Watch Out! That Android System Update May Contain A Powerful Spyware

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go...

File upload vulnerability exists in OKLite (CNVD-2021-19721)

OKLite is an enterprise website system, the main target group is the display enterprise website users, so that the traditional small business quickly deploy the website. OKLite suffers from a file upload vulnerability that can be exploited by an attacker to gain control of the server...

CVE-2020-21224

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server...

CVE-2020-21224

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server...

Remote code execution

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server...

CVE-2020-21224

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server...

Wave Inspur ClusterEngine Parameter Injection Vulnerability

Wave Inspur ClusterEngine is an application software from China's Wave Corporation. It provides management of jobs submitted by hardware and software in a cluster system. A security vulnerability exists in Inspur ClusterEngine V4.0, which can be exploited by remote attackers to send malicious log...

SolarWinds Hack and the Case of DNS Security

It's not news that some of the top government agencies and companies in the world were victims of the SolarWinds attack. At this point, I can say it's the reason I didn't have a smoother transition back into work-life following a long vacation. As I understand it, the breaches happened after...

Italy CERT Warns of a New Credential Stealing Android Malware

Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video. Dubbed "Oscorp" by Italy's CERT-AGID and spotted by AddressIntel, the malware "induces the user to install an accessibility service wi...

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities

An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in network-attached storage NAS devices running on Linux systems to co-opt the machines into an IRC botnet for launching distributed denial-of-service DDoS attacks and mining Monero cryptocurrency. The attack...

DLL Hijacking Vulnerability in Netease Youtao Dictionary PC Version (CNVD-2021-05430)

Youdao Dictionary is the world's first all-around free language translation software based on search engine technology, produced by NetEase Youdao, NetEase Youdao Dictionary PC terminal dll hijacking vulnerability. There is a DLL hijacking vulnerability in Netease Youdao Dictionary PC, which can ...

DLL Hijacking Vulnerability in Zoom Conference Client (CNVD-2021-03513)

Zoom is the leader in modern enterprise video communications, providing a platform for video/audio conferencing, collaboration, chat and webinars across mobile devices, desktops and conference room systems. A DLL hijacking vulnerability exists in the Zoom conferencing client, which can be exploit...

Lovecraft client suffers from dll hijacking vulnerability

Aiki is an online video site. A dll hijacking vulnerability exists in the AikiYi client, which can be exploited by an attacker to gain control of the server...

RGCMS suffers from a file upload vulnerability (CNVD-2021-03290)

RGCMS RuiGu content management system is a set of open source building management system , using PHP language , written in the framework of Thinkphp5.1. , the database using MYSQL database . RGCMS file upload vulnerability , an attacker can use this vulnerability to obtain control of the server...

A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says

As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems. "The investigation of the...

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. While investigations are underway, we want to provide the defender community with intelligence to understand the scope, impact, remediation guidance, and product detections and...

CatfishCMS has a file upload vulnerability

Catfish CMS is a free and open source PHP content management system. A file upload vulnerability exists in CatfishCMS, which can be exploited by an attacker to gain control of the server...

A new skimmer uses WebSockets and a fake credit card form to steal sensitive data

A new skimmer attack was discovered this week, targeting various online e-commerce sites built with different frameworks. As of the writing of this blog post, the attack is still active and exfiltrating data. Attackers are exploiting an expanding in-browser attack surface and continually evolving...

SNIcat - Server Name Indication Concatenator

SNIcat is a proof of concept tool that performs data exfiltration, utilizing a covert channel method via. Server Name Indication , a TLS Client Hello Extension. The tool consists of an agent which resides on the compromised internal host, and a Command &Control Server which controls the agent and...

Malicious Package

axois is a malicious package. Taking advantage of user's mistake in the module name at the time of installation, the code when executed, invokes home to a Command and Control server to execute arbitrary commands...