January(137) February(207) March(430) April(317) May(278) June(237) July(216) August(316) September(186) October(24) November(114) December(126)
|
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
|
31.1.24 |
||||
|
31.1.24 |
||||
|
31.1.24 |
||||
|
31.1.24 |
||||
|
31.1.24 |
||||
|
31.1.24 |
Blood Bank & Donor Management System using v2.2 - Stored XSS |
|||
|
31.1.24 |
||||
|
31.1.24 |
||||
|
31.1.24 |
Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. |
Malware traffic |
||
|
31.1.24 |
Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. |
Malware traffic |
||
|
31.1.24 |
Grandoreiro is one of the many Latin American banking trojans such as Javali, Melcoz, Casabeniero, Mekotio, and Vadokrist, primarily targeting countries like Spain, Mexico, Brazil, and Argentina. |
Banking |
||
|
31.1.24 |
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. |
CVE |
||
|
31.1.24 |
Stately Taurus Targets Myanmar Amidst Concerns over Military Junta’s Handling of Rebel Attacks |
APT |
||
|
31.1.24 |
From Screen Captures to Crypto wallets: Analyzing the Multi-Faceted Threat of Rage Stealer |
Stealer |
||
|
31.1.24 |
RUSSIAN STEALER LOG AGGREGATOR RELEASES FULLY NATIVE INFOSTEALER |
Stealer |
||
|
31.1.24 |
Zloader: No Longer Silent in the Night |
Trojan |
||
|
30.1.24 |
(CVSS score: 5.3) - A missing authentication vulnerability that could lead to exposure of sensitive configuration information |
CVE |
||
|
30.1.24 |
(CVSS score: 8.8) - A cross-site scripting (XSS) vulnerability that could lead to the execution of arbitrary commands with the target's permissions by means of a specially crafted request |
CVE |
||
|
30.1.24 |
Microsoft Outlook Information Disclosure Vulnerability |
CVE |
||
|
30.1.24 |
Older Leaks Re-Surfaces: LOCKBIT Imitator on Surface Web |
Ransomware |
||
|
30.1.24 |
Mimo CoinMiner and Mimus Ransomware Installed via Vulnerability Attacks |
Ransomware |
||
|
30.1.24 |
Kuiper ransomware analysis: Stairwell’s technical report |
Ransomware |
||
|
30.1.24 |
The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. |
Ransomware |
||
|
30.1.24 |
On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. |
Ransomware |
||
|
30.1.24 |
Another Phobos Ransomware Variant Launches Attack – FAUST |
Ransomware |
||
|
29.1.24 |
LODEINFO is a fileless malware that has been observed in campaigns that start with spear-phishing emails since December 2019. |
Backdoor |
||
|
29.1.24 |
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. |
CVE |
||
|
29.1.24 |
Inside the SYSTEMBC Command-and-Control Server |
Trojan |
||
|
29.1.24 |
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. |
CVE |
||
|
29.1.24 |
Midnight Blizzard: Guidance for responders on nation-state attack |
APT |
||
|
29.1.24 |
AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development. |
RAT |
||
|
29.1.24 |
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver |
Ransomware |
||
|
29.1.24 |
CherryLoader: A New Go-based Loader Discovered in Recent Intrusions |
GO base |
||
|
29.1.24 |
Android, Java apps susceptible to novel MavenGate software supply chain attack technique |
Supply chain |
||
|
29.1.24 |
It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents. |
RAT |
||
|
29.1.24 |
A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. |
CVE |
||
|
29.1.24 |
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. |
CVE |
||
|
29.1.24 |
A malware that was observed being embedded alongside legitimate applications (such as iTerm2) offered for download on suspicious websites pushed in search engines. It uses a Python script to perform reconnaissance on the compromised system an pulls additional payload(s). |
MacOS |
||
|
29.1.24 |
Glupteba is a trojan horse malware that is one of the top ten malware variants of 2021. After infecting a system, the Glupteba malware can be used to deliver additional malware, steal user authentication information, and enroll the infected system in a cryptomining botnet. |
