January(137) February(207) March(430) April(317) May(278) June(186)
|
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
|
28.2.24 |
Stealer |
Pony (also known as Fareit or Siplog) is a malware categorized as a loader and stealer, although it is also used as a botnet, being a tool that has been used for more than 10 years and is still in use. |
||
|
28.2.24 |
Backdoor |
New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group |
||
|
28.2.24 |
Russian Cyber Actors Use Compromised Routers to |
REPORT |
Actions EdgeRouter network defenders and users should implement to protect against APT28 activity |
|
|
28.2.24 |
Stealer |
When Stealers Converge: New Variant of Atomic Stealer in the Wild |
||
|
28.2.24 |
Banking |
According to ESET Research, Mispadu is an ambitious Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers. |
||
|
28.2.24 |
Linux |
Modular malware framework targeting SOHO network devices |
||
|
28.2.24 |
Loader |
Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus |
||
|
28.2.24 |
CVE |
Microsoft Outlook Elevation of Privilege Vulnerability |
||
|
28.2.24 |
APT |
SVR cyber actors adapt tactics for initial cloud access |
||
|
28.2.24 |
CVE |
4 Million WordPress Sites affected by Stored Cross-Site Scripting Vulnerability in LiteSpeed Cache Plugin |
||
|
28.2.24 |
RAT |
Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant) |
||
|
28.2.24 |
CVE |
A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. |
||
|
27.2.24 |
CVE |
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. |
||
|
27.2.24 |
CVE |
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild. |
||
|
27.2.24 |
Loader |
Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering Remcos RAT to a Ukraine Entity in Finland |
||
|
27.2.24 |
SPAM |
“SubdoMailing” — Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails |
||
|
27.2.24 |
Stealer |
DarkVNC is a hidden utility based on the Virtual Network Computing (VNC) technology, initially promoted on an Exploit forum in 2016. |
||
|
27.2.24 |
RAT |
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware. |
||
|
27.2.24 |
RAT |
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware. |
||
|
27.2.24 |
Banking |
Ousaban: LATAM Banking Malware Abusing Cloud Services |
||
|
27.2.24 |
Banking |
Tweet on recent Mekotio Banker campaign |
||
|
27.2.24 |
Banking |
First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques. |
||
|
25.2.24 |
||||
|
25.2.24 |
||||
|
25.2.24 |
||||
|
25.2.24 |
||||
|
25.2.24 |
||||
|
25.2.24 |
||||
|
25.2.24 |
Microsoft Windows Defender Bypass - Detection Mitigation Bypass |
|||
|
25.2.24 |
||||
|
25.2.24 |
||||
|
25.2.24 |
||||
|
25.2.24 |
||||
|
25.2.24 |
||||
|
25.2.24 |
Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over |
|||
|
25.2.24 |
ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure |
|||
|
25.2.24 |
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service |
|||
|
25.2.24 |
||||
|
25.2.24 |
Ransomware |
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations. |
||
|
23.2.24 |
CVE |
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user. |
||
|
23.2.24 |
Crypto |
Crypto |
iMessage with PQ3: The new state of the art in quantum-secure messaging at scale |
|
|
22.2.24 |
Worm |
SSH-Snake: New Self-Modifying Worm Threatens Networks |
||
|
22.2.24 |
RAT |
To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer |
||
|
22.2.24 |
CVE |
The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key. |
||
|
22.2.24 |
CVE |
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. |
||
|
21.2.24 |
Stealer |
Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats |
||
|
21.2.24 |
Campaign |
CHINESE THREAT ACTORS TARGETING EUROPE IN SMUGX CAMPAIGN |
||
|
21.2.24 |
Operation |
Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war |
||
|
21.2.24 |
Stealer |
Extra credit: VietCredCare information stealer takes aim at Vietnamese businesses |
||
|
21.2.24 |
Campaign |
Earth Preta Campaign Uses DOPLUGS to Target Asia |
||
|
21.2.24 |
CVE |
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system. |
||
|
21.2.24 |
CVE |
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs). |
||
|
21.2.24 |
Miner |
Migo - a Redis Miner with Novel System Weakening Techniques |
||
|
21.2.24 |
Backdoor |
Sysjoker is a backdoor malware that was first discovered in December 2021 by Intezer. |
||
|
21.2.24 |
Wipper |
According to Security Joes, this malware is an x64 ELF executable, lacking obfuscation or protective measures. It allows attackers to specify target folders and can potentially destroy an entire operating system if run with root permissions. |
||
|
21.2.24 |
REPORT |
