1281 matches found
New Ursnif Variant Likely Shifting Focus to Ransomware and Data Theft
The Ursnif malware has become the latest malware to shed its roots as a banking trojan to revamp itself into a generic backdoor capable of delivering next-stage payloads, joining the likes of Emotet, Qakbot, and TrickBot. "This is a significant shift from the malware's original purpose to enable...
Brazilian Police Arrest Suspected Member of Lapsus$ Hacking Group
The Federal Police of Brazil on Wednesday announced it had arrested an individual for purported links to the notorious LAPSUS$ extortionist gang. The arrest was made as part of a new law enforcement effort, dubbed Operation Dark Cloud, that was launched in August 2022, the agency noted. Not much ...
Check Point ZoneAlarm Extreme Security Elevation of Privilege Vulnerability
ZoneAlarm Extreme Security is a personal firewall software from Check Point Israel. An elevation of privilege vulnerability exists in versions prior to Check Point ZoneAlarm Extreme Security 15.8.211.19229, which stems from weak permissions on directories and a self-protecting driver bypass that...
CVE-2022-41604
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This...
Authentication flaw
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This...
CVE-2022-41604
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This...
CVE-2022-41604
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This...
CVE-2022-41604
CVE-2022-41604 affects Check Point ZoneAlarm Extreme Security prior to 15.8.211.19229. Root cause: weak permissions on %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates and a self-protection driver bypass that allows creation of a junction directory, enabling an arbitrary file move as NT AUTHORITY\...
PT-2022-25980 · Check Point · Zonealarm Extreme Security
Name of the Vulnerable Software and Affected Versions: Check Point ZoneAlarm Extreme Security versions prior to 15.8.211.19229 Description: The issue allows local users to escalate privileges due to weak permissions for the %PROGRAMDATA%CheckPointZoneAlarmDataUpdates directory and a self-protecti...
Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs
A new wave of a mobile surveillance campaign has been observed targeting the Uyghur community as part of a long-standing spyware operation active since at least 2015, cybersecurity researchers disclosed Thursday. The intrusions, originally attributed to a threat actor named Scarlet Mimic back in...
Malicious code in winrpcexploit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46976ed2bca7738154d7f53ebb0e98864eafcf5753fc7753b509c6ce4d9ac9b4 Security researchers at Check Point Research discovered a malicious package called WINRPCexploit. PyPI has since removed WINRPCexploit...
MAL-2022-7429 Malicious code in winrpcexploit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46976ed2bca7738154d7f53ebb0e98864eafcf5753fc7753b509c6ce4d9ac9b4 Security researchers at Check Point Research discovered a malicious package called WINRPCexploit. PyPI has since removed WINRPCexploit...
Malicious code in zlibsrc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dfbf8f67470456ad6b704fb2c2d47edef71ce077afe59bf1a6f79913bde2fd5d Security researchers at Check Point Research discovered a malicious package called zlibsrc impersonating the PyPI package zlib. PyPI has since removed...
MAL-2022-7430 Malicious code in zlibsrc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dfbf8f67470456ad6b704fb2c2d47edef71ce077afe59bf1a6f79913bde2fd5d Security researchers at Check Point Research discovered a malicious package called zlibsrc impersonating the PyPI package zlib. PyPI has since removed...
Malicious code in free-net-vpn2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 918a0f985a93815d37d9480f97dd5203b78834142904ae50550bd431ca52c05b Security researchers at Check Point Research discovered a malicious package called free-net-vpn2 that targets environment variables. PyPI has since remov...
Malicious code in test-async (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77032b3c9cc48f55b79507650d7c7a520543997883ee5c2cb3e655a5ee8f3304 Security researchers at Check Point Research discovered a malicious package called test-async. PyPI has since removed test-async...
MAL-2022-7428 Malicious code in test-async (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77032b3c9cc48f55b79507650d7c7a520543997883ee5c2cb3e655a5ee8f3304 Security researchers at Check Point Research discovered a malicious package called test-async. PyPI has since removed test-async...
Malicious code in pyproto2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11270c23eaf76f2fad8af5f01e5fb1b3bb9e018dbd6a51a358b158e76119126b Security researchers at Check Point Research discovered a malicious package called PyProto2. PyPI has since removed PyProto2...
Malicious code in pyg-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d88aee4a8e480e3f09eb95c41c77cb679c144faacd48d7829c401276d21a8f38 Security researchers at Check Point Research discovered a malicious package called pyg-utils. PyPI has since removed pyg-utils...
Xiaomi Phone Bug Allowed Payment Forgery
Smartphone maker Xiaomi, the world’s number three phone maker behind Apple and Samsung, reported it has patched a high-severity flaw in its “trusted environment” used to store payment data that opened some of its handsets to attack. Researchers at Check Point Research revealed last week in a repo...