Cryptomining |
||
|
29.1.24 |
Info Stealing Packages Hidden in PyPI |
Python |
||
|
21.1.24 |
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. |
CVE |
||
|
21.1.24 |
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. |
CVE |
||
|
20.1.24 |
General-purpose graphics processing unit (GPGPU) platforms from AMD, Apple, and Qualcomm fail to adequately isolate process memory, thereby enabling a local attacker to read memory from other processes. |
Alert |
||
|
20.1.24 |
SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies |
A vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences (essentially the end of a single email message) in mail messages. |
Alert |
|
|
20.1.24 |
Multiple vulnerabilities were discovered in the TCP/IP stack (NetworkPkg) of Tianocore EDKII, an open source implementation of Unified Extensible Firmware Interface (UEFI). |
Alert |
||
|
20.1.24 |
Adversaries may use a single or small list of commonly used passwords against many different accounts to attempt to acquire valid account credentials. |
Brute Force |
||
|
20.1.24 |
Screentime: Sometimes It Feels Like Somebody's Watching Me |
VBS |
||
|
20.1.24 |
Security Brief: TA866 Returns with a Large Email Campaign |
|||
|
19.1.24 |
Jamf Threat Labs discovers new malware embedded in pirated applications |
OSX |
||
|
19.1.24 |
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. |
CVE |
||
|
19.1.24 |
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. |
CVE |
||
|
19.1.24 |
Containerised Clicks: Malicious use of 9hits on vulnerable docker hosts |
Cryptocurrency |
||
|
19.1.24 |
Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware |
Group |
||
|
19.1.24 |
(CVSS score: 6.5) - Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message |
CVE |
||
|
19.1.24 |
(CVSS score: 8.3) - Buffer overflow in the DHCPv6 client
via a long Server ID option |
CVE |
||
|
19.1.24 |
(CVSS score: 6.5) - Out-of-bounds read when handling a ND Redirect message with truncated options |
CVE |
||
|
19.1.24 |
(CVSS score: 7.5) - Infinite loop when parsing unknown options in the Destination Options header |
CVE |
||
|
19.1.24 |
(CVSS score: 7.5) - Infinite loop when parsing a PadN option in the Destination Options header |
CVE |
||
|
19.1.24 |
(CVSS score: 8.3) - Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message |
CVE |
||
|
19.1.24 |
(CVSS score: 8.3) - Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message |
CVE |
||
|
19.1.24 |
(CVSS score: 5.8) - Predictable TCP Initial Sequence Numbers |
CVE |
||
|
19.1.24 |
(CVSS score: 5.3) - Use of a weak pseudorandom number generator |
CVE |
||
|
18.1.24 |
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs |
Campaign |
||
|
18.1.24 |
Banking companies worldwide are finally shifting away from custom-made Point of Sale (POS) devices towards the wildly adopted and battle-tested Android operating system. |
CVE |
||
|
18.1.24 |
(PHP Unit Command) |
CVE |
||
|
18.1.24 |
(Apache HTTP Server versions), and |
CVE |
||
|
18.1.24 |
(Laravel applications) |
CVE |
||
|
18.1.24 |
CISA and FBI Release Known IOCs Associated with Androxgh0st Malware |
Android |
||
|
18.1.24 |
A lightweight method to detect potential iOS malware |
iOS |
||
|
18.1.24 |
An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. |
CVE |
||
|
18.1.24 |
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. |
CVE |
||
|
17.1.24 |
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. |
CVE |
||
|
17.1.24 |
VMware Aria Automation (formerly vRealize Automation) updates address a Missing Access Control vulnerability (CVE-2023-34063) |
CVE |
||
|
17.1.24 |
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. |
CVE |
||
|
17.1.24 |
Unauthenticated remote code execution |
CVE |
||
|
17.1.24 |
(CVSS score: 8.2) - Denial-of-service (requires that the appliance be configured as a Gateway or authorization and accounting, or AAA, virtual server) |
CVE |