Israel-Hamas War in Cyber |
||
|
21.2.24 |
CVE |
CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6. |
||
|
19.2.24 |
Android |
Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach |
||
|
19.2.24 |
Group |
Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign |
||
|
19.2.24 |
Backdoor |
Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers. |
||
|
18.2.24 |
Stealer |
Raccoon Stealer v2 – Part 1: The return of the dead |
||
|
18.2.24 |
Stealer |
An info stealer is malicious software (malware) that seeks to steal private data from a compromised device, including passwords, cookies, autofill information from browsers, and cryptocurrency wallet information. |
||
|
17.2.24 |
Backdoor |
According to CERT-UA, this malware makes use of XSLT (Extensible Stylesheet Language Transformations) and COM-hijacking. Its specificity is the presence of a server part, which is usually installed on compromised MS Exchange servers in the form of a MOF (Managed Object Format) file using the Desired State Configuration (DCS) PowerShell tool), effectively turning a legitimate server into a malware control center. |
||
|
17.2.24 |
Backdoor |
TinyTurla Next Generation - Turla APT spies on Polish NGOs |
||
|
17.2.24 |
CVE |
FLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING |
||
|
17.2.24 |
iOS |
Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows |
||
|
17.2.24 |
Loader |
This malware is delivered by an ISO file, with an DLL inside with a custom loader. Because of the unique user-agent "bumblebee" this malware was dubbed BUMBLEBEE. At the time of Analysis by Google's Threat Analysis Group (TAG) BumbleBee was observed to fetch Cobalt Strike Payloads. |
||
|
17.2.24 |
APT |
Water Hydra’s Zero-Day Attack Chain Targets Financial Traders |
||
|
17.2.24 |
CVE |
Internet Shortcut Files Security Feature Bypass Vulnerability |
||
|
17.2.24 |
Loader |
CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day |
||
|
17.2.24 |
CVE |
(CVSS score: 6.5) - Windows Hyper-V Denial of Service Vulnerability |
||
|
17.2.24 |
CVE |
(CVSS score: 7.5) - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
||
|
17.2.24 |
CVE |
(CVSS score: 8.0) - Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability |
||
|
17.2.24 |
CVE |
(CVSS score: 9.8) - Microsoft Exchange Server Elevation of Privilege Vulnerability |
||
|
17.2.24 |
CVE |
(CVSS score: 9.8) - Microsoft Outlook Remote Code Execution Vulnerability |
||
|
17.2.24 |
CVE |
(CVSS score: 8.1) - Internet Shortcut Files Security Feature Bypass Vulnerability |
||
|
17.2.24 |
CVE |
(CVSS score: 7.6) - Windows SmartScreen Security Feature Bypass Vulnerability |
||
|
17.2.24 |
BOTNET |
Diving Into Glupteba's UEFI Bootkit |
||
|
17.2.24 |
Bootkit |
Diving Into Glupteba's UEFI Bootkit |
||
|
17.2.24 |
Loader |
Pikabot is a malware loader that originally emerged in early 2023. Over the past year, ThreatLabz has been tracking the development of Pikabot and its modus operandi. |
||
|
17.2.24 |
CVE |
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. |
||
|
17.2.24 |
Backdoor |
Ivanti Connect Secure: Journey to the core of the DSLog backdoor |
||
|
17.2.24 |
CVE |
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. |
||
|
17.2.24 |
Ransomware |
Akira Ransomware and Exploitation of Cisco Anyconnect Vulnerability CVE-2020-3259 |
||
|
17.2.24 |
CVE |
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. |
||
|
17.2.24 |
macOS |
New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group |
||
|
17.2.24 |
Spam |
SNS Sender | Active Campaigns Unleash Messaging Spam Through the Cloud |
||
|
12.2.24 |
Anti-Ransom tool |
Korea Internet & Security Agency (KISA) distribuuje nastroj pro obnovu ransomwaru Rhysida. |
||
|
12.2.24 |
RAT |
The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT. |
||
|
10.2.24 |
Backdoor |
New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group |
||
|
10.2.24 |
Worm |
RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYS |
||
|
10.2.24 |
||||
|
10.2.24 |
||||
|
10.2.24 |
||||
|
10.2.24 |
Wordpress Augmented-Reality - Remote Code Execution Unauthenticated |
|||
|
10.2.24 |
||||
|
10.2.24 |
||||
|
10.2.24 |
Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated) |
|||
|
10.2.24 |
||||
|
10.2.24 |
||||
|
10.2.24 |
||||
|
10.2.24 |
||||
|
10.2.24 |
||||
|
10.2.24 |
Clinic's Patient Management System 1.0 - Unauthenticated RCE |
|||
|
10.2.24 |
Curfew e-Pass Management System 1.0 - FromDate SQL Injection |
|||
|
10.2.24 |
GYM MS - GYM Management System - Cross Site Scripting (Stored) |
|||
|
9.2.24 |
Android |
MoqHao evolution: New variants start automatically right after installation |
