FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks

A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to use by the members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews. The malware, dubbed Domino, is primarily designed to facilitate follow-o...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2022-37603]

Summary Node.js module loader-utils is used by IBM App Connect Enterprise Certified Container by DesignerAuthoring operands. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service. This bulletin provides patch information to address the...

The vulnerability of the file loading function of the distributed file system sjqzhang go-fastdfs allows a attacker to write any files and execute any commands.

The vulnerability of the file loading function in the distributed file system sjqzhang go-fastdfs is related to deficiencies in path checking for restricted-access directories. Exploiting this vulnerability allows an attacker to write arbitrary files and execute arbitrary commands remotely...

Use of Telnet in multiple SICK Flexi Soft and Flexi Classic Gateways

Several versions of the SICK Flexi Soft Gateways FX0-GENT, FX0-GMOD, FX0-GPNT and SICK Flexi Classic Gateway UE410 provide a Telnet interface for debugging, which is enabled by factory default. No password is set in the default configuration. If the password is not set by the customer, a remote...

New Rilide Malware Targeting Chromium-Based Browsers to Steal Cryptocurrency

Chromium-based web browsers are the target of a new malware calledRilide that masquerades itself as a seemingly legitimate extension to harvest sensitive data and siphon cryptocurrency. "Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a...

Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service

A piece of new information-stealing malware called OpcJacker has been spotted in the wild since the second half of 2022 as part of a malvertising campaign. "OpcJacker's main functions include keylogging, taking screenshots, stealing sensitive data from browsers, loading additional modules, and...

Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service

A piece of new information-stealing malware called OpcJacker has been spotted in the wild since the second half of 2022 as part of a malvertising campaign. "OpcJacker's main functions include keylogging, taking screenshots, stealing sensitive data from browsers, loading additional modules, and...

Fedora 38 : yarnpkg (2023-2e38c3756f)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2e38c3756f advisory. Apply fix for CVE-2022-37603. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-1471)

Summary There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class...

Security Bulletin: There is a security vulnerability in Spring Security used by IBM Maximo Data Loader (CVE-2022-31692)

Summary There is a security vulnerability in Spring Security used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include dispatcher...

Security Bulletin: There is a security vulnerability in Apache Commons FileUpload and Tomcat used by IBM Maximo Data Loader (CVE-2023-24998)

Summary There is a security vulnerability in Apache Commons FileUpload and Tomcat used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to b...

Fedora 37 : yarnpkg (2023-86d75130fe)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-86d75130fe advisory. Apply fix for CVE-2022-37603. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-41854)

Summary There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-41854 DESCRIPTION: snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a...

IcedID Malware Shifts Focus from Banking Fraud to Ransomware Delivery

Multiple threat actors have been observed using two new variants of the IcedID malware in the wild with more limited functionality that removes functionality related to online banking fraud. IcedID, also known as BokBot, started off as a banking trojan in 2017. It's also capable of delivering...

APCLdr - Payload Loader With Evasion Features

Payload Loader With Evasion Features. Features: no crt functions imported indirect syscalls using HellHall api hashing using CRC32 hashing algorithm payload encryption using rc4 - payload is saved in .rsrc Payload injection using APC calls - alertable thread Payload execution using APC - alertabl...

CVE-2023-1570

A vulnerability, which was classified as problematic, has been found in syoyo tinydng. Affected by this issue is the function interceptormemcpy of the file tinydngloader.h. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been...

Gozi Malware Spreads through Fake Italian Revenue Agency Email Campaign

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fake Italian Revenue Agency email campaign tricks victims into downloading a malicious attachment that installs Gozi, a binary that bypasses Italys geofencing and creates a loader process on the victim...

syoyo tinydng 安全漏洞

syoyo tinydng is a loader and writer library by the individual developer Syoyo Fujita. A security vulnerability exists in syoyo tinydng, which stems from a problem with the function interceptormemcpy in the file tinydngloader.h, which can lead to a heap-based buffer overflow...

PT-2023-17086 · Unknown · Syoyo Tinydng

Name of the Vulnerable Software and Affected Versions: syoyo tinydng affected versions not specified Description: A problematic issue has been found, affecting the interceptor memcpy function of the file tiny dng loader.h. This leads to a heap-based buffer overflow. Local access is required for a...

DEBIAN-CVE-2023-24180

Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmaploader.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted elf file...