||
|
17.1.24 |
(CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management interface access) |
CVE |
||
|
17.1.24 |
Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. |
CVE |
||
|
17.1.24 |
(CVSS score: 9.4) - A stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote, unauthenticated attacker to cause DoS or potentially result in code execution in the firewall. |
CVE |
||
|
17.1.24 |
(CVSS score: 7.5) - A stack-based buffer overflow vulnerability in the SonicOS allows a remote, unauthenticated attacker to cause DoS, which could result in a crash. |
CVE |
||
|
17.1.24 |
Remcos RAT Being Distributed via Webhards |
RAT |
||
|
16.1.24 |
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign |
Stealer |
||
|
16.1.24 |
Windows SmartScreen Security Feature Bypass Vulnerability |
CVE |
||
|
15.1.24 |
(CVSS score: 8.3), the high-severity vulnerability was addressed by Bosch in November 2023. |
CVE |
||
|
14.1.24 |
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device. |
CVE |
||
|
13.1.24 |
A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). |
CVE |
||
|
13.1.24 |
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. |
CVE |
||
|
12.1.24 |
Medusa Ransomware Turning Your Files into Stone |
Ransomware |
||
|
12.1.24 |
Apache Applications Targeted by Stealthy Attacker |
Apache |
||
|
12.1.24 |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
CVE |
||
|
12.1.24 |
Microsoft SharePoint Server Elevation of Privilege Vulnerability |
CVE |
||
|
12.1.24 |
Flying Under the Radar: Abusing GitHub for Malicious Infrastructure |
GitHub's services are frequently abused both by cybercriminals and advanced persistent threats (APTs) for a wide range of malicious infrastructure schemes. |
Reports |
|
|
12.1.24 |
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code |
CVE |
||
|
12.1.24 |
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 |
CVE |
||
|
12.1.24 |
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code |
CVE |
||
|
12.1.24 |
Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services |
Linux |
||
|
11.1.24 |
Mac users targeted in new malvertising campaign delivering Atomic Stealer |
osx |
||
|
11.1.24 |
(CVSS score: 8.2) - An authentication bypass vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. |
CVE |
||
|
11.1.24 |
(CVSS score: 9.1) - A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. |
CVE |
||
|
11.1.24 |
A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. |
CVE |
||
|
11.1.24 |
This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. |
CVE |
||
|
11.1.24 |
You Had Me at Hi — Mirai-Based NoaBot Makes an Appearance |
Bot |
||
|
10.1.24 |
Babuk is a Russian ransomware. In September 2021, the source code leaked with some of the decryption keys. Victims can decrypt their files for free. |
Anti-Tool |
||
|
10.1.24 |
Microsoft Office Remote Code Execution Vulnerability |
CVE |
||
|
10.1.24 |
(CVSS score: 8.7), a security bypass affecting System.Data.SqlClient and Microsoft.Data.SqlClient. |
CVE |
||
|
10.1.24 |
(CVSS score: 7.8), a privilege escalation flaw impacting the Common Log File System (CLFS) driver |
CVE |
||
|
10.1.24 |
(CVSS score: 9.0) - Windows Kerberos Security Feature Bypass Vulnerability |
CVE |
||
|
10.1.24 |
(CVSS score: 7.5) - Windows Hyper-V Remote Code Execution Vulnerability |
CVE |
||
|
10.1.24 |
(CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution. |
CVE |
||
|
10.1.24 |
(CVSS score: 5.3) - Joomla! Improper Access Control Vulnerability |
CVE |
||
|
10.1.24 |
(CVSS score: 9.8) - D-Link DSL-2750B Devices Command Injection Vulnerability |
CVE |
||
|
10.1.24 |
(CVSS score: 7.8) - Apple Multiple Products Code Execution Vulnerability |
CVE |
||
|
10.1.24 |
(CVSS score: 9.8) - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
CVE |
||
|
10.1.24 |
(CVSS score: 9.8) - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability |
CVE |
||
|
10.1.24 |