||
|
9.2.24 |
Banking |
Coyote: A multi-stage banking Trojan abusing the Squirrel installer |
||
|
9.2.24 |
CVE |
FortiOS - Out-of-bound Write in sslvpnd |
||
|
9.2.24 |
CVE |
CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure |
||
|
9.2.24 |
Backdoor |
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization |
||
|
8.2.24 |
Loader |
HijackLoader Expands Techniques to Improve Defense Evasion |
||
|
8.2.24 |
Stealer |
Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer |
||
|
8.2.24 |
CVE |
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. |
||
|
8.2.24 |
CVE |
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. |
||
|
8.2.24 |
CVE |
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. |
||
|
8.2.24 |
CVE |
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. |
||
|
8.2.24 |
CVE |
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. |
||
|
8.2.24 |
CVE |
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. |
||
|
8.2.24 |
CVE |
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. |
||
|
8.2.24 |
CVE |
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. |
||
|
8.2.24 |
CVE |
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. |
||
|
8.2.24 |
CVE |
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. |
||
|
8.2.24 |
BOTNET |
KV-Botnet: Don’t Call It A Comeback |
||
|
7.2.24 |
CVE |
(CVSS score: 5.3) - Out-of-bounds read when printing error messages, resulting in a denial-of-service (DoS) condition |
||
|
7.2.24 |
CVE |
(CVSS score: 7.4) - Buffer overflow in shim when compiled for 32-bit processors that can lead to a crash or data integrity issues during the boot phase |
||
|
7.2.24 |
CVE |
(CVSS score: 5.5) - Out-of-bounds read in the authenticode function that could permit an attacker to trigger a DoS by providing a malformed binary |
||
|
7.2.24 |
CVE |
(CVSS score: 5.5) - Out-of-bounds read when validating Secure Boot Advanced Targeting (SBAT) information that could result in information disclosure |
||
|
7.2.24 |
CVE |
(CVSS score: 7.1) - Out-of-bounds read when parsing MZ binaries, leading to a crash or possible exposure of sensitive data |
||
|
7.2.24 |
Backdoor |
According to Mandiant, this malware family is attributed to potential chinese background and its Linux variant is related to exploitation of Fortinet's SSL-VPN (CVE-2022-42475). |
||
|
7.2.24 |
ELF |
According to Mandiant, this malware family is attributed to potential chinese background and directly related to observed exploitation of Fortinet's SSL-VPN (CVE-2022-42475). There is also a Windows variant. |
||
|
7.2.24 |
RAT |
Successful exploitation of the flaw paved the way for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server that's designed to grant persistent remote access to the compromised appliances. |
||
|
7.2.24 |
CVE |
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. |
||
|
7.2.24 |
CVE |
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible |
||
|
6.2.24 |
Stealer |
CrackedCantil: A Malware Symphony Breakdown |
||
|
6.2.24 |
Stealer |
Facebook Advertising Spreads Novel Malware Variant |
||
|
6.2.24 |
CVE |
(CVSS score: 7.2) - Azure HDInsight Apache Ambari Java Database Connectivity (JDBC) Injection Elevation of Privilege Vulnerability |
||
|
6.2.24 |
CVE |
(CVSS score: 8.8) - Azure HDInsight Apache Oozie Workflow Scheduler XML External Entity (XXE) Injection Elevation of Privilege Vulnerability |
||
|
6.2.24 |
Group |
Analysis of TTPs tied to GambleForce, which carried out SQL injection attacks against companies in the APAC region |
||
|
6.2.24 |
CVE |
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. |
||
|
6.2.24 |
CVE |
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. |
||
|
6.2.24 |
Spyware |
A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets |
||
|
6.2.24 |
Android |
Skygofree: Following in the footsteps of HackingTeam |
||
|
5.2.24 |
RAT |
ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group |
||
|
5.2.24 |
Spyware |
New spyware attacks exposed: civil society targeted in Jordan |
||
|
5.2.24 |
Loader |
This report aims to detail the functioning of a malware used by FIN7 since 2021, named DiceLoader (also known Icebot), and to provide a comprehensive approach of the threat by detailing the related Techniques... |
||
|
5.2.24 |
Stealer |
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign |
||
|
5.2.24 |
Stealer |
Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019 |
||
|
5.2.24 |
CVE |
Windows SmartScreen Security Feature Bypass Vulnerability |
||
3.2.24 |
Incident |
Thanksgiving 2023 security incident |
||
3.2.24 |
Incident |
