January(137)  February(207)  March(430) April(242)

DATE

NAME

CATEGORY

SUBCATE

INFO

31.1.24Ricoh Printer - Directory and File Exposure

Exploit

RemoteHardware
31.1.24PHP Shopping Cart 4.2 - Multiple-SQLi

Exploit

WebAppsPHP
31.1.24Fundraising Script 1.0 - SQLi

Exploit

WebAppsPHP
31.1.24Typora v1.7.4 - OS Command Injection

Exploit

LocalWindows
31.1.24Bank Locker Management System - SQL Injection

Exploit

WebAppsPHP
31.1.24Blood Bank & Donor Management System using v2.2 - Stored XSS

Exploit

RemotePHP
31.1.24Equipment Rental Script-1.0 - SQLi

Exploit

RemotePHP
31.1.247 Sticky Notes v1.9 - OS Command InjectionExploitLocalWindows

31.1.24

2024-01-25 - DarkGate activity Malware trafficMalware trafficZip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website.

31.1.24

2024-01-23 - UltraVNC infectionMalware trafficMalware trafficZip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website.

31.1.24

GrandoreiroMalwareBanking Grandoreiro is one of the many Latin American banking trojans such as Javali, Melcoz, Casabeniero, Mekotio, and Vadokrist, primarily targeting countries like Spain, Mexico, Brazil, and Argentina.

31.1.24

CVE-2024-0402

Vulnerebility

CVE

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.

31.1.24

Mustang PandaAPTAPTStately Taurus Targets Myanmar Amidst Concerns over Military Juntaís Handling of Rebel Attacks

31.1.24

Rage StealerMalwareStealerFrom Screen Captures to Crypto wallets: Analyzing the Multi-Faceted Threat of Rage Stealer

31.1.24

Monster StealerMalwareStealerRUSSIAN STEALER LOG AGGREGATOR RELEASES FULLY NATIVE INFOSTEALER

31.1.24

ZLoader MalwareTrojanZloader: No Longer Silent in the Night

30.1.24

CVE-2024-21619

Vulnerebility

CVE

(CVSS score: 5.3) - A missing authentication vulnerability that could lead to exposure of sensitive configuration information

30.1.24

CVE-2024-21620

Vulnerebility

CVE

(CVSS score: 8.8) - A cross-site scripting (XSS) vulnerability that could lead to the execution of arbitrary commands with the target's permissions by means of a specially crafted request

30.1.24

CVE-2023-35636Vulnerebility

CVE

Microsoft Outlook Information Disclosure Vulnerability

30.1.24

NONAMERansomwareRansomwareOlder Leaks Re-Surfaces: LOCKBIT Imitator on Surface Web

30.1.24

MimusRansomwareRansomwareMimo CoinMiner and Mimus Ransomware Installed via Vulnerability Attacks

30.1.24

KuiperRansomwareRansomwareKuiper ransomware analysis: Stairwellís technical report

30.1.24

KasseikaRansomwareRansomwareThe ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood.

30.1.24

AlbabatRansomwareRansomwareOn a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community.

30.1.24

PhobosRansomwareRansomwareAnother Phobos Ransomware Variant Launches Attack Ė FAUST

29.1.24

LODEINFOMalwareBackdoorLODEINFO is a fileless malware that has been observed in campaigns that start with spear-phishing emails since December 2019.

29.1.24

CVE-2024-23897

Vulnerebility

CVE

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

29.1.24

SystemBCMalwareTrojanInside the SYSTEMBC Command-and-Control Server

29.1.24

CVE-2024-20253

Vulnerebility

CVE

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

29.1.24

Midnight BlizzardAPTAPTMidnight Blizzard: Guidance for responders on nation-state attack

29.1.24

AllaKore RATMalwareRATAllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development.

29.1.24

KasseikaRansomwareRansomwareKasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver 

29.1.24

CherryLoaderMalwareGO baseCherryLoader: A New Go-based Loader Discovered in Recent Intrusions

29.1.24

MavenGateAttackSupply chainAndroid, Java apps susceptible to novel MavenGate software supply chain attack technique

29.1.24

RokRATMalwareRATIt is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents.

29.1.24

CVE-2024-23222

Vulnerebility

CVE

A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3.

29.1.24

CVE-2023-22527

Vulnerebility

CVE

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance.

29.1.24

ZuRuMalwareMacOSA malware that was observed being embedded alongside legitimate applications (such as iTerm2) offered for download on suspicious websites pushed in search engines. It uses a Python script to perform reconnaissance on the compromised system an pulls additional payload(s).

29.1.24

GluptebaMalwareCryptominingGlupteba is a trojan horse malware that is one of the top ten malware variants of 2021. After infecting a system, the Glupteba malware can be used to deliver additional malware, steal user authentication information, and enroll the infected system in a cryptomining botnet.

