Easy Finder & Anti-theft Security Vulnerabilities

ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan

The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan that it's based on, indicating that it's being actively developed. "The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the.....

Custom field finder < 0.4 - Authenticated (Author+) PHP Object Injection

Description The Custom field finder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.3 via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. No known.....

CVE-2024-22830

Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system resources. This allows a local attacker to escalate privileges from regular user to System or PPL...

CVE-2024-23463

Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to...

CVE-2024-23463

Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to...

CrushFTP Unauthenticated Arbitrary File Read

This module leverages an unauthenticated server-side template injection vulnerability in CrushFTP &lt; 10.7.1 and &lt; 11.1.0 (as well as legacy 9.x versions). Attackers can submit template injection payloads to the web API without authentication. When attacker payloads are reflected in the server'...

CVE-2024-23463 Anti-Tampering bypass via Repair App functionality

Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to...

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo...

FBI warns online daters to avoid &#8220;free&#8221; online verification schemes that prove costly

The FBI has warned of fraudsters targeting users of dating websites and apps with “free” online verification service schemes that turn out to be very costly. Instead of being free, as advertised, the verification schemes involve steep monthly subscription fees, and will steal personal information.....

U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats. "These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and...

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through query...

CVE-2024-33641

Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through...

CVE-2024-33641

Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through...

CVE-2024-33641 WordPress Custom field finder plugin <= 0.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through...

CVE-2024-33641 WordPress Custom field finder plugin <= 0.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through...

A week in security (April 22 &#8211; April 28)

Last week on Malwarebytes Labs: Ring agrees to pay $5.6 million after cameras were used to spy on customers TikTok comes one step closer to a US ban Google ad for Facebook redirects to scam "Substantial proportion" of Americans may have had health and personal data stolen in Change Healthcare...

Fedora 40 : python-cryptography / rust-asn1 / rust-asn1_derive (2023-11f1c85512)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-11f1c85512 advisory. The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. (CVE-2023-38325) A vulnerability...

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...

CrimsonEDR - Simulate The Behavior Of AV/EDR For Malware Development Training

CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics....

RHEL 7 : openstack-nova and python-novaclient (RHSA-2018:0369)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0369 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....

Ring agrees to pay $5.6 million after cameras were used to spy on customers

Amazon's Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers' private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The....

Talos IR trends: BEC attacks surge, while weaknesses in MFA persist

Business email compromise (BEC) was the top threat observed by Cisco Talos Incident Response (Talos IR) in the first quarter of 2024, accounting for nearly half of engagements, which is more than double what was observed in the previous quarter. The most observed means of gaining initial access...

CVE-2024-22144

Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through...

CVE-2024-22144

Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through...

CVE-2024-22144 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through...

CVE-2024-22144 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through...

ToddyCat’s Toolkit and Tactics Fueling Data Theft

...

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

*Updated 2024-04-25 16:57 GMT with minor wording corrections regarding the targeting of other vendors. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are...

U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April.....

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the...

CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers

A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024. Cisco Talos has attributed the activity with moderate confidence to a threat...

&#8220;Substantial proportion&#8221; of Americans may have had health and personal data stolen in Change Healthcare breach

UnitedHealth Group has given an update on the February cyberattack on Change Healthcare, one of its subsidiaries. In the update, the company revealed the scale of the breach, saying: “Based on initial targeted data sampling to date, the company has found files containing protected health...

Suspected CoralRaider continues to expand victimology using three information stealers

_By Joey Chen, Chetan Raghuprasad and Alex Karkins. _ Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys. Talos also discovered a new PowerShell...

Mitsubishi Electric Electrical Discharge Machines (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: Electrical discharge machines Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery

Cybersecurity breaches can be devastating for both individuals and businesses alike. While many people tend to focus on understanding how and why they were targeted by such breaches, there's a larger, more pressing question: What is the true financial impact of a cyberattack? According to research....

German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies

German authorities said they have issued arrest warrants against three citizens on suspicion of spying for China. The full names of the defendants were not disclosed by the Office of the Federal Prosecutor (aka Generalbundesanwalt), but it includes Herwig F., Ina F., and Thomas R. "The suspects...

U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse

The U.S. Department of State on Monday said it's taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of commercial spyware or who are immediately family members of those involved in such businesses. "These individuals have facilitated...

CVE-2024-1241

Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys...

CVE-2024-1241

Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys...

CVE-2024-1241 Watchdog Antivirus v1.6.415 - Denial of Service

Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys...

ToddyCat Hacker Group Uses Advanced Tools for Industrial-Scale Data Theft

The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from...

Billions of scraped Discord messages up for sale

Four billions public Discord messages are for sale on an internet scraping service called Spy.pet. At first sight there doesn’t seem to be much that is illegal about it. The messages were publicly accessible and there are no laws against scraping data. However, it turns out the site did disregard.....

Ransomware Double-Dip: Re-Victimization in Cyber Extortion

**Between crossovers - Do threat actors play dirty or desperate? ** In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether....

ToddyCat is making holes in your infrastructure

We continue covering the activities of the APT group ToddyCat. In our previous article, we described tools for collecting and exfiltrating files (LoFiSe and PcExter). This time, we have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts...

Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage

Microsoft has revealed that North Korea-linked state-sponsored cyber actors have begun to use artificial intelligence (AI) to make its operations more effective and efficient. "They are learning to use tools powered by AI large language models (LLM) to make their operations more efficient and...

Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack

By Deeba Ahmed Veriti Research exposes surge in Androxgh0st attacks, exploiting CVEs and building botnets for credential theft. Patch systems, monitor for web shells, and use behavioral analysis to protect yourself. This is a post from HackRead.com Read the original post: Androxgh0st Malware...

BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool

Technology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech as part of a recent cyber attack wave. The intrusions pave the way for an updated version of modular backdoor dubbed Waterbear as well as its enhanced successor referred to....

How Attackers Can Own a Business Without Touching the Endpoint

Attackers are increasingly making use of "networkless" attack techniques targeting cloud apps and identities. Here's how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services. Before getting into the details...

Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities.....

Hackers Target Middle East Governments with Evasive "CR4T" Backdoor

Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T. Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting that it may have been active since at...