Engineer's Toolset Security Vulnerabilities
CentOS 8 : go-toolset:rhel8 (CESA-2023:3319)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:3319 advisory. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a...
10AI Score
0.005EPSS
Important: go-toolset and golang security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about...
9.8CVSS
7.1AI Score
0.003EPSS
Oracle Linux 9 : go-toolset / and / golang (ELSA-2023-3318)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3318 advisory. Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \t...
8.9AI Score
0.003EPSS
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about the security issue(s), including the impact, a CVSS score,...
9.8CVSS
6.9AI Score
0.003EPSS
gcc-toolset-12-binutils security update
[2.38-17] - Fix an illegal memory access parsing a corrupt ELF file. ...
5.5CVSS
7AI Score
0.001EPSS
Oracle Linux 8 : gcc-toolset-12-binutils (ELSA-2023-2873)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2873 advisory. An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of...
6.2AI Score
0.001EPSS
Meet the GoldenJackal APT group. Don’t expect any howls
GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. Despite the fact that they began their activities years ago, this group is generally unknown and, as far as we know, has not been publicly described. We...
8.1AI Score
Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade
New findings about a hacker group linked to cyber attacks targeting companies in the Russo-Ukrainian conflict area reveal that it may have been around for much longer than previously thought. The threat actor, tracked as Bad Magic (aka Red Stinger), has not only been linked to a fresh...
6.8AI Score
AlmaLinux 8 : gcc-toolset-12-binutils (ALSA-2023:2873)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2873 advisory. An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of...
6.3AI Score
0.001EPSS
CloudWizard APT: the bad magic story goes on
In March 2023, we uncovered a previously unknown APT campaign in the region of the Russo-Ukrainian conflict that involved the use of PowerMagic and CommonMagic implants. However, at the time it was not clear which threat actor was behind the attack. Since the release of our report about...
7.2AI Score
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:3083)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3083 advisory. Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and...
7.9AI Score
0.001EPSS
Moderate: go-toolset:Rocky Linux8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) golang: net/http, mime/multipart: denial of service from excessive resource consumption...
7.5CVSS
7.2AI Score
0.001EPSS
go-toolset:Rocky Linux8 security and bug fix update
An update is available for delve, module.go-toolset, golang, module.golang, go-toolset, module.delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset....
7.5CVSS
6.8AI Score
0.001EPSS
Rocky Linux 8 : go-toolset:Rocky Linux8 (RLSA-2023:3083)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3083 advisory. Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and...
6.9AI Score
0.001EPSS
CentOS 8 : go-toolset:rhel8 (CESA-2023:3083)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:3083 advisory. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...
8.8AI Score
0.024EPSS
(RHSA-2023:3083) Moderate: go-toolset:rhel8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) golang: net/http, mime/multipart: denial of service from excessive resource consumption...
6.9AI Score
0.024EPSS
(RHSA-2023:2873) Moderate: gcc-toolset-12-binutils security update
The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): binutils: NULL pointer...
6.9AI Score
0.001EPSS
RHEL 8 : gcc-toolset-12-binutils (RHSA-2023:2873)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2873 advisory. binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault (CVE-2022-4285) Note that Nessus has not tested for this...
5.9AI Score
0.001EPSS
RHEL 8 : go-toolset:rhel8 (RHSA-2023:3083)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3083 advisory. net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) golang: crypto/tls: large handshake...
8.4AI Score
0.024EPSS
Moderate: go-toolset:rhel8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) golang: net/http, mime/multipart: denial of service from excessive resource consumption...
7.5CVSS
6.9AI Score
0.001EPSS
Moderate: gcc-toolset-12-binutils security update
The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): binutils: NULL pointer...
5.5CVSS
5.9AI Score
0.001EPSS
Moderate: go-toolset:rhel8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) golang: net/http, mime/multipart: denial of service from excessive resource consumption...
7.5CVSS
7.2AI Score
0.001EPSS
Moderate: gcc-toolset-12-binutils security update
The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): binutils: NULL pointer...
5.5CVSS
6.9AI Score
0.001EPSS
go is vulnerable to Command Injection. The vulnerability allows templates containing actions in unquoted HTML attributes to be executed with empty inputs resulting in unexpected results when parsed potentially leading to allowing injection or arbitrary attributes into...
7.3CVSS
7.3AI Score
0.001EPSS
go is vulnerable to Improper Sanitization. Whitespace characters contained outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution resulting in the...
9.8CVSS
6.9AI Score
0.003EPSS
go is vulnerable to Code Injection. The vulnerability causes CSS contexts to unexpectedly close if templates contains multiple actions separated by a '/' are included which could result in injections of unexpected...
