79 matches found
CVE-2021-22887
A vulnerability in the BIOS of Pulse Secure PSA-Series Hardware models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device...
CVE-2021-22887
A vulnerability in the BIOS of Pulse Secure PSA-Series Hardware models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device...
Malware Gangs Partner Up in Double-Punch Security Threat
Cybergangs are joining forces under the guise of affiliate groups and “as-a-service” models, warns Maya Horowitz, the director of threat intelligence research with Check Point Research. She said the trend is driving a new and thriving cybercriminal underground economy. Several malware gangs have...
Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers
We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. While investigations are underway, we want to provide the defender community with intelligence to understand the scope, impact, remediation guidance, and product detections and...
Rockstar Games: Image Injection vulnerability in www.rockstargames.com/IV/screens/1280x720Image.html
In this report, the researcher demonstrated a method to chain together separate vulnerabilities that, under certain conditions, could cause a user's Facebook Oauth tokens to leak via the Referer header. The specific vulnerability that was addressed in this report was the image injection component...
sLoad Malware Revamped as Powerful 'StarsLord' Loader
The sLoad malware downloader, a PowerShell-based trojan first spotted in May 2018, has a new, polished version that comes with “more powerful features, posing even higher risk,” Microsoft researchers are warning. After discovering it being used in several campaigns over the holidays, researchers...
Dexphot Malware Hijacks 80K+ Devices to Mine Cryptocurrency
Microsoft is warning of malware, Dexphot, that has infected more than 80,000 machines, sucking up their CPU power in order to mine cryptocurrency. Researchers first discovered Dexphot in October 2018 and saw its activity peak during July. They said that the malware has a complex attack chain and...
Insights from one year of tracking a polymorphic threat
A little over a year ago, in October 2018, our polymorphic outbreak monitoring system detected a large surge in reports, indicating that a large-scale campaign was unfolding. We observed as the new threat attempted to deploy files that changed every 20-30 minutes on thousands of devices. We gave...
Design/Logic Flaw
particl through 0.17 a chain-based proof-of-stake cryptocurrency allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM...
Rockstar Games: Image Injection on `/bully/anniversaryedition` may lead to FB's OAuth Token Theft.
In this report, the researcher identified a chain of attacks that could result in sensitive token leakage, such as Oauth tokens. The attack would begin with an image injection exploit on the page at https://www.rockstargames.com/bully/anniversaryedition. That exploit was the focus of this...
Rockstar Games: Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft.
In this report, the researcher identified a series of vulnerabilities that could be exploited together to exfiltrate sensitive user tokens. In this attack chain, one critical step was an image injection vulnerability in the Screenshot-Viewer function on the main site, at...
Why Malwarebytes decided to participate in AV testing
Starting this month, Malwarebytes began participating in the antivirus software for Windows comparison test performed by AV-test.org. This is uncharted territory for us, as we have refrained from participating in these types of tests since our inception. Although recent testing results show...
RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique
Introduction Through FireEye Dynamic Threat Intelligence DTI, we observed RIG Exploit Kit EK delivering a dropper that leverages the PROPagate injection technique to inject code that downloads and executes a Monero miner similar activity has been reported by Trend Micro. Apart from leveraging a...
BMW multi models is the exposure of a common security vulnerability, a hacker remote attack-vulnerability warning-the black bar safety net
5 on 22 May, Tencent Cohen Laboratory released a BMW, many different models of 14 common security vulnerabilities, these vulnerabilities can be through physical contact and remote non-contact and other ways triggered, according to its official blog to reveal that at present all the vulnerability...
Deception Technology: Can It Detect Intruders Earlier in their Attack Chain?
Every infosec conference is chatting about the Attack Chain, a visual mapping of the steps an intruder must take to breach a network. If you can detect traces of an attack earlier, you not only have more time to respond, but can stop the unauthorized access to monetizable data and its exfiltratio...
CVE-2016-4117: Flash Zero-Day Exploited in the Wild
On May 8, 2016, FireEye detected an attack exploiting a previously unknown vulnerability in Adobe Flash Player CVE-2016-4117 and reported the issue to the Adobe Product Security Incident Response Team PSIRT. Adobe released a patch for the vulnerability in APSB16-15 just four days later. Attackers...
SlemBunk Part II: Prolonged Attack Chain and Better-Organized Campaign
Introduction Our follow-up investigation of a nasty Android banking malware we identified at the tail end of last year has not only revealed that the trojan is more persistent than we initially realized – thus making for a much more dangerous threat – but that it is also being used as part of an...
Google Expands Safe Browsing Alerts to Include Malware Distribution Sites
Google is expanding the amount and kind of data that it supplies to network operators about potentially malicious activity happening on their networks and elsewhere. The company is now giving operators information on dedicated domains that are being used for malware hosting and distribution. Last...
Security Update For Exchange Server 2016 CU12 (KB4487563)
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access OWA fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive...