350 matches found
CVE-2024-0446
A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in t...
China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz
The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. The findings come from CSIRT-CTI, which said the activities took place in November...
Cross site scripting
Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute...
CVE-2024-22410 Binary Planting Attack on Windows Platforms in Creditcoin
Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute...
CVE-2024-22410 Binary Planting Attack on Windows Platforms in Creditcoin
Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute...
Pyxamstore - Python Utility For Parsing Xamarin AssemblyStore Blob Files
This is an alpha release of an assemblies.blob AssemblyStore parser written in Python. The tool is capable of unpack and repackaging assemblies.blob and assemblies.manifest Xamarin files from an APK. Installing Run the installer script: python setup.py install You can then use the tool by calling...
MinIO Vulnerabilities Exposed as Hackers Breach Through Storage
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In a recent malware campaign, threat actors utilized a new IDAT Loader to distribute a range of malicious software, including InfoStealers and RATs, employing evasion methods. This loader is...
New IDAT Loader Unleashes Infostealers in Fake Browser Update Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a recent malware campaign, threat actors utilized a new IDAT Loader to distribute a range of malicious software, including InfoStealers and RATs, employing evasion methods. This loader is packaged...
CVE-2023-40352
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs...
Privilege escalation
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs...
CVE-2023-40352
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs...
CVE-2023-40352
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs...
Chimera - Automated DLL Sideloading Tool With EDR Evasion Capabilities
While DLL sideloading can be used for legitimate purposes, such as loading necessary libraries for a program to function, it can also be used for malicious purposes. Attackers can use DLL sideloading to execute arbitrary code on a target system, often by exploiting vulnerabilities in legitimate...
Privilege escalation
A vulnerability has been identified in SICAM TOOLBOX II All versions V07.10. Affected applications do not properly set permissions for product folders. This could allow an authenticated attacker with low privileges to replace DLLs and conduct a privilege escalation...
CVE-2022-39062
A vulnerability has been identified in SICAM TOOLBOX II All versions V07.10. Affected applications do not properly set permissions for product folders. This could allow an authenticated attacker with low privileges to replace DLLs and conduct a privilege escalation...
CVE-2023-36344
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature...
PT-2023-25541 · Diebold Nixdorf · Diebold Nixdorf Vynamic View Console
Name of the Vulnerable Software and Affected Versions: Diebold Nixdorf Vynamic View Console versions 5.3.1 and earlier Description: The issue allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature. This enables the...
CVE-2023-36344
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature...
CVE-2023-3324 Insecure deserialization in zenon internal DLLs
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts...
Minas – on the way to complexity
Sometimes when investigating an infection and focusing on a targeted attack, we come across something we were not expecting. The case described below is one such occurrence. In June 2022, we found a suspicious shellcode running in the memory of a system process. We decided to dig deeper and...