Introducing Pikabot, an emerging malware family that comprises a downloader/installer, a loader, and a core backdoor component. |
Loader |
||
|
10.1.24 |
Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware |
Campaign |
||
|
10.1.24 |
Securonix Threat Research Security Advisory: New RE#TURGENCE Attack Campaign: Turkish Hackers Target MSSQL Servers to Deliver Domain-Wide MIMIC Ransomware |
Operation |
||
|
9.1.24 |
A cross-site scripting (XSS) vulnerability in QuMagie that could allow authenticated users to inject malicious code via a network (Addressed in QuMagie 2.2.1 and later) |
CVE |
||
|
9.1.24 |
An operating system command injection vulnerability in QuMagie that could allow authenticated users to execute commands via a network (Addressed in QuMagie 2.2.1 and later) |
CVE |
||
|
9.1.24 |
An SQL injection vulnerability in Video Station that could allow users to inject malicious code via a network (Addressed in Video Station 5.7.2 and later) |
CVE |
||
|
9.1.24 |
An operating system command injection vulnerability in Video Station that could allow users to execute commands via a network (Addressed in Video Station 5.7.2 and later) |
CVE |
||
|
9.1.24 |
An unauthenticated remote code execution vulnerability in Netatalk that could allow attackers to execute arbitrary code (Addressed in QTS 5.1.3.2578 build 20231110 and QuTS hero h5.1.3.2578 build 20231110) |
CVE |
||
|
9.1.24 |
Deceptive Cracked Software Spreads Lumma Variant on YouTube |
Stealer |
||
|
9.1.24 |
A GAMER TURNED MALWARE DEVELOPER : DIVING INTO SILVERRAT AND IT’S SYRIAN ROOTS |
RAT |
||
|
6.1.24 |
Today will be a quick post on a TA444 (aka Sapphire Sleet, BLUENOROFF, STARDUST CHOLLIMA) Macho family tracked as SpectralBlur we found in August, and how finding it led us to stumble upon an early iteration of KANDYKORN (aka SockRacket). Please read Elastic’s EXCELLENT piece on that family. |
macOS |
||
|
6.1.24 |
Wiper attack on Albania by Iranian APT |
Wipper |
||
|
5.1.24 |
Exclusive: Russian hackers were inside Ukraine telecoms giant for months |
Incident |
Incident |
|
|
5.1.24 |
Win32k Elevation of Privilege Vulnerability |
CVE |
||
|
5.1.24 |
Bandook - A Persistent Threat That Keeps Evolving |
RAT |
||
|
5.1.24 |
Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion |
RAT |
||
|
3.1.24 |
WhiteSnake Stealer malware sample on MalwareBazaar |
Stealer |
||
|
3.1.24 |
RisePro is a stealer that is spread through downloaders like win.privateloader. Once executed on a system, the malware can steal credit card information, passwords, and personal data. |
Stealer |
||
|
3.1.24 |
In the course of a research project in collaboration with the SEC Consult Vulnerability Lab, Timo Longin (@timolongin) - known for his DNS protocol attacks - discovered a novel exploitation technique for yet another Internet protocol - SMTP (Simple Mail Transfer Protocol). Threat actors could abuse vulnerable SMTP servers worldwide to send malicious e-mails from arbitrary e-mail addresses, allowing targeted phishing attacks. Due to the nature of the exploit itself, this type of vulnerability was dubbed SMTP smuggling. Multiple 0-days were discovered, and various vendors were notified during our responsible disclosure in 2023. |
SPAM |
||
|
1.1.24 |
Adversaries may execute their own malicious payloads by hijacking the search order used to load DLLs. Windows systems use a common method to look for required DLLs to load into a program.Hijacking DLL loads may be for the purpose of establishing persistence as well as elevating privileges and/or evading restrictions on file execution. |
DLL |
||
|
1.1.24 |
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. |
CVE |
||
|
1.1.24 |
Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation |
SSH |
||
|
1.1.24 |
On Christmas Eve, Resecurity's HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2). |
Stealer |
||
|
1.1.24 |
Jinx – Malware 2.0 We know it’s big, we measured it! |
Stealer |