7AI Score
0.001EPSS
New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe
A previously undetected advanced persistent threat (APT) actor dubbed Red Stinger has been linked to attacks targeting Eastern Europe since 2020. "Military, transportation, and critical infrastructure were some of the entities being targeted, as well as some involved in the September East Ukraine.....
6.8AI Score
Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020
This blog post was authored by Malwarebytes' Roberto Santos and Fortinet's Hossein Jazi While the official conflict between Russia and Ukraine began in February 2022, there is a long history of physical conflict between the two nations, including the 2014 annexation of Crimea by Russia and when...
7.3AI Score
Hunting Russian Intelligence “Snake” Malware
SUMMARY The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets. To conduct operations using this tool, the FSB created a covert peer-to-peer...
9.2AI Score
N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks
The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign. "[ReconShark] is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading....
6.9AI Score
For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have...
7.6AI Score
Quarterly Report: Incident Response Trends in Q1 2023
Web shell usage spikes in Q1 compared to previous quarters, correlating with higher instances of exploitation of public-facing applications. In a novel increase compared to previous quarters, Cisco Talos Incident Response (Talos IR) reports that web shells were the most-observed threat in the...
9.8CVSS
10.5AI Score
0.004EPSS
Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering
The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris's endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher and....
6.7AI Score
Tomiris called, they want their Turla malware back
Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). Our initial report described links between a Tomiris Golang implant and SUNSHUTTLE (which has been...
9.8CVSS
9.1AI Score
0.975EPSS
Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose
Israeli spyware vendor QuaDream is allegedly shutting down its operations in the coming days, less than a week after its hacking toolset was exposed by Citizen Lab and Microsoft. The development was reported by the Israeli business newspaper Calcalist, citing unnamed sources, adding the company...
6.3AI Score
Microsoft Visual Studio Spoofing Vulnerability (CNVD-2023-29698)
Microsoft Visual Studio is a family of development tools from Microsoft Corporation (USA), and a largely complete development toolset that includes most of the tools needed throughout the software lifecycle. Microsoft Visual Studio is vulnerable to a spoofing vulnerability that can be exploited by....
5.5CVSS
6.4AI Score
0.001EPSS
New Python-Based "Legion" Hacking Tool Emerges on Telegram
An emerging Python-based credential harvester and a hacking tool named Legion is being marketed via Telegram as a way for threat actors to break into various online services for further exploitation. Legion, according to Cado Labs, includes modules to enumerate vulnerable SMTP servers, conduct...
7.9AI Score
Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit
Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East. According to findings from a group of researchers from the Citizen Lab, the spyware.....
7.2AI Score
Desert Falcon Strikes with an Upgraded Arsenal
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Desert Falcons, a cyber-espionage group, has been seen deploying upgraded variants of its malware toolset in strikes against Palestine and Middle Eastern entities. To receive real-time threat advisories,...
6.7AI Score
go-toolset bug fix and enhancement update
An update is available for golang, go-toolset. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and...
6.7AI Score
github.com/golang/go is vulnerable to Denial of Service (DoS) attacks. A malicious user is able to cause an infinite loop via integer overflows when calling any of the Parse functions which contain //line directives with very large line numbers, which can cause the application to...
7.5CVSS
8.3AI Score
0.001EPSS
github.com/golang/go is vulnerable to Arbitrary Code Execution. JavaScript templates do not consider backticks as string delimiters and do not escape them properly, which allows an attacker to bypass sanitization and execute arbitrary code on the...
9.8CVSS
9.5AI Score
0.003EPSS
go-toolset bug fix and enhancement update
An update is available for delve, module.go-toolset, golang, module.golang, go-toolset, module.delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset....
6.7AI Score
Changes in OWASP API Security Top-10 2023RC | API Security Newsletter
Welcome to our March API newsletter, recapping some of the events of last month. And what a month it was. Among other buzzworthy news, OWASP published the initial Release Candidate for the 2023 API Security Top-10 list – we analyzed the ins & outs and presented them over the course of a couple of.....
9.8CVSS
9.6AI Score
0.969EPSS
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing their findings. The following has been discovered so far: The infection is spread via...
7.1AI Score
AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services
A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services,...
6.8AI Score
4 Steps to Creating a Powerful Research Lab for Reverse Engineering
However, manual lab setup and configuration can prove to be a laborious and time-consuming process. In this article, we'll look at 4 ways to create a reverse engineering lab, discuss how to save time, and, potentially, improve the detection rate using a sandbox-as-a-service, and a recommended list....
6.9AI Score
Fedora 38 : cutter-re / rizin (2023-af305bed3d)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-af305bed3d advisory. Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). This vulnerability allows attackers to...
7.7AI Score
0.002EPSS
Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers
Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of 2023. The intrusion set has been attributed to a Chinese cyber espionage actor associated with a long-running campaign dubbed Operation Soft Cell based on tooling overlaps....
6.6AI Score
Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials
The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign...
AI Score