29.1.24

WhiteSnake Stealer MalwarePythonInfo Stealing Packages Hidden in PyPI
21.1.24CVE-2023-20867

Vulnerebility

CVE

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
21.1.24CVE-2023-34048

Vulnerebility

CVE

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

20.1.24

GPU kernel implementations susceptible to memory leakAlertAlertGeneral-purpose graphics processing unit (GPGPU) platforms from AMD, Apple, and Qualcomm fail to adequately isolate process memory, thereby enabling a local attacker to read memory from other processes.

20.1.24

SMTP end-of-data uncertainty can be abused to spoof emails and bypass policiesAlertAlertA vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences (essentially the end of a single email message) in mail messages.

20.1.24

Vulnerabilities in EDK2 NetworkPkg IP stack implementation.AlertAlertMultiple vulnerabilities were discovered in the TCP/IP stack (NetworkPkg) of Tianocore EDKII, an open source implementation of Unified Extensible Firmware Interface (UEFI).

20.1.24

Brute Force: Password SprayingAttackBrute ForceAdversaries may use a single or small list of commonly used passwords against many different accounts to attempt to acquire valid account credentials.

20.1.24

WasabiSeedMalwareVBSScreentime: Sometimes It Feels Like Somebody's Watching Me

20.1.24

TA866 GroupCampaignSecurity Brief: TA866 Returns with a Large Email Campaign

19.1.24

ZuRu

Malware

OSX

Jamf Threat Labs discovers new malware embedded in pirated applications

19.1.24

CVE-2023-35078

Vulnerebility

CVE

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

19.1.24

CVE-2023-35082

Vulnerebility

CVE

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

19.1.24

XMRig

Cryptocurrency

Cryptocurrency

Containerised Clicks: Malicious use of 9hits on vulnerable docker hosts

19.1.24

COLDRIVERGroupGroupRussian threat group COLDRIVER expands its targeting of Western officials to include the use of malware

19.1.24

CVE-2023-45229

Vulnerebility

CVE

(CVSS score: 6.5) - Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message

19.1.24

CVE-2023-45230

Vulnerebility

CVE

(CVSS score: 8.3) - Buffer overflow in the DHCPv6 client via a long Server ID option
CVE-2023-45231 (

19.1.24

CVE-2023-45231

Vulnerebility

CVE

(CVSS score: 6.5) - Out-of-bounds read when handling a ND Redirect message with truncated options

19.1.24

CVE-2023-45232

Vulnerebility

CVE

(CVSS score: 7.5) - Infinite loop when parsing unknown options in the Destination Options header

19.1.24

CVE-2023-45233

Vulnerebility

CVE

(CVSS score: 7.5) - Infinite loop when parsing a PadN option in the Destination Options header

19.1.24

CVE-2023-45234

Vulnerebility

CVE

(CVSS score: 8.3) - Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message

19.1.24

CVE-2023-45235

Vulnerebility

CVE

(CVSS score: 8.3) - Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message

19.1.24

CVE-2023-45236

Vulnerebility

CVE

(CVSS score: 5.8) - Predictable TCP Initial Sequence Numbers

19.1.24

CVE-2023-45237

Vulnerebility

CVE

(CVSS score: 5.3) - Use of a weak pseudorandom number generator

18.1.24

Mind SandstormCampaignCampaignNew TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs

18.1.24

Android-based PAX POS

Vulnerebility

CVE

Banking companies worldwide are finally shifting away from custom-made Point of Sale (POS) devices towards the wildly adopted and battle-tested Android operating system.

18.1.24

CVE-2017-9841

Vulnerebility

CVE

(PHP Unit Command)

18.1.24

CVE-2021-41773

Vulnerebility

CVE

(Apache HTTP Server versions), and

18.1.24

CVE-2018-15133

Vulnerebility

CVE

(Laravel applications)

18.1.24

AndroxGh0stMalwareAndroidCISA and FBI Release Known IOCs Associated with Androxgh0st Malware

18.1.24

iShutdown HackingiOSA lightweight method to detect potential iOS malware

18.1.24

CVE-2024-0507

Vulnerebility

CVE

An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console.

18.1.24

CVE-2024-0200

Vulnerebility

CVE

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution.

17.1.24

CVE-2023-22527

Vulnerebility

CVE

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance.

17.1.24

CVE-2023-34063 

Vulnerebility

CVE

VMware Aria Automation (formerly vRealize Automation) updates address a Missing Access Control vulnerability (CVE-2023-34063)

17.1.24

CVE-2023-4966

Vulnerebility

CVE

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.

