Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader

Rapid7’s Managed Detection and Response MDR team continuously monitors our customers' environments, identifying emerging threats and developing new detections. In August 2023, Rapid7 identified a new malware loader named the IDAT Loader. Malware loaders are a type of malicious software designed t...

Lenovo PC 安全漏洞

Lenovo PC is a line of computers from the Chinese company Lenovo. A security vulnerability exists in Lenovo PC that originates from a buffer overflow vulnerability in the system recovery boot loader. A privileged attacker with local access rights can exploit the vulnerability to execute arbitrary...

Lenovo PC 安全漏洞

Lenovo PC is a line of computers from the Chinese company Lenovo Lenovo. A security vulnerability exists in Lenovo PC that originates from a flaw in the system recovery boot loader. A privileged attacker with local access could exploit the vulnerability to modify the boot manager and elevate...

The vulnerability of the write_indexes() function in the GdkPixbuf image loading library allows a attacker to cause a service failure.

The vulnerability of the GdkPixbuf image loading library is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow an attacker to cause a service failure...

Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox

Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said...

CVE-2024-26678

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section The .compat section is a dummy PE section that contains the address of the 32-bit entrypoint of the 64-bit kernel image if it is bootable from 32-bit firmware...

ROS-20240402-06

Vulnerability in the password protection mechanism of the Grub2 boot loader is related to the bypass of authentication by spoofing. Exploitation of the vulnerability could allow an attacker to bypass established access control...

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

A botnet previously considered to be rendered inert has been observed enslaving end-of-life EoL small home/small office SOHO routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from...

Stories from the SOC Part 1: IDAT Loader to BruteRatel

Rapid7’s Managed Detection and Response MDR team continuously monitors our customers' environments, identifying emerging threats and developing new detections. In August 2023, Rapid7 identified a new malware loader named the IDAT Loader. Malware loaders are a type of malicious software designed t...

PT-2024-10928 · Allied Telesis · At-S115

Name of the Vulnerable Software and Affected Versions: Allied Telesis AT-S115 version 1.2.0 before 1.00.024 with Boot Loader 1.00.006 Description: The issue allows Directory Traversal, which can lead to partial access to data. Recommendations: For Allied Telesis AT-S115 version 1.2.0 before...

New Go loader pushes Rhadamanthys stealer

Malware loaders also known as droppers or downloaders are a popular commodity in the criminal underground. Their primary function is to successfully compromise a machine and deploy one or multiple additional payloads. A good loader avoids detection and identifies victims as legitimate i.e. not...

EulerOS Virtualization 2.11.1 : glibc (EulerOS-SA-2024-1398)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulti...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1426)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.0 : glibc (EulerOS-SA-2024-1426)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulti...

New BunnyLoader Malware Variant Surfaces with Modular Attack Features

Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various functions as well as allow it to evade detection. "BunnyLoader is dynamically developing malware with the capability to steal information, credentials and...

DEBIAN-CVE-2024-26540

A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimglibrary::CImg::loadanalyze...

Ande Loader Malware Targets Manufacturing Sector in North America

The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans RATs like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry based in North...

ROS-2-1503

2.1503 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user-entered data when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the...

ROS-2-972

2.972 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...

ROS-2-1353

2.1353 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...