Following indications of an incident on some of our systems, we conducted a security audit and found evidence of compromised production systems. We immediately activated a remediation and response plan involving cyber security experts CrowdStrike. The remediation plan has concluded successfully. |
||
3.2.24 |
CVE |
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. |
||
3.2.24 |
||||
3.2.24 |
Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution |
|||
3.2.24 |
Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS |
|||
3.2.24 |
Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal |
|||
3.2.24 |
Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass |
|||
3.2.24 |
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure |
|||
3.2.24 |
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure |
|||
3.2.24 |
||||
3.2.24 |
||||
3.2.24 |
||||
3.2.24 |
mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page |
|||
3.2.24 |
||||
|
3.2.24 |
Group |
The Coldriver Group, also known as Callisto and SEABORGIUM, is a threat actor known to attack government organizations, think tanks, and journalists in Europe and the Caucasus regions through spearphishing campaigns. |
||
|
3.2.24 |
Backdoor |
ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware |
||
|
3.2.24 |
CVE |
Microsoft Outlook Elevation of Privilege Vulnerability |
||
|
3.2.24 |
Group |
Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine |
||
|
3.2.24 |
Attack |
NTLM relay attacks A dangerous game of hot potato |
||
|
3.2.24 |
Group |
Malware Spotlight – Into the Trash: Analyzing LitterDrifter |
||
|
3.2.24 |
Group |
UAC-0027 Attack Detection: Hackers Target Ukrainian Organizations Using DIRTYMOE (PURPLEFOX) Malware |
||
|
3.2.24 |
Backdoor |
Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor |
||
2.2.24 |
RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC |
|||
2.2.24 |
||||
2.2.24 |
GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities |
|||
2.2.24 |
||||
2.2.24 |
||||
2.2.24 |
||||
2.2.24 |
||||
|
2.2.24 |
CyberSpy |
UNC5221: Unreported and Undetected WIREFIRE Web Shell Variant |
||
|
2.2.24 |
Botnet |
Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal |
||
|
2.2.24 |
Rootkit |
We discuss proof-of-concept rootkits and malware used by cybercriminals in conjunction with Berkeley Packet Filtering (BPF), a piece of technology that allows programs to execute code in the operating systems of popular cloud-computing platforms. We also show how to detect such threats. |
||
|
2.2.24 |
The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker |
|||
|
2.2.24 |
Group |
[Microsoft] Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises. |
||
|
2.2.24 |
HeadCrab 2.0: Evolving Threat in Redis Malware Landscape |
|||
|
2.2.24 |
CVE |
A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. |
||
|
2.2.24 |
CVE |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. |
||
|
1.2.24 |
CVE |
'Leaky Vessels' Cloud Bugs Allow Container Escapes Globally |
||
|
1.2.24 |
CVE |
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. |
||
|
1.2.24 |
CVE |
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. |
||
|
1.2.24 |
CVE |
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. |
||
|
1.2.24 |
CVE |
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. |
||
|
1.2.24 |
CVE |
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. |
||
|
1.2.24 |
Bot |
Telekopye: Hunting Mammoths using Telegram bot |
||
|
1.2.24 |
Phishing |
“Scammers Paradise” —Exploring Telegram’s Dark Markets, Breeding Ground for Modern Phishing Operations |
||
|
1.2.24 |
Python |
Evolution of UNC4990: Uncovering USB Malware's Hidden Depths |
||
|
1.2.24 |
Backdoor |
Mandiant has observed UNC4990 leverage EMPTYSPACE (also known as VETTA Loader and BrokerLoader), a downloader that can execute any payload served by the command and control (C2) server, and QUIETBOARD, which is a backdoor that was delivered using EMPTYSPACE. |
||
|
1.2.24 |
Group |
Evolution of UNC4990: Uncovering USB Malware's Hidden Depths |
||
|
1.2.24 |
Report |
2023 Adversary Infrastructure Report |
||
|
1.2.24 |
Loader |
KRUSTYLOADER - RUST MALWARE LINKED TO IVANTI CONNECTSECURE COMPROMISES |
||
|
1.2.24 |
CVE |
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. |
||
|
1.2.24 |
CVE |
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. |
||
|
1.2.24 |
CVE |
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. |
||
|
1.2.24 |
CVE |
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. |
||
|
1.2.24 |
CVE |
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. |
||
|
1.2.24 |
CVE |
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions |
||
|
|
|
|
|