17.1.24

CVE-2023-3519

Vulnerebility

CVE

Unauthenticated remote code execution

17.1.24

CVE-2023-6549

Vulnerebility

CVE

(CVSS score: 8.2) - Denial-of-service (requires that the appliance be configured as a Gateway or authorization and accounting, or AAA, virtual server)

17.1.24

CVE-2023-6548

Vulnerebility

CVE

(CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management interface access)

17.1.24

CVE-2024-0519

Vulnerebility

CVE

Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but havenít yet fixed.

17.1.24

CVE-2022-22274

Vulnerebility

CVE

(CVSS score: 9.4) - A stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote, unauthenticated attacker to cause DoS or potentially result in code execution in the firewall.

17.1.24

CVE-2023-0656 

Vulnerebility

CVE

(CVSS score: 7.5) - A stack-based buffer overflow vulnerability in the SonicOS allows a remote, unauthenticated attacker to cause DoS, which could result in a crash.

17.1.24

Remcos RATMalwareRATRemcos RAT Being Distributed via Webhards

16.1.24

Phemedrone MalwareStealerCVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

16.1.24

CVE-2023-36025 

Vulnerebility

CVE

Windows SmartScreen Security Feature Bypass Vulnerability

15.1.24

CVE-2023-49722

Vulnerebility

CVE

(CVSS score: 8.3), the high-severity vulnerability was addressed by Bosch in November 2023.

14.1.24

CVE-2023-28771

Vulnerebility

CVE

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.

13.1.24

CVE-2024-21611

Vulnerebility

CVE

A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

13.1.24

CVE-2024-21591

Vulnerebility

CVE

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.

12.1.24

MedusaRansomwareRansomwareMedusa Ransomware Turning Your Files into Stone

12.1.24

Hadoop attack flowAttackApacheApache Applications Targeted by Stealthy Attacker

12.1.24

CVE-2023-24955

Vulnerebility

CVE

Microsoft SharePoint Server Remote Code Execution Vulnerability

12.1.24

CVE-2023-29357

Vulnerebility

CVE

Microsoft SharePoint Server Elevation of Privilege Vulnerability

12.1.24

Flying Under the Radar: Abusing GitHub for Malicious InfrastructureKNIHOVNAReportsGitHub's services are frequently abused both by cybercriminals and advanced persistent threats (APTs) for a wide range of malicious infrastructure schemes.

12.1.24

CVE-2023-51467

Vulnerebility

CVE

The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code

12.1.24

CVE-2023-49070

Vulnerebility

CVE

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10

12.1.24

CVE-2023-51467

Vulnerebility

CVE

The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code

12.1.24

FBot MalwareLinuxExploring FBot | Python-Based Malware Targeting Cloud and Payment Services

11.1.24

AMOSMalwareosxMac users targeted in new malvertising campaign delivering Atomic Stealer

11.1.24

CVE-2023-46805

Vulnerebility

CVE

(CVSS score: 8.2) - An authentication bypass vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

11.1.24

CVE-2024-21887

Vulnerebility

CVE

(CVSS score: 9.1) - A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

11.1.24

CVE-2024-20287

Vulnerebility

CVE

A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device.

11.1.24

CVE-2024-20272

Vulnerebility

CVE

This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data.

11.1.24

NoaBot MalwareBotYou Had Me at Hi ó Mirai-Based NoaBot Makes an Appearance

10.1.24

Babuk RansomwareAnti-ToolBabuk is a Russian ransomware. In September 2021, the source code leaked with some of the decryption keys. Victims can decrypt their files for free.

10.1.24

CVE-2024-20677

Vulnerebility

CVE

Microsoft Office Remote Code Execution Vulnerability

10.1.24

CVE-2024-0056

Vulnerebility

CVE

(CVSS score: 8.7), a security bypass affecting System.Data.SqlClient and Microsoft.Data.SqlClient.

10.1.24

CVE-2024-20653

Vulnerebility

CVE

(CVSS score: 7.8), a privilege escalation flaw impacting the Common Log File System (CLFS) driver

10.1.24

CVE-2024-20674 

Vulnerebility

CVE

(CVSS score: 9.0) - Windows Kerberos Security Feature Bypass Vulnerability

10.1.24

CVE-2024-20700 

Vulnerebility

CVE

(CVSS score: 7.5) - Windows Hyper-V Remote Code Execution Vulnerability

10.1.24

CVE-2023-27524

Vulnerebility

CVE

(CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.

10.1.24

CVE-2023-23752

Vulnerebility

CVE

(CVSS score: 5.3) - Joomla! Improper Access Control Vulnerability

10.1.24

CVE-2016-20017

Vulnerebility

CVE

(CVSS score: 9.8) - D-Link DSL-2750B Devices Command Injection Vulnerability

10.1.24

CVE-2023-41990

Vulnerebility

CVE

(CVSS score: 7.8) - Apple Multiple Products Code Execution Vulnerability

10.1.24

CVE-2023-29300

Vulnerebility

CVE

(CVSS score: 9.8) - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

10.1.24

CVE-2023-38203

Vulnerebility

CVE

(CVSS score: 9.8) - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

10.1.24

PikaBot

Malware

Loader

Introducing Pikabot, an emerging malware family that comprises a downloader/installer, a loader, and a core backdoor component.

