasRAT uses TEA to decrypt some of its strings, as well as to encrypt/decrypt data sent to, or received from, its C&C server. |
||
|
5.10.23 |
Operation |
ESET researchers discovered a cyberespionage campaign against a governmental entity in Guyana |
||
|
5.10.23 |
Android |
Let's dig deeper: dissecting the new Android Trojan GoldDigger with Group-IB Fraud Matrix |
||
|
5.10.23 |
CVE |
(CVSS score: 7.0) - Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability |
||
|
5.10.23 |
CVE |
(CVSS score: 9.8) - JetBrains TeamCity Authentication Bypass Vulnerability |
||
|
5.10.23 |
CVE |
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
||
|
5.10.23 |
CVE |
The issue was addressed with improved checks. This issue is fixed in iOS 17.0.3 and iPadOS 17.0.3. A local attacker may be able to elevate their privileges. |
||
|
5.10.23 |
CVE |
CVE-2023-22515 - Privilege Escalation Vulnerability in Confluence Data Center and Server |
||
|
5.10.23 |
iOS |
iOS exploit chain deploys LightSpy feature-rich malware |
||
|
5.10.23 |
Android |
Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41 |
||
|
5.10.23 |
Android |
Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41 |
||
|
5.10.23 |
RAT |
SeroXen is a fileless Remote Access Trojan (RAT) that excels in evading detection through both static and dynamic analysis methods |
||
|
5.10.23 |
Rootkit |
According to the author, r77 is a ring 3 rootkit that hides everything: * Files, directories * Processes & CPU usage * Registry keys & values * Services * TCP & UDP connections * Junctions, named pipes, scheduled tasks |
||
|
4.10.23 |
CVE-2022-1471 |
CVE |
(CVSS score: 9.9) - Use of an insecure version of the SnakeYAML open-source library that allows for unsafe deserialization of Java objects | |
|
4.10.23 |
CVE-2023-43654 |
CVE |
(CVSS score: 9.8) - A remote server-side request forgery (SSRF) that leads to remote code execution. | |
|
4.10.23 |
CVE |
ShellTorch: Multiple Critical Vulnerabilities in PyTorch Model Server (TorchServe) (CVSS 9.9, CVSS 9.8) Threatens Countless AI Users - Immediate Action Required |
||
|
4.10.23 |
CVE |
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. |
||
|
4.10.23 |
CVE |
(CVSS score: 9.8) - Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. |
||
|
4.10.23 |
CVE |
(CVSS score: 9.1) - Cryptographic issue in Data Modem due to improper authentication during TLS handshake. |
||
|
4.10.23 |
CVE |
(CVSS score: 9.8) - Memory corruption in Modem while processing security related configuration before AS Security Exchange. |
||
|
3.10.23 |
Authenticated Origin Pulls (mTLS) | Hacking | Hacking | When visitors request content from your domain, Cloudflare first attempts to serve content from the cache. If this attempt fails, Cloudflare sends a request — or an origin pull — back to your origin web server to get the content. |
|
3.10.23 |
Silent Skimmer | Hacking | Hacking | Silent Skimmer: Online Payment Scraping Campaign Shifts Targets From APAC to NALA |
|
3.10.23 |
CVE-2023-34970 |
CVE |
A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system's memory is carefully prepared by the user, then this, in turn, could give them access to already freed memory. | |
|
3.10.23 |
CVE-2023-33200 |
CVE |
A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system's memory is carefully prepared by the user, then this in turn could give them access to already freed memory. | |
|
3.10.23 |
CVE-2023-4211 |
CVE |
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. | |
|
3.10.23 |
CVE |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
||
|
3.10.23 |
CVE |
Microsoft SharePoint Server Elevation of Privilege Vulnerability |
||
|
3.10.23 |
CVE |
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. |
||
|
3.10.23 |
Stealer |
The report delves into the intricate workings of “The-Murk-Stealer,” a malicious tool that can discreetly infiltrate systems to collect sensitive information. |
||
|
3.10.23 |
Stealer |
Agniane Stealer fraudulently takes credentials, system information, and session details from browsers, tokens, and file transferring tools. |
||
|
3.10.23 |
Droper |
One of the most exciting aspects of malware analysis is coming across a family that is new or rare to the reversing community. |
||
|
3.10.23 |
Loader |
BunnyLoader, the newest Malware-as-a-Service |
||
|
3.10.23 |
Android |
According to cyware, Zanubis malware pretends to be a malicious PDF application. The threat actor uses it as a key to decrypt responses received from the C2 server. |
||
| 1.10.23 | The Week in Ransomware - September 29th 2023 - Dark Angels | Ransom | Ransom | This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed. |
| 1.10.23 | SideTwist | Malware | Backdoor | APT34 Unleashes New Wave of Phishing Attack with Variant of SideTwist Trojan |
| 1.10.23 | Flagpro | Malware | Backdoor | According to PICUS, Flagpro is malware that collects information from the victim and executes commands in the victim’s environment. It targets Japan, Taiwan, and English-speaking countries. When a victim is infected with Flagpro malware, the malware can do the following: |
| 1.10.23 | ASMCrypt | Malware | Crypt | As long as cybercriminals want to make money, they’ll keep making malware, and as long as they keep making malware, we’ll keep analyzing it, publishing reports and providing protection. |
| 1.10.23 | ZeroFont phishing technique | Hacking | Phishing | ZeroFont phishing technique |
| 1.10.23 | CVE-2023-20262 |
CVE |
(CVSS score: 5.3) - Denial-of-Service Vulnerability | |
| 1.10.23 | CVE-2023-20254 |
CVE |
(CVSS score: 7.2) - Authorization Bypass Vulnerability | |
| 1.10.23 | CVE-2023-20034 |
CVE |
(CVSS score: 7.5) - Information Disclosure Vulnerability | |
| 1.10.23 | CVE-2023-20253 |
CVE |
(CVSS score: 8.4) - Unauthorized Configuration Rollback Vulnerability | |
| 1.10.23 | CVE-2023-20252 |
CVE |
(CVSS score: 9.8) - Unauthorized Access Vulnerability | |
| 1.10.23 | CVE-2023-20109 |
CVE |
A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. | |