16 matches found
Notepad++ Users, You May Have Been Hacked by China
Suspected Chinese state-backed hackers hijacked the Notepad++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows...
PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems
The Cybersecurity and Infrastructure Security Agency CISA is aware of ongoing intrusions by People’s Republic of China PRC state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows...
CISA and Partners Release Joint Advisory on Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage Systems
CISA, along with the National Security Agency, Federal Bureau of Investigation, and international partners, released a joint Cybersecurity Advisory on People’s Republic of China PRC state-sponsored Advanced Persistent Threat APT actors targeting critical infrastructure across sectors and continen...
Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver
The SUPERGROUP known as Scattered Lapsus$ Hunters - A combin...
CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies
The US Cybersecurity and Infrastructure Security Agency CISA issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities. "CISA has observed Chinese Ministry of State Security-affiliated cyber threat...
US Government Warns of a New Strain of Chinese 'Taidoor' Virus
Intelligence agencies in the US have released information about a new variant of 12-year-old computer virus used by China's state-sponsored hackers targeting governments, corporations, and think tanks. Named "Taidoor, " the malware has done an 'excellent' job of compromising systems as early as...
CVE-2020-1350 Windows DNS Server Remote Code Execution (SigRed)
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka ‘Windows DNS Server Remote Code Execution Vulnerability’. Recent assessments: gwillcox-r7 at July 14, 2020 6:11pm UTC reported: Important Update: This is now supposed...
CVE-2020-8515
DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1. Recent...
CVE-2019-10189
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment. Recent assessments: gwillcox-r7 at October 20, 2020 6:57pm UTC reported: This is now supposedly being exploited in the wild by...
CVE-2019-1040
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC Message Integrity Check protection, aka ‘Windows NTLM Tampering Vulnerability’. Recent assessments: gwillcox-r7 at October 20, 2020 6:01pm UTC reported: This is now...
CVE-2019-11580
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits...
CVE-2019-0803
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859. Recent assessments: gwillcox-r7 at October 20, 2020 7:06pm UT...
CVE-2019-3396
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...
CVE-2018-6789
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. Recent assessments: gwillcox-r7 at October 20, 2020 6:46pm UTC reported: This is now supposedly...
CVE-2017-6327
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to t...
CVE-2015-4852
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to...