10.1.24

DB#JAMMER

Campaign

Campaign

Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware

10.1.24

RE#TURGENCE

Operation

Operation

Securonix Threat Research Security Advisory: New RE#TURGENCE Attack Campaign: Turkish Hackers Target MSSQL Servers to Deliver Domain-Wide MIMIC Ransomware

9.1.24

CVE-2023-47559

Vulnerebility

CVE

A cross-site scripting (XSS) vulnerability in QuMagie that could allow authenticated users to inject malicious code via a network (Addressed in QuMagie 2.2.1 and later)

9.1.24

CVE-2023-47560

Vulnerebility

CVE

An operating system command injection vulnerability in QuMagie that could allow authenticated users to execute commands via a network (Addressed in QuMagie 2.2.1 and later)

9.1.24

CVE-2023-41287

Vulnerebility

CVE

An SQL injection vulnerability in Video Station that could allow users to inject malicious code via a network (Addressed in Video Station 5.7.2 and later)

9.1.24

CVE-2023-41288

Vulnerebility

CVE

An operating system command injection vulnerability in Video Station that could allow users to execute commands via a network (Addressed in Video Station 5.7.2 and later)

9.1.24

CVE-2022-43634

Vulnerebility

CVE

An unauthenticated remote code execution vulnerability in Netatalk that could allow attackers to execute arbitrary code (Addressed in QTS 5.1.3.2578 build 20231110 and QuTS hero h5.1.3.2578 build 20231110)

9.1.24

Lumma StealerMalwareStealerDeceptive Cracked Software Spreads Lumma Variant on YouTube

9.1.24

Silver RATMalwareRATA GAMER TURNED MALWARE DEVELOPER : DIVING INTO SILVERRAT AND ITíS SYRIAN ROOTS

6.1.24

SpectralBlurMalwaremacOSToday will be a quick post on a TA444 (aka Sapphire Sleet, BLUENOROFF, STARDUST CHOLLIMA) Macho family tracked as SpectralBlur we found in August, and how finding it led us to stumble upon an early iteration of KANDYKORN (aka SockRacket). Please read Elasticís EXCELLENT piece on that family.

6.1.24

No-JusticeMalwareWipperWiper attack on Albania by Iranian APT

5.1.24

KyivstarIncidentIncidentExclusive: Russian hackers were inside Ukraine telecoms giant for months

5.1.24

CVE-2023-39336

Vulnerebility

CVE

Win32k Elevation of Privilege Vulnerability

5.1.24

Bandook RATMalwareRATBandook - A Persistent Threat That Keeps Evolving

5.1.24

Remcos RATMalwareRATUkraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion

3.1.24

WhiteSnake Stealer

Malware

Stealer

WhiteSnake Stealer malware sample on MalwareBazaar

3.1.24

RisePro

Malware

Stealer

RisePro is a stealer that is spread through downloaders like win.privateloader. Once executed on a system, the malware can steal credit card information, passwords, and personal data.

3.1.24

SMTP Smuggling - Spoofing E-Mails WorldwideHackingSPAMIn the course of a research project in collaboration with the SEC Consult Vulnerability Lab, Timo Longin (@timolongin) - known for his DNS protocol attacks - discovered a novel exploitation technique for yet another Internet protocol - SMTP (Simple Mail Transfer Protocol). Threat actors could abuse vulnerable SMTP servers worldwide to send malicious e-mails from arbitrary e-mail addresses, allowing targeted phishing attacks. Due to the nature of the exploit itself, this type of vulnerability was dubbed SMTP smuggling. Multiple 0-days were discovered, and various vendors were notified during our responsible disclosure in 2023.

1.1.24

Hijack Execution Flow: DLL Search Order HijackingHackingDLLAdversaries may execute their own malicious payloads by hijacking the search order used to load DLLs. Windows systems use a common method to look for required DLLs to load into a program.Hijacking DLL loads may be for the purpose of establishing persistence as well as elevating privileges and/or evading restrictions on file execution.

1.1.24

CVE-2023-48795

Vulnerebility

CVE

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.

1.1.24

Terrapin Attack

Attack

SSH

Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation

1.1.24

Medusa Stealer

Malware

Stealer

On Christmas Eve, Resecurity's HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2).

1.1.24

Jinx

Malware

Stealer

Jinx Ė Malware 2.0 We know itís big, we measured it!