Engineer's Toolset Security Vulnerabilities

CVE-2022-36039 Out-of-bounds write when parsing DEX files in Rizin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the user's...

Worok Hackers Target High-Profile Asian Companies and Governments

High-profile companies and local governments located primarily in Asia are the subjects of targeted attacks by a previously undocumented espionage group dubbed Worok that has been active since late 2020. "Worok's toolset includes a C++ loader CLRLoad, a PowerShell backdoor PowHeartBeat, and a C#...

Integrating Live Patching in SecDevOps Workflows

SecDevOps is, just like DevOps, a transformational change that organizations undergo at some point during their lifetime. Just like many other big changes, SecDevOps is commonly adopted after a reality check of some kind: a big damaging cybersecurity incident, for example. A major security breach.....

CVE-2022-36041 Rizin Out-of-bounds Write vulnerability in Mach-O binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the...

CVE-2022-36044 Rizin Out-of-bounds Write vulnerability in Lua binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on...

CVE-2022-36043 Rizin Double Free in bobj.c when using qnx binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free() when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this...

CVE-2022-36040 Rizin Out-of-bounds Write vulnerability in pyc/marshal.c

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYC(python) files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code....

CVE-2022-36042 Rizin Out-of-bounds Write vulnerability in dyld cache binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to...

Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope

A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA's James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems. The development, revealed by Securonix, points to the growing adoption of Go among...

Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework

Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control (C2) framework in their intrusion campaigns as a replacement for Cobalt Strike. "Given Cobalt Strike's popularity as an attack tool, defenses against it have also improved over time," Microsoft...

Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks

Microsoft has observed the Sliver command-and-control (C2) framework now being adopted and integrated in intrusion campaigns by nation-state threat actors, cybercrime groups directly supporting ransomware and extortion, and other threat actors to evade detection. We’ve seen these actors use Sliver....

Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks

Microsoft has observed the Sliver command-and-control (C2) framework now being adopted and integrated in intrusion campaigns by nation-state threat actors, cybercrime groups directly supporting ransomware and extortion, and other threat actors to evade detection. We’ve seen these actors use Sliver....

DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities

The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previously....

Microsoft Visual Studio Remote Code Execution Vulnerability (CNVD-2022-67839)

Microsoft Visual Studio is a family of development tools from Microsoft Corporation (USA) and is a largely complete development toolset that includes most of the tools needed throughout the software lifecycle.Microsoft Visual Studio is vulnerable to remote code execution. An attacker could exploit....

Cisco Confirms It's Been Hacked by Yanluowang Ransomware Gang

Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser. "Initial access to the Cisco VPN was achieved via the successful.....

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

In late August 2020, we published an overview of DeathStalker's profile and malicious activities, including their Janicab, Evilnum and PowerSing campaigns (PowerPepper was later documented in 2020). Notably, we exposed why we believe the threat actor may fit a group of mercenaries, offering...

KMSpico explained: No, KMS is not "kill Microsoft"

Thanks to Pieter Arntz and the Threat Intelligence Team who contributed to the research. A hack tool is a program that allows users to activate software even without a legitimate, purchased key. Hack tools are often used to root devices in order to (among others) remove barriers that stop users...

AlmaLinux 8 : go-toolset:rhel8 (5775) (ALSA-2022:5775)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5775 advisory. golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) golang: go/parser: stack exhaustion in all Parse* functions...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2022-5775)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5775 advisory. golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) golang: encoding/xml: stack exhaustion in Decoder.Skip...

go-toolset:ol8 security and bug fix update

delve [1.7.2-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.7.2-1] - Rebase to 1.7.2 - Related: rhbz#2014088 golang [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109182 [1.17.10-2] - Clean up dist-git patches - Resolves: rhbz#2109173 go-toolset [1.17.12-1] -....

(RHSA-2022:5866) Important: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) golang:...

go-toolset and golang security and bug fix update

golang [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109183 [1.17.7-2] - Clean up dist-git patches - Resolves: rhbz#2109174 go-toolset [1.17.12-1] - Update Go to version 1.17.12 - Resolves:...

RHEL 7 : go-toolset-1.17 and go-toolset-1.17-golang (RHSA-2022:5866)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5866 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang:...

Oracle Linux 9 : go-toolset / and / golang (ELSA-2022-5799)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5799 advisory. golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) golang: encoding/xml: stack exhaustion in Decoder.Skip...

go-toolset and golang security and bug fix update

An update is available for golang, go-toolset. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and...

(RHSA-2022:5799) Important: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) golang: net/http: improper...

Important: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) golang: net/http: improper...

Important: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) golang:...

go-toolset:rhel8 security and bug fix update

An update is available for delve, golang, go-toolset. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and.....

(RHSA-2022:5775) Important: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) golang:...

CentOS 8 : go-toolset:rhel8 (CESA-2022:5775)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:5775 advisory. golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) golang: go/parser: stack exhaustion in all Parse* functions...

Important: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang:...

RHEL 8 : go-toolset:rhel8 (RHSA-2022:5775)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5775 advisory. golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) golang: go/parser: stack exhaustion in all Parse*...

Important: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: net/http: improper...

RHEL 9 : go-toolset and golang (RHSA-2022:5799)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5799 advisory. golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) golang: go/parser: stack exhaustion in all Parse*...

Important: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang:...

Important: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: net/http: improper...

Fedora: Security Advisory for docker-distribution (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for...

[SECURITY] Fedora 36 Update: docker-distribution-2.6.2-18.git48294d9.fc36

Docker toolset to pack, ship, store, and deliver...

Threat Source newsletter (July 28, 2022) — What constitutes an "entry-level" job in cybersecurity?

_By Jon Munshaw. _ Welcome to this week’s edition of the Threat Source newsletter. Between the White House’s recent meeting, countless conference talks and report after report warning of cybersecurity burnout, there’s been a ton of talk recently around the [cybersecurity skills...

Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits

A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a...

Top MSSP CEOs Share 7 Must-Do Tips for Higher MSSP Revenue and Margin

MSSPs must find ways to balance the need to please existing customers, add new ones, and deliver high-margin services against their internal budget constraints and the need to maintain high employee morale. In an environment where there are thousands of potential alerts each day and cyberattacks...

APT trends report Q2 2022

For five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and...

Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) found a private-sector offensive actor (PSOA) using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European.....

Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) found a private-sector offensive actor (PSOA) using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European.....

SmokeLoader Infecting Targeted Systems with Amadey Info-Stealing Malware

An information-stealing malware called Amadey is being distributed by means of another backdoor called SmokeLoader. The attacks hinge on tricking users into downloading SmokeLoader that masquerades as software cracks, paving the way for the deployment of Amadey, researchers from the AhnLab...

Insecure Session

go is vulnerable to Insecure Session. The vulnerability exists because session tickets generated by crypto/tls did not contain a randomly generated ticket_age_add which allows an attacker to observe TLS handshakes to correlate successive connections by comparing ticket ages during session...

Denial Of Service (DoS)

go is vulnerable to Denial Of Service (DoS). The vulnerability exists in Glob function in match.go due to stack exhaustion because having a large number of path separators in Glob which allows an attacker to cause an application...

Denial Of Service (DoS)

go is vulnerable to denial of service. The vulnerability exists in unmarshalAttr function in read.go due to improper encoding which allows an attacker to cause a stack exhaustion in Unmarshal which leads to an application...

Denial Of Service (DoS)

go is vulnerable to denial of service attacks. Calling Decoder.Decode on a message which contains deeply nested structures may cause a system crash due to stack...